Presentation is loading. Please wait.

Presentation is loading. Please wait.

Widely Distributed Access Management Tom Barton University of Chicago.

Published byJune Jenkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Widely Distributed Access Management Tom Barton University of Chicago."— Presentation transcript:

1 Widely Distributed Access Management Tom Barton University of Chicago

2 An Everyday Problem People would like to use the collaboration tools available to them to collaborate with whom they choose –Can we do better than email attachments?

3 Email as Collaboration Platform Pros –Connects arbitrary sets of collaborators –Shares any type of file (ok, some limits) –Self access management Cons –Insecure –Limited capabilities –Reduces productivity more than pot-smoking

4 Campus Collaboration Scenario UC faculty/staff self-initialize collaboration space to work with others internal & external to UC on focused activities –Email list; protected file share; private wiki or web space; specialized compute or data services –Initiator-identified collaborators –Both campus and external participants administer shared collaboration resources

5 Requirements for Campus Collaboration Scenario Authenticate campus and external participants Self-creation of collaboration group by authorized campus people Delegation of selective admin privileges to campus & non- campus people Integration of collaboration services with above (centrally operated & not)

6 Service Provider Scenario An organization provides collaboration services to a population of users –Think Internet2 and its working groups –Or a Science Gateway Additional requirement: An initial delegation step, since self- initialization may not be appropriate

7 Solution Elements Distributed access management tools (Grouper & Signet) A DB for housing identifiers, memberships & privileges for collaboration participants Single locus at which to configure federated SSO (support for internal + external authentication) Architecture that adds collaboration attributes (identifiers, memberships, privileges) to authentication context and passes along to collaboration services

8 Collaboration Connector An integration architecture with all solution elements Proxy IdP –“IdP” = “Identity Provider” ala SAML and Shibboleth –Provides SSO and Attributes to integrated services –“Proxy” because collaboration attributes must be added to externally-sourced ones

9 1 2 3 4 6 5,7

10 Examples MyVocs + GridShib –My Virtual Organization Collaboration Service –Improvement of user registration, access management, service registration needed Dorian + Grid Grouper –caBIG’s caGrid security infrastructure –Needs adaptation to be more generally deployable Almost all needed elements exist to be integrated into a “Collaboration Connector in-a-box”

11 Is it Better Than Email? Pros Email Connects arbitrary sets of collaborators Shares any type of file (ok, some limits) Self access management Collaboration Connector Yes, with federated authentication Yes, whatever the collaboration services provide Yes

12 Is it Better Than Email? Cons Email Insecure Limited capabilities Reduces productivity more than pot-smoking Collaboration Connector Secure Specialized capabilities We’ll have to do a study!

Download ppt "Widely Distributed Access Management Tom Barton University of Chicago."

Similar presentations

GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.

GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.
Federated Identity for Grid Architects Tom Scavo NCSA

Federated Identity for Grid Architects Tom Scavo NCSA
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.

Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
NSF Middleware Initiative: GridShib Tom Barton University of Chicago.

NSF Middleware Initiative: GridShib Tom Barton University of Chicago.
Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo

Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.

Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.

Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.

I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
GridShib Grid-Shibboleth Integration Von Welch, Tom Barton, Kate Keahey, Frank Siebenlist GlobusWORLD 2005.

GridShib Grid-Shibboleth Integration Von Welch, Tom Barton, Kate Keahey, Frank Siebenlist GlobusWORLD 2005.
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

Similar presentations

Ads by Google