Download presentation
Presentation is loading. Please wait.
1
EFDA Federation PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme, J.M. Theis, P. Lebourg, H. Fernandes, A. Neto, A. Duarte, F. Oliveira, F. Reis, K. Purahoo, K Thomsen, W. Schiller, J. Kadlecsik
2
EFDA Federation Index Motivation Federation as solution PAPI PAPI for Federation EFDA Federation Future lines
3
EFDA Federation Motivation Security framework for service access control Necessity in organizations of sharing resources for collaborative work Transparency Simple management
4
EFDA Federation Federation Set of organizations sharing resources based on: Trust Policies agreements An Authentication and Authorization system Requirements Single Sign On Secure Access Users Mobility Simple Management and Scalability Transparency Common tools compatibility
5
EFDA Federation PAPI system Distributed AA system Authentication Server (AS) Point of Access (PoA) Group Point of Access (GPoA) PAPI Front-End Server Authentication modules X.509 certificates LDAP SQL Local file
6
EFDA Federation How does it work? HTTP Client Authentication data Authentication Server Encry-cookie S1 Encry-cookie S2 PoA Temporal Signed-URLs Signed-URL Encry-cookie HTTP Server S1 HTTP Server S2 PoA
7
EFDA Federation Group Point of Access One credential -> Many resources GPoA 1 Point of Access Point of Access Point of Access Point of Access GPoA 2 HTTP Client 1 2
8
EFDA Federation Front-End Service Easy services integration One XML configuration point PoA GPoA HTTP Server HTTP Service HTTP Server
9
EFDA Federation PAPI for Federation Fulfills federation requirements Trust among components based on PKI Client types: Common web browsers JAVA applications (JWS supported) Standard java library (version > 1.5) RT-HTTPClient [http://www.innovation.ch/java/HTTPClient/] jakarta commons-httpclient [http://jakarta.apache.org/commons/httpclient/] Service types: Web page servers Application servers (example Tomcat) Wiki integration (XWIKI)
10
EFDA Federation PAPI in a Federated Organization
11
EFDA Federation Federation Architecture Easy management
12
EFDA Federation Federation Mechanism Web browser Authentication Server Federated Serice User Repository Federation GPoA Federated Organization User’s home Organization Federated Serice Federation WAYF ? ?
13
EFDA Federation Starting decision: meeting 28/11/2006 in JET
14
EFDA Federation Coordination EFDA wiki site RP -> Authentication and Authorisation Systems Mail list efda-federation@ciemat.es EFDA Jabber
15
EFDA Federation Current State CEA Federated, Attributes, Java Apps EFDA wiki federated !!! CIEMAT Federated, Attributes, Java Apps EFDA Federating HAS/KFKI Federating, Integrating PAPI and Shibboleth IST Federated, Attributes, Java Apps JET Federated, Attributes, Java Apps
16
EFDA Federation Future lines Evaluation of results of PAPI - Shibboleth integration New authentication mechanisms New services available in the federation Agreements on polices Evaluate new coordinated technologies taking advantage of trust and policy agreement
17
EFDA Federation Thank you for your attention R. Castro, J. Vega, A. Portas, D. R. López, S. Balme, J.M. Theis, P. Lebourg, H. Fernandes, A. Neto, A. Duarte, F. Oliveira, F. Reis, K. Purahoo, K Thomsen, W. Schiller, J. Kadlecsik
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.