Presentation is loading. Please wait.

Presentation is loading. Please wait.

19/17/2015 META ACCESS MANAGEMENT SYSTEM Platforms for Collaboration – Plus brief update from Australia – Dr. Erik Vullings MAMS Project Macquarie University’s.

Published bySheila James Modified over 9 years ago

Similar presentations

Presentation on theme: "19/17/2015 META ACCESS MANAGEMENT SYSTEM Platforms for Collaboration – Plus brief update from Australia – Dr. Erik Vullings MAMS Project Macquarie University’s."— Presentation transcript:

1 19/17/2015 META ACCESS MANAGEMENT SYSTEM Platforms for Collaboration – Plus brief update from Australia – Dr. Erik Vullings MAMS Project Macquarie University’s E-Learning Centre of Excellence (MELCOE) Erik.Vullings@mq.edu.au Skype name: Erik_Vullings 9-11-2006 My condolences

2 29/17/2015 META ACCESS MANAGEMENT SYSTEM Contents Brief update on AU-Federation status Brief update on AU-Federation status Mini-grant projects Mini-grant projects User privacy mgmt via Autograph User privacy mgmt via Autograph Shibbolized IM: ShibJIM Shibbolized IM: ShibJIM Platform for Collaboration: Platform for Collaboration: A Virtual Organization (similar to myVocs) A Virtual Organization (similar to myVocs) Based on Shibbolized GridSphere & MyProxy Based on Shibbolized GridSphere & MyProxy With cross-federation IdP manager, SP manager and workspace support… With cross-federation IdP manager, SP manager and workspace support…

3 39/17/2015 META ACCESS MANAGEMENT SYSTEM MAMS $40k-Grant Program (Federation status: 600,000 Shibboleth Identities, 20%HE) Round 1 (Feb 2006): AARNet: AARNet: IdP, ENUM SP IdP, ENUM SP Griffith: Griffith: IdP, Wiki SP, Gnomic DB IdP, Wiki SP, Gnomic DB QUT: QUT: ATN IdP, eGrad School SP ATN IdP, eGrad School SP QU QU IdP, Fez (Fedora GUI) SP IdP, Fez (Fedora GUI) SP USYD USYD IdP, Sensor data SP IdP, Sensor data SP Round 2 (Jul 2006): Deakin: Deakin: IdP, e-Lectures JCU: JCU: IdP, SRB & Plone Melbourne: Melbourne: IdP, IAM suite (LIGO) Monash Monash IdP, IAM suite SP Murdoch & MQ: Murdoch & MQ: IdP, Online Librarian WAGUL: WAGUL: 5 IdP, reciprocal borrowing

4 49/17/2015 META ACCESS MANAGEMENT SYSTEM Privacy Management with Autograph Control what’s on your SAML assertion… Identity Provider Service Provider SP uses SAML handle to retrieve user attributes

5 59/17/2015 META ACCESS MANAGEMENT SYSTEM Different cards open different doors – Services & Service Level –

6 69/17/2015 META ACCESS MANAGEMENT SYSTEM Different cards open different doors – Services & Service Level –

7 79/17/2015 META ACCESS MANAGEMENT SYSTEM Adding Personal Attributes Other examples: Accessibility info (colorblind, blind), Skype user name, IM account name, etc.

8 89/17/2015 META ACCESS MANAGEMENT SYSTEM ShibJIM: Shibbolized Jabber Instant Messaging

9 99/17/2015 META ACCESS MANAGEMENT SYSTEM Online Librarian MQ/Murdoch students can chat with librarian (use time-zone difference to offer longer service hours) MQ/Murdoch students can chat with librarian (use time-zone difference to offer longer service hours) One librarian at a time One librarian at a time Public MSN account (SPIM-able) Public MSN account (SPIM-able) No user AuthN (you could talk to anyone) No user AuthN (you could talk to anyone) Requires intake questions Requires intake questions where are you from, which courses, which year, etc. where are you from, which courses, which year, etc.

10 109/17/2015 META ACCESS MANAGEMENT SYSTEM ShibJIM First contact is Jabber Agent, authN via: First contact is Jabber Agent, authN via: Shib-protected Java IM web client Shib-protected Java IM web client IM client and browsing to Shib-protected URL IM client and browsing to Shib-protected URL Jabber agent receives user attributes: Jabber agent receives user attributes: User can still be anonymous, while releasing ‘intake’ attributes User can still be anonymous, while releasing ‘intake’ attributes Rules to prioritise and direct users to librarian Rules to prioritise and direct users to librarian Accommodate multiple operators Accommodate multiple operators Allow transferring of conversations Allow transferring of conversations Frequently asked questions, “Answering machine” or instructions out of hours, Usage statistics, Multiple networks Frequently asked questions, “Answering machine” or instructions out of hours, Usage statistics, Multiple networks Also for IT or Federation Helpdesk… Also for IT or Federation Helpdesk… Source: http://sourceforge.net/projects/shibjim Source: http://sourceforge.net/projects/shibjimhttp://sourceforge.net/projects/shibjim

11 119/17/2015 META ACCESS MANAGEMENT SYSTEM ShibJIM Sequence Diagram

12 129/17/2015 META ACCESS MANAGEMENT SYSTEM “All research projects are different, but most project infrastructures are more equal than not” All projects require: Collaboration between project members Collaboration between project members Collaboration with external people Collaboration with external people Dissemination of research results Dissemination of research results AuthN & AuthZ (what’s public, what’s not) AuthN & AuthZ (what’s public, what’s not) IAM Suite – [I AM Suite] Prototyping a PfC –

13 139/17/2015 META ACCESS MANAGEMENT SYSTEM IAM Suite – [I AM Suite] Prototyping a PfC – Scope: A toolkit for eResearch Projects and Dept., wishing to leverage Federated ID for accessing data, resources and generic collaboration tools over the grid, but excl. research-specific tools. A toolkit for eResearch Projects and Dept., wishing to leverage Federated ID for accessing data, resources and generic collaboration tools over the grid, but excl. research-specific tools.Installation: Similar to ISP that hosts your CMS, forum etc.:  Tick the box and you are ready to run… Similar to ISP that hosts your CMS, forum etc.:  Tick the box and you are ready to run…

14 149/17/2015 META ACCESS MANAGEMENT SYSTEM Possible Middleware HE Infrastructure for Collaboration WAYF > CA? > MyProxy server Federation Services IdP1@UQIdP2@UTSIdPn@MQ … > IR … MyProxy Client SP: Wiki SP: Forum SP: CMS GTK: Grid GTK: HPC GTK: Store VO IdP Federation Level Institutions Level Virtual Org. Level (intra-institution, eResearch project) Gateway (CTS) > CMS > VO Portal

15 159/17/2015 META ACCESS MANAGEMENT SYSTEM IAM Suite GridSphere Federation SP GroupModule VO-IdP VO-WAYF AuthN IM Fedora (internal or external, e.g. IR) VO-SP Forum Federation FedoraWeb ShARPE Autograph Presence PeoplePicker Calendar MyProxy AuthZ Mgnr VO-SP LMS VO-SP Wiki VO-SP Etc. GTK Storage GTK Specific tools GTK Cluster GTK Equipm. Search Login via IdP Receive assertions Send SAML assertions Send proxy cert. AFS adaptor Contains VO group attributes for RBAC.

16 169/17/2015 META ACCESS MANAGEMENT SYSTEM RBAC within IAM Suite New member is invited to join (by email) New member is invited to join (by email) VO-Role is set VO-Role is set Provisioning Provisioning Automatic: based on VO-Role Automatic: based on VO-Role Automatic: based on VO-Group membership Automatic: based on VO-Group membership Manually: added to VO-SP-Role Manually: added to VO-SP-Role

17 179/17/2015 META ACCESS MANAGEMENT SYSTEM Example of RBAC VO-SP AzMan Data store ForumWiki GS-Role:Guest GS-Role:Member John Doe@MQ Alice@ANU GS-Role:Administrator Bob@Monash Readers Editors Managers Who are you looking for? Current selection:  Your buddy: Carol PeoplePicker portlet Within Federation Select your buddy Member/group/role   

18 189/17/2015 META ACCESS MANAGEMENT SYSTEM TNG Libraries: “From Appendix to Intestines” Digital Age: Digital Age: Libraries are mainly accessed online Libraries are mainly accessed online Library becomes a University’s Appendix, easy to remove when you are sick… Library becomes a University’s Appendix, easy to remove when you are sick… The TNG Library: The TNG Library: Integrates Librarian’s knowledge into PfC Integrates Librarian’s knowledge into PfC Helps with discovering, storing, organizing, cataloguing and publishing of knowledge Helps with discovering, storing, organizing, cataloguing and publishing of knowledge

19 199/17/2015 META ACCESS MANAGEMENT SYSTEM Source: “A multi-dimensional framework for Academic Support”, Kate McCready, University of Minnesota, May06

20 209/17/2015 META ACCESS MANAGEMENT SYSTEM

21 219/17/2015 META ACCESS MANAGEMENT SYSTEM FLASH DEMO IAM SUITE 1. Shib login to GS via VO-WAYF Shib login to GS via VO-WAYF Shib login to GS via VO-WAYF admin adds Wiki service and tests it admin adds Wiki service and tests it 2. Create a group Create a group Create a group 3. Add a resource and service to a group Add a resource and service to a group Add a resource and service to a group TBD authN source (none, IdP, VO-IdP, cert) TBD authN source (none, IdP, VO-IdP, cert) 4. Workspace (virtual room): Workspace (virtual room) Workspace (virtual room) Create workspace & roles, add VO members, services, and resources… Create workspace & roles, add VO members, services, and resources…

Download ppt "19/17/2015 META ACCESS MANAGEMENT SYSTEM Platforms for Collaboration – Plus brief update from Australia – Dr. Erik Vullings MAMS Project Macquarie University’s."

Similar presentations

Demonstrations at PRAGMA 13 10 demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.

Demonstrations at PRAGMA demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.

PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…

From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Microsoft Learning Gateway for HE Rob Miles – Hull University, Lecturer Romola Ganguli – Microsoft Education Technology Advisor.

Microsoft Learning Gateway for HE Rob Miles – Hull University, Lecturer Romola Ganguli – Microsoft Education Technology Advisor.
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.

Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
18/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s.

18/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s.
Alex Reid, AARNet Australia Middleware Update; 16-Oct-06 Middleware in Australia - Update TF-ECM2 Malaga 16-Oct-06 Alex Reid Director, eResearch/Middleware.

Alex Reid, AARNet Australia Middleware Update; 16-Oct-06 Middleware in Australia - Update TF-ECM2 Malaga 16-Oct-06 Alex Reid Director, eResearch/Middleware.
16/3/2015 META ACCESS MANAGEMENT SYSTEM Implementing Authorised Access Dr. Erik Vullings MAMS Programme Manager

16/3/2015 META ACCESS MANAGEMENT SYSTEM Implementing Authorised Access Dr. Erik Vullings MAMS Programme Manager
EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.

EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.
Identity Management, PKI and Grids Jill Gemmill, PhD University of Alabama at Birmingham.

Identity Management, PKI and Grids Jill Gemmill, PhD University of Alabama at Birmingham.
ARCHER Overview October 2008. 2 e-Research Challenges Acquiring data from instruments Storing and managing large quantities of data Processing large quantities.

ARCHER Overview October e-Research Challenges Acquiring data from instruments Storing and managing large quantities of data Processing large quantities.
Instant Messaging Questions welcome after session.

Instant Messaging Questions welcome after session.
Rodney Neal Office 365 for Education Montgomery County Schools

Rodney Neal Office 365 for Education Montgomery County Schools
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Shibboleth Use in the Open Source Community Keith Hazelton for Steven Carmody.

Shibboleth Use in the Open Source Community Keith Hazelton for Steven Carmody.

Similar presentations

Ads by Google