Presentation is loading. Please wait.

Presentation is loading. Please wait.

EFDA Federation PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme,

Similar presentations


Presentation on theme: "EFDA Federation PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme,"— Presentation transcript:

1 EFDA Federation PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme, J.M. Theis, P. Lebourg, H. Fernandes, A. Neto, A. Duarte, F. Oliveira, F. Reis, K. Purahoo, K Thomsen, W. Schiller, J. Kadlecsik

2 EFDA Federation Index  Motivation  Federation as solution  PAPI  PAPI for Federation  EFDA Federation  Future lines

3 EFDA Federation Motivation  Security framework for service access control  Necessity in organizations of sharing resources for collaborative work Transparency Simple management

4 EFDA Federation Federation  Set of organizations sharing resources based on: Trust Policies agreements An Authentication and Authorization system  Requirements Single Sign On Secure Access Users Mobility Simple Management and Scalability Transparency Common tools compatibility

5 EFDA Federation PAPI system  Distributed AA system Authentication Server (AS) Point of Access (PoA) Group Point of Access (GPoA) PAPI Front-End Server  Authentication modules X.509 certificates LDAP SQL Local file

6 EFDA Federation How does it work? HTTP Client Authentication data Authentication Server Encry-cookie S1 Encry-cookie S2 PoA Temporal Signed-URLs Signed-URL Encry-cookie HTTP Server S1 HTTP Server S2 PoA

7 EFDA Federation Group Point of Access  One credential -> Many resources GPoA 1 Point of Access Point of Access Point of Access Point of Access GPoA 2 HTTP Client 1 2

8 EFDA Federation Front-End Service  Easy services integration One XML configuration point PoA GPoA HTTP Server HTTP Service HTTP Server

9 EFDA Federation PAPI for Federation  Fulfills federation requirements Trust among components based on PKI  Client types: Common web browsers JAVA applications (JWS supported)  Standard java library (version > 1.5)  RT-HTTPClient [http://www.innovation.ch/java/HTTPClient/]  jakarta commons-httpclient [http://jakarta.apache.org/commons/httpclient/]  Service types: Web page servers Application servers (example Tomcat) Wiki integration (XWIKI)

10 EFDA Federation PAPI in a Federated Organization

11 EFDA Federation Federation Architecture  Easy management

12 EFDA Federation Federation Mechanism Web browser Authentication Server Federated Serice User Repository Federation GPoA Federated Organization User’s home Organization Federated Serice Federation WAYF ? ?

13 EFDA Federation  Starting decision: meeting 28/11/2006 in JET

14 EFDA Federation Coordination  EFDA wiki site RP -> Authentication and Authorisation Systems  Mail list efda-federation@ciemat.es  EFDA Jabber

15 EFDA Federation Current State  CEA Federated, Attributes, Java Apps EFDA wiki federated !!!  CIEMAT Federated, Attributes, Java Apps  EFDA Federating  HAS/KFKI Federating, Integrating PAPI and Shibboleth  IST Federated, Attributes, Java Apps  JET Federated, Attributes, Java Apps

16 EFDA Federation Future lines  Evaluation of results of PAPI - Shibboleth integration  New authentication mechanisms  New services available in the federation  Agreements on polices  Evaluate new coordinated technologies taking advantage of trust and policy agreement

17 EFDA Federation Thank you for your attention R. Castro, J. Vega, A. Portas, D. R. López, S. Balme, J.M. Theis, P. Lebourg, H. Fernandes, A. Neto, A. Duarte, F. Oliveira, F. Reis, K. Purahoo, K Thomsen, W. Schiller, J. Kadlecsik


Download ppt "EFDA Federation PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme,"

Similar presentations


Ads by Google