Presentation is loading. Please wait.

Presentation is loading. Please wait.

Extending Authentication to Members of Social Networks

Similar presentations


Presentation on theme: "Extending Authentication to Members of Social Networks"— Presentation transcript:

1 Extending Authentication to Members of Social Networks
The Grid Goes “Social” Extending Authentication to Members of Social Networks Dr. Marco Fargetta(1), Mr. Riccardo Rotondo(2,*), Prof. Roberto Barbera(3,4) (1) Consorzio COMETA, Catania, Italy (2) Consortium GARR, Rome, Italy (3) Department of Physics and Astronomy of the University of Catania, Italy (4) INFN – National Institute of Nuclear Physics, Division of Catania, Italy (*)

2 Outline Identity Federation (IF) Why Social Federation
Grid enabled IF Why Social Federation Social Grid Authentication Authorisation Conclusions & Outlook EGICF 2012, Munich

3 Identity Federation (IF)
In the web technology arena many approaches are available to federate authentication A standard provided by OASIS defines the Security Assertion Markup Language (SAML) Several tools are available, e.g.: Shibboleth SimpleSAMLphp Organisations can rely on traditional tools to manage users: LDAP, CAS, plain text, etc. Free and Open Source EGICF 2012, Munich

4 Identity Federations in the world (https://refeds.org)
EGICF 2012, Munich

5 Enabling Grid to Federations
Grid services are starting to be integrated in community-dedicated web portals; Referred to as Science Gateways The distributed/cross-domain nature of Grid requires strong security mechanisms Users struggle to comply with complex security rules: Get & manage digital certificates, create proxy, update credentials and so on Some institutions want to maintain the control of their own users’ authentication EGICF 2012, Munich

6 Federated Grid User ? Science Gateway EGICF 2012, Munich

7 Identity provided federated
{ idp1, idp2, … idPN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } EGICF 2012, Munich

8 Federated Grid User Science Gateway EGICF 2012, Munich

9 Number of users in … EGICF 2012, Munich

10 Why Social Federation Federated identities are only a subset of potential users Users can work in non-federated institutions IDP can be not included in supported federations Mash-up Grid and social tools could be useful for many users and special applications Outreach of science organizations to broader communities “Citizen scientist” to government services Freely accessible repositories (e.g. of cultural heritage) where one wants to profile visitors E-collaboration using social facilities/tools in the same page user performs e-research Grid-based activities EGICF 2012, Munich

11 Social Grid Authentication
Social services are grouped in a special IdP Included in our “catch-all” federation GrIDP Users have the same account even they access with different credentials, either social or federated Each account can register a list of user s and these are used for identification EGICF 2012, Munich

12 Federated Grid User Science Gateway EGICF 2012, Munich

13 For more information watch the video
The Social Networks’ Bridge Identity Provider ( For more information watch the video EGICF 2012, Munich

14 Authorisation (1/2) Technically a social IDP has same security mechanisms of other IDP but user identity are not generally verified Social user requires a stronger control on the authorisation A preliminary identity control is requested Users from Social Networks can not automatically access resources An authorisation request is mandatory The authorisations process does not use SAML A central server maintains authorisation assertions An OpenLDAP server is used EGICF 2012, Munich

15 Authorisation (2/2) To be authorised, users have to provide verifiable information E.g., an address of an official organisation Name and available in institutional pages Users registered in a federation don’t need to specify an official mail. Users can own both federated and social credentials enabled for authorisation. Information is verified by the portal administrators who decide to accept/reject the request EGICF 2012, Munich

16 Conclusions Support of both federated and social users enables the access to Science Gateways to a very large audience AuthN/AuthZ complies with Grid strict control on users Outlook Other social services to be integrated E.g., Twitter, LinkedIn, etc. A test case for the SG integration within a social service is under development Provide a mechanism helping SPs to identify trusted users A trusted user is one who has been already verified. Users should be filtered from the IDP or the SP using additional SAML attributes EGICF 2012, Munich

17 Thank you for your kind attention
EGICF 2012, Munich


Download ppt "Extending Authentication to Members of Social Networks"

Similar presentations


Ads by Google