Presentation is loading. Please wait.

Presentation is loading. Please wait.

EFDA Federation PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "EFDA Federation PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme,"— Presentation transcript:

1 EFDA Federation PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme, J.M. Theis, P. Lebourg, H. Fernandes, A. Neto, A. Duarte, F. Oliveira, F. Reis, K. Purahoo, K Thomsen, W. Schiller, J. Kadlecsik

2 EFDA Federation Index  Motivation  Federation as solution  PAPI  PAPI for Federation  EFDA Federation  Future lines

3 EFDA Federation Motivation  Security framework for service access control  Necessity in organizations of sharing resources for collaborative work Transparency Simple management

4 EFDA Federation Federation  Set of organizations sharing resources based on: Trust Policies agreements An Authentication and Authorization system  Requirements Single Sign On Secure Access Users Mobility Simple Management and Scalability Transparency Common tools compatibility

5 EFDA Federation PAPI system  Distributed AA system Authentication Server (AS) Point of Access (PoA) Group Point of Access (GPoA) PAPI Front-End Server  Authentication modules X.509 certificates LDAP SQL Local file

6 EFDA Federation How does it work? HTTP Client Authentication data Authentication Server Encry-cookie S1 Encry-cookie S2 PoA Temporal Signed-URLs Signed-URL Encry-cookie HTTP Server S1 HTTP Server S2 PoA

7 EFDA Federation Group Point of Access  One credential -> Many resources GPoA 1 Point of Access Point of Access Point of Access Point of Access GPoA 2 HTTP Client 1 2

8 EFDA Federation Front-End Service  Easy services integration One XML configuration point PoA GPoA HTTP Server HTTP Service HTTP Server

9 EFDA Federation PAPI for Federation  Fulfills federation requirements Trust among components based on PKI  Client types: Common web browsers JAVA applications (JWS supported)  Standard java library (version > 1.5)  RT-HTTPClient [http://www.innovation.ch/java/HTTPClient/]  jakarta commons-httpclient [http://jakarta.apache.org/commons/httpclient/]  Service types: Web page servers Application servers (example Tomcat) Wiki integration (XWIKI)

10 EFDA Federation PAPI in a Federated Organization

11 EFDA Federation Federation Architecture  Easy management

12 EFDA Federation Federation Mechanism Web browser Authentication Server Federated Serice User Repository Federation GPoA Federated Organization User’s home Organization Federated Serice Federation WAYF ? ?

13 EFDA Federation  Starting decision: meeting 28/11/2006 in JET

14 EFDA Federation Coordination  EFDA wiki site RP -> Authentication and Authorisation Systems  Mail list efda-federation@ciemat.es  EFDA Jabber

15 EFDA Federation Current State  CEA Federated, Attributes, Java Apps EFDA wiki federated !!!  CIEMAT Federated, Attributes, Java Apps  EFDA Federating  HAS/KFKI Federating, Integrating PAPI and Shibboleth  IST Federated, Attributes, Java Apps  JET Federated, Attributes, Java Apps

16 EFDA Federation Future lines  Evaluation of results of PAPI - Shibboleth integration  New authentication mechanisms  New services available in the federation  Agreements on polices  Evaluate new coordinated technologies taking advantage of trust and policy agreement

17 EFDA Federation Thank you for your attention R. Castro, J. Vega, A. Portas, D. R. López, S. Balme, J.M. Theis, P. Lebourg, H. Fernandes, A. Neto, A. Duarte, F. Oliveira, F. Reis, K. Purahoo, K Thomsen, W. Schiller, J. Kadlecsik

Download ppt "EFDA Federation PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme,"

Similar presentations

Open-source Single Sign-On with CAS (Central Authentication Service)

Open-source Single Sign-On with CAS (Central Authentication Service)
Data Management Expert Panel - WP2. WP2 Overview.

Data Management Expert Panel - WP2. WP2 Overview.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.

Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
PKI Single Sign On & Auto Provisioning Frank Siebenlist (ANL) Rachana Ananthakrishnan (ANL) Charles Bacon (ANL)

PKI Single Sign On & Auto Provisioning Frank Siebenlist (ANL) Rachana Ananthakrishnan (ANL) Charles Bacon (ANL)
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
The EC PERMIS Project David Chadwick

The EC PERMIS Project David Chadwick
HOUSe-KEEPER, a vendor-independent architecture for easy management of smart homes Jm Seigneur MSc NDS dissertation project supervised by Mr Alexis Donnelly.

HOUSe-KEEPER, a vendor-independent architecture for easy management of smart homes Jm Seigneur MSc NDS dissertation project supervised by Mr Alexis Donnelly.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March 3. 2008.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure from the Most Trusted Name in e-Security.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
VIVO Multi-site search Structure and function overview.

VIVO Multi-site search Structure and function overview.

Similar presentations

Ads by Google