Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing a Place in History: Authentication, Authorization, and Platform Integration for the Fortunoff Video Archive of Holocaust Testimonies Steelsen.

Published byArchibald Quinn Modified over 6 years ago

Similar presentations

Presentation on theme: "Securing a Place in History: Authentication, Authorization, and Platform Integration for the Fortunoff Video Archive of Holocaust Testimonies Steelsen."— Presentation transcript:

1 Securing a Place in History: Authentication, Authorization, and Platform Integration for the Fortunoff Video Archive of Holocaust Testimonies Steelsen S. Smith and Melissa A. Wisner

2 Session Agenda Quick introduction to FVA, Aeon and Kaltura
Project Overview: Guiding Principles, Platforms in Place, and Current Constraints A walk through the request and access process Breaking out the technical integration

3 Fortunoff Video Archive
FVA historically accessible on VHS cassettes stored securely on-site at YUL MSSA Project to migrate VHS to a digital format still in process Recording and collection of these testimonies began over thirty years ago Archive contains more than 10,000 recorded hours

4 Aeon Aeon in use at YUL-Beinecke and MSSA since 2011
Effective tool for special collections request management User database effective for reading room management Evolving physical to digital access model introduces different request, delivery and reuse needs, and in current release Aeon begins to show a less effective reach for managing these needs

5

6

7 Kaltura

8 The situation… Three self-contained systems No existing integration
No new (large) solutions I’ll be using my time to address some of the technical aspects of implementation and how we made the project happen on the back end. Fundamentally we’ve got

9 The situation… Three self-contained systems No existing integration
No new (large) solutions I’ll be using my time to address some of the technical aspects of implementation and how we made the project happen on the back end. Fundamentally we’ve got

10 The actors… Aeon (no API) Kaltura (short features)
Drupal (regulated instance) I’ll be using my time to address some of the technical aspects of implementation and how we made the project happen on the back end. Fundamentally we’ve got

11 The actors… Aeon (no API) Kaltura (short features)
Drupal (regulated instance) I’ll be using my time to address some of the technical aspects of implementation and how we made the project happen on the back end. Fundamentally we’ve got

12 The minimum… Authenticate users in Aeon Authorize videos through Aeon
Kaltura streams video Drupal glues the pieces I’ll be using my time to address some of the technical aspects of implementation and how we made the project happen on the back end. Fundamentally we’ve got

13 The minimum… Authenticate users in Aeon Authorize videos through Aeon
Kaltura streams video Drupal glues the pieces I’ll be using my time to address some of the technical aspects of implementation and how we made the project happen on the back end. Fundamentally we’ve got

14 Discovery, Aeon, Kaltura and Drupal
Library Online Catalog Links to requesting interface Interfaces OpenURL Aeon Request form for patrons Tracking interface Staff form for approvals Web forms Kaltura Streaming services Storage services Web APIs Drupal Content hosting Pre-made environment “Modules” I’ll be using my time to address some of the technical aspects of implementation and how we made the project happen on the back end. Fundamentally we’ve got

15 Discovery, Aeon, Kaltura and Drupal
Library Online Catalog Links to requesting interface Interfaces OpenURL Aeon Request form for patrons Tracking interface Staff form for approvals Web forms Kaltura Streaming services Storage services Web APIs Drupal Content hosting Pre-made environment “Modules” I’ll be using my time to address some of the technical aspects of implementation and how we made the project happen on the back end. Fundamentally we’ve got

16 Discovery, Aeon, Kaltura and Drupal
Guiding Principles Use standards Use web services Make it reusable What’s available? OpenURL Drupal “Modules” Kaltura’s API

17 Discovery, Aeon, Kaltura and Drupal
Guiding Principles Use standards Use web services Make it reusable What’s available? OpenURL Drupal “Modules” Kaltura’s API

18 Discovery, Aeon, Kaltura and Drupal
Guiding Principles Use standards Use web services Make it reusable What do we add? Authentication CAS? OpenID? Local? LDAP? Restrictions (Authorization) Claims? Enumerated? AD?

19 Discovery, Aeon, Kaltura and Drupal
Guiding Principles Use standards Use web services Make it reusable What do we add? Authentication CAS? OpenID? Local? LDAP? Restrictions (Authorization) Claims? Enumerated? AD?

20 The Request Process End to End

21 The Request Process End to End

22 The Request Process End to End

23 The Request Process End to End

24 The Request Process End to End
After curator approval, an is generated via Aeon containing the link to the authorized testimony The link will also appear in the Aeon request grid Users will be directed to the Fortunoff Drupal site

25 Video Sample Not Authorized for Release

26 Discovery, Aeon, Kaltura and Drupal
Authenticate AEON OpenURL Drupal Kaltura Authorize Based on the preceding you want the simplified interoperation to look something like this

27 Discovery, Aeon, Kaltura and Drupal
Authenticate AEON OpenURL Drupal Kaltura Authorize Based on the preceding you want the simplified interoperation to look something like this

28 Discovery, Aeon, Kaltura and Drupal
Authentication: Identity on OAuth 2 Widely used Easily consumed FOSS implementations available Meets most of the standards on our guiding principles page – standard, reusable, implemented as a web service

29 Discovery, Aeon, Kaltura and Drupal
Authorization: Custom Provider Group policy inadequate Aeon status (plus) as control Audit log Extend Aeon – for multiple projects Authorization is muddy because we don’t want to add information to the object’s metadata every time there’s a change. Access decisions are also made more often an more quickly than something controlled by AD would typically be. Aeon not designed for digital object approval.

30 Discovery, Aeon, Kaltura and Drupal
Authenticate AEON OpenURL Drupal Kaltura Authorize So what we think looks like this

31 Discovery, Aeon, Kaltura and Drupal
Authenticate AEON OpenURL Drupal Kaltura Authorize So what we think looks like this

32 Discovery, Aeon, Kaltura and Drupal
Custom Aeon API Restriction Service Discovery Identity Provider OpenURL OpenID Connect Dir. DB HTTPS Ends up looking more like this. Briefly mention how each part corresponds to ideas from before.

33 About Authentication Details of openID connect. Remember, it’s a protocol, this is just one implementation. This is known as the authorization code flow, implicit flow is similar but the application is purely in-browser so no secure client secret can be stored and no refresh token is issued. Hybrid is a merger of the two.

34 About Authentication Reusability Simplified identity management
Linking to existing SSO (CAS) Drupal Kaltura Aeon Custom Aeon API Restriction Service Discovery Identity Provider OpenURL OpenID Connect Dir. DB HTTPS Drupal Kaltura Aeon Custom Aeon API Restriction Service Discovery Identity Provider OpenURL OpenID Connect Dir. DB HTTPS We’re moving primary identity management out of Aeon – this makes it available to other applications in a commonly recognized way vs. hacking together an OpenID connect interface to an application’s native user database.

35 About Authorization: Exposing Aeon
Creative queues WebAPI scaffolding for rapid development Service oriented architecture What are the risks? Drupal Kaltura Aeon Custom Aeon API Restriction Service Discovery Identity Provider OpenURL OpenID Connect Dir. DB HTTPS Aeon only exposes web interfaces that can be consumed by other Atlas (vendor) products. We therefore need to implement something ourselves. Means we’re on our own for upgrades and whatnot.

36 About Authorization: Standardizing
API is a base for other application Restrictions normalized for use across services Single application – many collections How does it grow? Drupal Kaltura Aeon Custom Aeon API Restriction Service Discovery Identity Provider OpenURL OpenID Connect Dir. DB HTTPS

37 About Authorization: Securing
Metadata is sensitive too Ensure reusability – SOA gateway Client certificates for servers Drupal Kaltura Aeon Custom Aeon API Restriction Service Discovery Identity Provider OpenURL OpenID Connect Dir. DB HTTPS Layer7 (CA API Tools – Web Service Gateway). If the services are hard to get to then the architecture is defeated. Still need to be secure – you can figure out a lot about the content from the authorization information.

38 Remaining Work Update to the Aeon API
Link to API gateway / finalize security Merge login interfaces Finish transcoding VHS tapes Designing new request forms and web pages in Aeon Updating metadata in discovery layer Soft rollout anticipated Summer 2015 Migrate metadata from AT to AS Winter 2016 Already an upgrade, API gateway set up is in progress, the existing Aeon login interface needs to be dropped in favor of the new one (major UI shift)

39 Recap An identity provider unifies login An Aeon API abstracts access
A restriction service links Aeon to Kaltura A user clicks the link, goes to Drupal OpenID connect is used, identity confirmed Before the Kaltura module will play it uses the restrictions service to confirm access Authentication information is stored in a user repository, authorization information in a transaction repository, metadata stays uncontaminated. Background for questions?

40 Thanks for stopping by! Remember to complete your evaluation forms by April 17! Detailing the Authentication Steps SSS- Summary of OpenID connect? Summary of APIs exposed for authr and security requirements for their access Expected behavior of Drupal site and Kaltura Remaining Development and Decisions Key tasks remaining Timeframe The soft rollout/early partners? The yogurt in the fridge is mine!

Download ppt "Securing a Place in History: Authentication, Authorization, and Platform Integration for the Fortunoff Video Archive of Holocaust Testimonies Steelsen."

Similar presentations

Oracle IDM at First National Bank

Oracle IDM at First National Bank
1. The Digital Library Challenge The Hybrid Library Today’s information resources collections are “hybrid” Combinations of - paper and digital format.

1. The Digital Library Challenge The Hybrid Library Today’s information resources collections are “hybrid” Combinations of - paper and digital format.
UNIT-e Research & Development Microsoft Technology Day Stephen Cain (System Architect)

UNIT-e Research & Development Microsoft Technology Day Stephen Cain (System Architect)
1 The IIPC Web Curator Tool: Steve Knight The National Library of New Zealand Philip Beresford and Arun Persad The British Library An Open Source Solution.

1 The IIPC Web Curator Tool: Steve Knight The National Library of New Zealand Philip Beresford and Arun Persad The British Library An Open Source Solution.
The Online Library Environment Projects and Challenges at The University of Alabama Libraries Jason J. Battles Head, Web Services Department.

The Online Library Environment Projects and Challenges at The University of Alabama Libraries Jason J. Battles Head, Web Services Department.
Microsoft ASP.NET AJAX - AJAX as it has to be Presented by : Rana Vijayasimha Nalla CSCE Grad Student.

Microsoft ASP.NET AJAX - AJAX as it has to be Presented by : Rana Vijayasimha Nalla CSCE Grad Student.
WORKDAY TECHNOLOGY Stan Swete CTO - Workday 1.

WORKDAY TECHNOLOGY Stan Swete CTO - Workday 1.
Getting Started with Windows Communication Foundation 4.5 Ed Jones, MCT, MCPD, MCTS Consultant RBA Inc.

Getting Started with Windows Communication Foundation 4.5 Ed Jones, MCT, MCPD, MCTS Consultant RBA Inc.
Federated Searching Pre-Conference Workshop - The federated searching cookbook Qin Zhu HP Labs Research Library February 18, 2007.

Federated Searching Pre-Conference Workshop - The federated searching cookbook Qin Zhu HP Labs Research Library February 18, 2007.
Kyle Rimkus Digital Projects Librarian Cheryl Gowing Director, Information Management & Systems September 22, 2010 University of Miami Digital Initiatives.

Kyle Rimkus Digital Projects Librarian Cheryl Gowing Director, Information Management & Systems September 22, 2010 University of Miami Digital Initiatives.
CONNECT as an Interoperability Platform - Demo. Agenda Demonstrate CONNECT “As an Evolving Interoperability Platform” –Incremental addition of features.

CONNECT as an Interoperability Platform - Demo. Agenda Demonstrate CONNECT “As an Evolving Interoperability Platform” –Incremental addition of features.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Chapter 1 Overview of Databases and Transaction Processing.

Chapter 1 Overview of Databases and Transaction Processing.
© 2012 Cisco and/or its affiliates. All rights reserved. CDN-4698 Cisco Public Collaboration Enabled Business Transformation (CEBT) Integration Platform.

© 2012 Cisco and/or its affiliates. All rights reserved. CDN-4698 Cisco Public Collaboration Enabled Business Transformation (CEBT) Integration Platform.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Trimble Connected Community

Trimble Connected Community
Www.regouniversity.com Clarity Educational Community Get the Results You Need When You Need Them Transitioning to CA PPM On Demand Presented by: Joshua.

Clarity Educational Community Get the Results You Need When You Need Them Transitioning to CA PPM On Demand Presented by: Joshua.
OHT 11.1 © Marketing Insights Limited 2004 Chapter 9 Analysis and Design EC Security.

OHT 11.1 © Marketing Insights Limited 2004 Chapter 9 Analysis and Design EC Security.
Indo-US Workshop, June23-25, 2003 Building Digital Libraries for Communities using Kepler Framework M. Zubair Old Dominion University.

Indo-US Workshop, June23-25, 2003 Building Digital Libraries for Communities using Kepler Framework M. Zubair Old Dominion University.
Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id: 40112.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

Similar presentations

Ads by Google