Presentation is loading. Please wait.

Presentation is loading. Please wait.

R. Castro, J. Vega, A. Portas, A. Pereira, S. Balme, A. Duarte,

Published byΚλυταιμνήστρα Ζαχαρίου Modified over 5 years ago

Similar presentations

Presentation on theme: "R. Castro, J. Vega, A. Portas, A. Pereira, S. Balme, A. Duarte,"— Presentation transcript:

1 EFDA-Fed: European federation among fusion energy research laboratories
R. Castro, J. Vega, A. Portas, A. Pereira, S. Balme, A. Duarte, H. Fernandes, J. Kadlecsik, P. Lebourg, A. Neto, F. Oliveira, K. Purahoo, F. Reis, C. Rodriguez, J. Signoret, J. M. Theis, K Thomsen EURATOM/CIEMAT JET CEA EFDA-Fed

2 Index Motivation Federation PAPI as AAI New technical solutions Demo
Federation logout Integration with JAVA applications Demo

3 Motivation

4 Motivation Single Sign On, Secure Access, Users Mobility, Simple Management and Scalability, Transparency, Common tools compatibility

5 Motivation Security framework for services access control
Necessity in organizations of sharing resources Transparency Simple management Requirements Single Sign On Secure Access Users Mobility Simple Management and Scalability Common tools compatibility

6 Federation

7 EFDA Federation Authentication and authorisation infrastructure Trust
PAPI Trust Public Key Coordination and repository centre

8 Federated Organization Federated Organization
How does it work? User Repository Federation GPoA Federation WAYF Federated Organization ? ? Federated Serice Authentication Server Federated Organization Web browser Federated Serice

9 PAPI as AAI: Identity management
Send ID GPoA 1 Authentication Server ID propagation ID propagation Point of Access Point of Access GPoA 2 Point of Access Point of Access

10 PAPI as AAI: GPoA One credential -> Many resources 1 2 GPoA 1
HTTP Client GPoA 1 1 2 GPoA 2 Point of Access Point of Access Point of Access Point of Access

11 PAPI as AAI: Infrastructure architecture
Federation GPoA GPoA AS GPoA AS GPoA AS GPoA PoA GPoA PoA PoA PoA PoA PoA PoA Organisation A Organisation B Organisation C

12 PAPI as AAI: Application level front-end
Easy services integration One XML configuration point HTTP Server GPoA PoA PoA HTTP Service PoA HTTP Server

13 Technical solutions

14 Logout Mechanism Problem: Solution:
Service sessions based on encrypted cookies (created first time the user is authorised) Logout => to disable all session cookies Solution: Only AS registered GPoAs, have not “timeout” cookies Two “timeout” levels: Lcook: Very short fixed timeout Hcook: If close time renewed -> to renew hcook Else -> to climb to GPoA

15 Federated Organization Federated Organization
Logout Mechanism User Repository Federation GPoA Federation WAYF Federated Organization ? Logout ? Federated Serice Authentication Server Logout Federated Organization Web browser Federated Serice

16 Integration with JAVA applications
Adapted CookieModule class of libraries RT-HTTPClient [ jakarta commons-httpclient HTTP lib of jakarta projects XML-RPC integration [ New standard CookieHandler for java > 1.5

17 Integration with JAVA applications
Jakarta common-httpclient RT-HTTPClient Java 1.5 or above CookieHandler CookieModule CookieModule CookiesDB JAVA Bercley DB

18 JAVA PAPI Runner Compatible with JWS Transparent for JAVA application
NOT recompilation required GPoA PAPI Runner JAVA App CookieHandler PoA Cookies DB HTTP Resource

19 Demo

20 Thank you for your attention
R. Castro, J. Vega, A. Portas, A. Pereira, S. Balme, A. Duarte, H. Fernandes, J. Kadlecsik, P. Lebourg, A. Neto, F. Oliveira, K. Purahoo, F. Reis, C. Rodriguez, J. Signoret, J. M. Theis, K Thomsen EFDA-Fed

Download ppt "R. Castro, J. Vega, A. Portas, A. Pereira, S. Balme, A. Duarte,"

Similar presentations

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.

Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
Testing Web Applications & Services Testing Web Applications & Web Services.

Testing Web Applications & Services Testing Web Applications & Web Services.
CLARIN AAI, Web Services Security Requirements

CLARIN AAI, Web Services Security Requirements
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Architecture & Integration: CP v3.1. 3.x Platforms: Windows NT sp5(6a)/Solaris 2.8 iWS Client(s) Netscape/IE 4.0+ Java Servlet Engine (Java Servlet API)

Architecture & Integration: CP v x Platforms: Windows NT sp5(6a)/Solaris 2.8 iWS Client(s) Netscape/IE 4.0+ Java Servlet Engine (Java Servlet API)
EFDA Federation PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme,

EFDA Federation PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme,
PKI Single Sign On & Auto Provisioning Frank Siebenlist (ANL) Rachana Ananthakrishnan (ANL) Charles Bacon (ANL)

PKI Single Sign On & Auto Provisioning Frank Siebenlist (ANL) Rachana Ananthakrishnan (ANL) Charles Bacon (ANL)
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
The EC PERMIS Project David Chadwick

The EC PERMIS Project David Chadwick
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.

Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.

M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
ASP.NET Web API. ASP.NET Members MS Open Source ASP.NET MVC 4, ASP.NET Web API and ASP.NET Web Pages v2 (Razor) now all open source ASP.NET MVC 4, ASP.NET.

ASP.NET Web API. ASP.NET Members MS Open Source ASP.NET MVC 4, ASP.NET Web API and ASP.NET Web Pages v2 (Razor) now all open source ASP.NET MVC 4, ASP.NET.

Similar presentations

Ads by Google