Presentation is loading. Please wait.

Presentation is loading. Please wait.

LIGO Identity and Access Management

Published byLenard Caldwell Modified over 6 years ago

Similar presentations

Presentation on theme: "LIGO Identity and Access Management"— Presentation transcript:

1 LIGO Identity and Access Management
Technical Overview

2 The Problem The LIGO Scientific Collaboration is comprised of over 900 scientists from 22 nations on five continents. Application domains we serve: - web: wikis, document database, etc - grid computing (Globus toolkit - X.509) - collaboration tools: lists, etc. - others: code repositories, custom apps,

3 The Requirements Provide single sign-on solution (SSO) across application domains for LIGO users. Provide seamless onboarding for users when the join LIGO. Provide Identity Management platform for management with reporting functions. Provide redundancy and failover so that interferometer sites can operate independently from central infrastructure.

4 The Components Core components to infrastructure: - myLIGO: user registry. PHP and MySQL. - LDAP: directory store and attribute authority. - Kerberos: credential store and authentication. Auxiliary component: - Grouper: creates ACL groups in LDAP. - Shibboleth: provides SSO web authN/Z. - CILogon: converts kerberos authN into grid certificate.

5 Component Layers

6 Core Redundancy

7 Application Domains: Web
Shibboleth SSO across ligo.org domain. Five IdPs, ~125 SPs in metadata. Federated with InCommon. Uses LIGO.ORG realm KDC as credential store. Uses ligo.org LDAP as attribute authority.

8 Application Domains: Web

9 Application Domains: Grid
Based on SAML ECP and CILogon ( User gets SAML assertion from LIGO IdP Pass certificate DN and authentication assertion to CILogon SP. Short-lived certificate and grid compliant proxy are issued by CILogon CA.

10 Application Domains: Grid

11 Application Domains: Other Services
Other LIGO services also leverage LIAM infrastructure for AuthN/Z: - Mailing list subscribers stored as groups in LDAP, managed with grouper. - SVN and GIT repositories authenticate against kerberos. - Custom applications like NDS2 authenticate against kerberos.

12 Directions LIAM is moving toward leveraging federated identities for authentication of internal and external collaborators LIGO was an early InCommon member. - LIGO is a key contributor to developing COManage (Internet2 federated collaboration management platform). - LIGO is playing leading role in international inter-federation efforts.

13 LIGO and the IAM Community
LIGO is a leader in identity management for large virtual research organizations: - many invited talks every year on how we do IAM. - early members of Shibboleth Consortium. - invited to serve on various advisory panels, committees, etc

Download ppt "LIGO Identity and Access Management"

Similar presentations

Federated Identity for Grid Architects Tom Scavo NCSA

Federated Identity for Grid Architects Tom Scavo NCSA
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.

Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.

A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Federated Identity for Scientific Collaborations: Policy Issues Jim Basney 2 nd Workshop on Federated Identity Systems for Scientific.

Federated Identity for Scientific Collaborations: Policy Issues Jim Basney 2 nd Workshop on Federated Identity Systems for Scientific.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.
NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.

NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.

Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.
InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb

InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
BfB: Supporting Collaboration with Infrastructure.

BfB: Supporting Collaboration with Infrastructure.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

Similar presentations

Ads by Google