Presentation is loading. Please wait.

Presentation is loading. Please wait.

11-July-2011, SURFnet Heather Flanagan, COmanage Project Coordinator Benn Oshrin, COmanage Developer Scott Koranda, U. Wisconsin – Milwaukee and LIGO.

Published byChester Hampton Modified over 9 years ago

Similar presentations

Presentation on theme: "11-July-2011, SURFnet Heather Flanagan, COmanage Project Coordinator Benn Oshrin, COmanage Developer Scott Koranda, U. Wisconsin – Milwaukee and LIGO."— Presentation transcript:

1 11-July-2011, SURFnet Heather Flanagan, COmanage Project Coordinator Benn Oshrin, COmanage Developer Scott Koranda, U. Wisconsin – Milwaukee and LIGO

2 COmanage is: A Collaboration Management Platform (CMP) that consists of: An identity management system specifically designed for virtual organizations focused on collaboration (aka, a collaborative organization) Domesticated applications to encourage collaboration A template for federations to create their own service instances

3 Attributes – Identifying bits of information that can be used for access control or to inform an application Collaboration Management Platform (CMP) – COmanage, SURFconext Domesticated Applications – Apps that can externalize authentication, group management, and authorization, and otherwise use the attributes provided by the infrastructure When the application needs to know more than identity (just groups, affiliations, other) and accepts the data from an external source, then we’re talking about domestication Federation – “Authenticate locally, act globally” Virtual Organization – A group of individuals from multiple institutions that share common resources primarily via internet-enabled technologies. Definitions

4

5 Domestication of applications Why? Ease of use experience Ease of user management Obvious targets: wikis, mailing lists Domain science targets: SSH, non-web apps Specific requests from engaged VO Foswiki: http://foswiki.org Moin: http://moinmo.in/ DokuWiki: http://www.dokuwiki.org/dokuwiki RT: http://bestpractical.com/rt/ DocDB: http://docdb-v.sourceforge.net/http://foswiki.orghttp://moinmo.in/http://www.dokuwiki.org/dokuwikihttp://bestpractical.com/rt/http://docdb-v.sourceforge.net/

6 Authentication Federated authentication is fundamental to any collaboration management platform (CMP) No new wheels here – use the information back at the home institution for authentication and other information By using federated authentication tools, you get more than just single sign on – attributes may come along to help inform group management

7 Group management Use of groups is a powerful tool in collaboration and access control Groups may be created by an admin or a researcher – what do you need? Groups may be automatically populated based on certain criteria Automatic deprovisioning out of groups is required

8 Provisioning and De-provisioning Goal: use the information as managed by each home institution to indicate whether a researcher is still there, or not, and provision, or deprovision, from that information No waiting for X.509 certificate expiration Profiles are starting to come in to play Is this researcher interested in a particular area of research? If it is in his or her profile, then provide automatic access to the data

9 Quick History of COmanage Project started about 4 years ago First iteration = very very simple, proof of concept Second iteration = less simple, but created without significant VO input Third iteration = CMP in a Box! Nice idea, difficult to implement Current iteration = built on actual requirements from actual VO

10 Why Does a VO need an CMP? Provides a platform to consolidate the identity information of VO participants from the various home institutions, and Links identity back to the collaboration tools (mailing lists, wikis, domain science apps) automatically. The burden of tracking identity and authorization is off the researchers… but they can still easily report on it back to their granting agencies. With a full set of domesticated apps in the CMP, provisioning and deprovisioning happen with little to no effort on the part of the researcher or even their IT staff.

11 Challenges reported from VO The attribute problem – what’s automatically available? – Enter in: InCommon, SURFfederatie, and other federations Social identity and LoA – Different VO want to treat people differently based on how they are authenticating, and yet, technically the LoA is not different (LoA 1)

12 Cont’d Domesticating applications – “the nice thing about standards…” – Broader VO issues around who can license software for the VO – Need more than just web-based tools https://wiki.surfnetlabs.nl/display/domestication/O verview

13 One more… CMP across federations – Should federation be a requirement? – Does a CMP have to be an IdP? – Should there be a common VO schema? – What metadata needs to be shared between CMP?

14 VO use cases LIGO – Large VO with collaborators and partner VO around the world – Goal is hard science, focused on results from a set of large instruments – A poster child for challenging identity management – Already seeing improvements in collaboration and research interaction thanks to tools that know who they are without them having to ask

15 VO use cases, cont’d iPlant Collaborative – Large VO with collaborators around the world – Focus are several “Grand Challenges” around plant biology, with a continuing theme of community outreach – Expect thousands of participants, but how they are authenticated and registered in the system dictate what data they can see and use – Domesticated app, especially storage, is a Big Deal

16 Role of the Federation Can the federation assist with the licensing problem? Can the federation mandate attribute release policies? Is the CMP a good service offering for federations to provide to their constituency?

17 Things we have learned Domesticated technologies are good – But researchers are still learning about them Federations are good – But researchers are still learning about them CMP are good – But researchers are still learning about them Researchers don’t want to talk to IT – how to bridge that gap?

18 How to reach out to research? Start with a single research group, work with them closely – Researchers will gossip in their field, and fields overlap Don’t surprise central IT – Keep getting the word out to central IT players; they will know what to do when Dr. Brilliant demands a CMP for his VO by tea time

19 Roadmap Roadmap regularly updated in Jira – https://bugs.internet2.edu/jira/browse/CO https://bugs.internet2.edu/jira/browse/CO Highlights: – Next 12 months includes releases.2 through.6 Enrollment workflows Group and profile management Identity Provider “of last resort”

20 The 80/20 rule 80% of the work comes out of 20% of the use cases – Cannot count on VO members being part of a federation – Cannot suggest, dictate, require or even strongly hint that a VO should follow any particular enrollment process – Cannot suggest, dictate, etc etc etc, what apps a VO should limit themselves to – The nature of VO interaction influences the nature of collaboration, incl. dictating where and under what name the collaboration can be housed – making every VO unique

21 Conclusion CMP are hugely useful to helping a collaboration meet their goals Still many areas associated with policy and politics need to be worked out Next – info directly from a VO

Download ppt "11-July-2011, SURFnet Heather Flanagan, COmanage Project Coordinator Benn Oshrin, COmanage Developer Scott Koranda, U. Wisconsin – Milwaukee and LIGO."

Similar presentations

EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Duke Enterprise CMS CGS Meeting 5/7/2004 Cheryl Crupi Senior Manager, Duke OIT Office of Web Services.

Duke Enterprise CMS CGS Meeting 5/7/2004 Cheryl Crupi Senior Manager, Duke OIT Office of Web Services.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau 2004. This work is the intellectual property of the authors. Permission is granted for.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Manifest – the Service Application Manifest is our new service, with Grouper as its logic engine, to manage populations which are known to us and those.

Manifest – the Service Application Manifest is our new service, with Grouper as its logic engine, to manage populations which are known to us and those.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
TUESDAY 24 APR 2012 COLLABORATION IS HAPPENING: UPDATES FROM THE FIELD AND BEYOND HEATHER FLANAGAN INTERNET2 HAROLD TEUNISSEN SURFNET.

TUESDAY 24 APR 2012 COLLABORATION IS HAPPENING: UPDATES FROM THE FIELD AND BEYOND HEATHER FLANAGAN INTERNET2 HAROLD TEUNISSEN SURFNET.
June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.

June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 August 15th, 2012 BP & IA Team.

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 August 15th, 2012 BP & IA Team.
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
DYNAMICS CRM AS AN xRM DEVELOPMENT PLATFORM Jim Novak Solution Architect Celedon Partners, LLC

DYNAMICS CRM AS AN xRM DEVELOPMENT PLATFORM Jim Novak Solution Architect Celedon Partners, LLC
US NITRD LSN-MAGIC Coordinating Team – Organization and Goals Richard Carlson NGNS Program Manager, Research Division, Office of Advanced Scientific Computing.

US NITRD LSN-MAGIC Coordinating Team – Organization and Goals Richard Carlson NGNS Program Manager, Research Division, Office of Advanced Scientific Computing.
AAF Middleware update February16 2012 Presented by Terry Smith Technical Manager and Heath Marks Manager.

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
BfB: Supporting Collaboration with Infrastructure.

BfB: Supporting Collaboration with Infrastructure.
Gee, I could have had a VO: Cloud- based COmanage Chris Hubing and Jim Leous.

Gee, I could have had a VO: Cloud- based COmanage Chris Hubing and Jim Leous.
CI Days: Planning Your Campus Cyberinfrastructure Strategy Russ Hobby, Internet2 Internet2 Member Meeting 9 October 2007.

CI Days: Planning Your Campus Cyberinfrastructure Strategy Russ Hobby, Internet2 Internet2 Member Meeting 9 October 2007.
VO Identity, Attributes, and Infrastructure: Some Basics.

VO Identity, Attributes, and Infrastructure: Some Basics.

Similar presentations

Ads by Google