Download presentation
Presentation is loading. Please wait.
Published bySheila James Modified over 9 years ago
1
19/17/2015 META ACCESS MANAGEMENT SYSTEM Platforms for Collaboration – Plus brief update from Australia – Dr. Erik Vullings MAMS Project Macquarie University’s E-Learning Centre of Excellence (MELCOE) Erik.Vullings@mq.edu.au Skype name: Erik_Vullings 9-11-2006 My condolences
2
29/17/2015 META ACCESS MANAGEMENT SYSTEM Contents Brief update on AU-Federation status Brief update on AU-Federation status Mini-grant projects Mini-grant projects User privacy mgmt via Autograph User privacy mgmt via Autograph Shibbolized IM: ShibJIM Shibbolized IM: ShibJIM Platform for Collaboration: Platform for Collaboration: A Virtual Organization (similar to myVocs) A Virtual Organization (similar to myVocs) Based on Shibbolized GridSphere & MyProxy Based on Shibbolized GridSphere & MyProxy With cross-federation IdP manager, SP manager and workspace support… With cross-federation IdP manager, SP manager and workspace support…
3
39/17/2015 META ACCESS MANAGEMENT SYSTEM MAMS $40k-Grant Program (Federation status: 600,000 Shibboleth Identities, 20%HE) Round 1 (Feb 2006): AARNet: AARNet: IdP, ENUM SP IdP, ENUM SP Griffith: Griffith: IdP, Wiki SP, Gnomic DB IdP, Wiki SP, Gnomic DB QUT: QUT: ATN IdP, eGrad School SP ATN IdP, eGrad School SP QU QU IdP, Fez (Fedora GUI) SP IdP, Fez (Fedora GUI) SP USYD USYD IdP, Sensor data SP IdP, Sensor data SP Round 2 (Jul 2006): Deakin: Deakin: IdP, e-Lectures JCU: JCU: IdP, SRB & Plone Melbourne: Melbourne: IdP, IAM suite (LIGO) Monash Monash IdP, IAM suite SP Murdoch & MQ: Murdoch & MQ: IdP, Online Librarian WAGUL: WAGUL: 5 IdP, reciprocal borrowing
4
49/17/2015 META ACCESS MANAGEMENT SYSTEM Privacy Management with Autograph Control what’s on your SAML assertion… Identity Provider Service Provider SP uses SAML handle to retrieve user attributes
5
59/17/2015 META ACCESS MANAGEMENT SYSTEM Different cards open different doors – Services & Service Level –
6
69/17/2015 META ACCESS MANAGEMENT SYSTEM Different cards open different doors – Services & Service Level –
7
79/17/2015 META ACCESS MANAGEMENT SYSTEM Adding Personal Attributes Other examples: Accessibility info (colorblind, blind), Skype user name, IM account name, etc.
8
89/17/2015 META ACCESS MANAGEMENT SYSTEM ShibJIM: Shibbolized Jabber Instant Messaging
9
99/17/2015 META ACCESS MANAGEMENT SYSTEM Online Librarian MQ/Murdoch students can chat with librarian (use time-zone difference to offer longer service hours) MQ/Murdoch students can chat with librarian (use time-zone difference to offer longer service hours) One librarian at a time One librarian at a time Public MSN account (SPIM-able) Public MSN account (SPIM-able) No user AuthN (you could talk to anyone) No user AuthN (you could talk to anyone) Requires intake questions Requires intake questions where are you from, which courses, which year, etc. where are you from, which courses, which year, etc.
10
109/17/2015 META ACCESS MANAGEMENT SYSTEM ShibJIM First contact is Jabber Agent, authN via: First contact is Jabber Agent, authN via: Shib-protected Java IM web client Shib-protected Java IM web client IM client and browsing to Shib-protected URL IM client and browsing to Shib-protected URL Jabber agent receives user attributes: Jabber agent receives user attributes: User can still be anonymous, while releasing ‘intake’ attributes User can still be anonymous, while releasing ‘intake’ attributes Rules to prioritise and direct users to librarian Rules to prioritise and direct users to librarian Accommodate multiple operators Accommodate multiple operators Allow transferring of conversations Allow transferring of conversations Frequently asked questions, “Answering machine” or instructions out of hours, Usage statistics, Multiple networks Frequently asked questions, “Answering machine” or instructions out of hours, Usage statistics, Multiple networks Also for IT or Federation Helpdesk… Also for IT or Federation Helpdesk… Source: http://sourceforge.net/projects/shibjim Source: http://sourceforge.net/projects/shibjimhttp://sourceforge.net/projects/shibjim
11
119/17/2015 META ACCESS MANAGEMENT SYSTEM ShibJIM Sequence Diagram
12
129/17/2015 META ACCESS MANAGEMENT SYSTEM “All research projects are different, but most project infrastructures are more equal than not” All projects require: Collaboration between project members Collaboration between project members Collaboration with external people Collaboration with external people Dissemination of research results Dissemination of research results AuthN & AuthZ (what’s public, what’s not) AuthN & AuthZ (what’s public, what’s not) IAM Suite – [I AM Suite] Prototyping a PfC –
13
139/17/2015 META ACCESS MANAGEMENT SYSTEM IAM Suite – [I AM Suite] Prototyping a PfC – Scope: A toolkit for eResearch Projects and Dept., wishing to leverage Federated ID for accessing data, resources and generic collaboration tools over the grid, but excl. research-specific tools. A toolkit for eResearch Projects and Dept., wishing to leverage Federated ID for accessing data, resources and generic collaboration tools over the grid, but excl. research-specific tools.Installation: Similar to ISP that hosts your CMS, forum etc.: Tick the box and you are ready to run… Similar to ISP that hosts your CMS, forum etc.: Tick the box and you are ready to run…
14
149/17/2015 META ACCESS MANAGEMENT SYSTEM Possible Middleware HE Infrastructure for Collaboration WAYF > CA? > MyProxy server Federation Services IdP1@UQIdP2@UTSIdPn@MQ … > IR … MyProxy Client SP: Wiki SP: Forum SP: CMS GTK: Grid GTK: HPC GTK: Store VO IdP Federation Level Institutions Level Virtual Org. Level (intra-institution, eResearch project) Gateway (CTS) > CMS > VO Portal
15
159/17/2015 META ACCESS MANAGEMENT SYSTEM IAM Suite GridSphere Federation SP GroupModule VO-IdP VO-WAYF AuthN IM Fedora (internal or external, e.g. IR) VO-SP Forum Federation FedoraWeb ShARPE Autograph Presence PeoplePicker Calendar MyProxy AuthZ Mgnr VO-SP LMS VO-SP Wiki VO-SP Etc. GTK Storage GTK Specific tools GTK Cluster GTK Equipm. Search Login via IdP Receive assertions Send SAML assertions Send proxy cert. AFS adaptor Contains VO group attributes for RBAC.
16
169/17/2015 META ACCESS MANAGEMENT SYSTEM RBAC within IAM Suite New member is invited to join (by email) New member is invited to join (by email) VO-Role is set VO-Role is set Provisioning Provisioning Automatic: based on VO-Role Automatic: based on VO-Role Automatic: based on VO-Group membership Automatic: based on VO-Group membership Manually: added to VO-SP-Role Manually: added to VO-SP-Role
17
179/17/2015 META ACCESS MANAGEMENT SYSTEM Example of RBAC VO-SP AzMan Data store ForumWiki GS-Role:Guest GS-Role:Member John Doe@MQ Alice@ANU GS-Role:Administrator Bob@Monash Readers Editors Managers Who are you looking for? Current selection: Your buddy: Carol PeoplePicker portlet Within Federation Select your buddy Member/group/role
18
189/17/2015 META ACCESS MANAGEMENT SYSTEM TNG Libraries: “From Appendix to Intestines” Digital Age: Digital Age: Libraries are mainly accessed online Libraries are mainly accessed online Library becomes a University’s Appendix, easy to remove when you are sick… Library becomes a University’s Appendix, easy to remove when you are sick… The TNG Library: The TNG Library: Integrates Librarian’s knowledge into PfC Integrates Librarian’s knowledge into PfC Helps with discovering, storing, organizing, cataloguing and publishing of knowledge Helps with discovering, storing, organizing, cataloguing and publishing of knowledge
19
199/17/2015 META ACCESS MANAGEMENT SYSTEM Source: “A multi-dimensional framework for Academic Support”, Kate McCready, University of Minnesota, May06
20
209/17/2015 META ACCESS MANAGEMENT SYSTEM
21
219/17/2015 META ACCESS MANAGEMENT SYSTEM FLASH DEMO IAM SUITE 1. Shib login to GS via VO-WAYF Shib login to GS via VO-WAYF Shib login to GS via VO-WAYF admin adds Wiki service and tests it admin adds Wiki service and tests it 2. Create a group Create a group Create a group 3. Add a resource and service to a group Add a resource and service to a group Add a resource and service to a group TBD authN source (none, IdP, VO-IdP, cert) TBD authN source (none, IdP, VO-IdP, cert) 4. Workspace (virtual room): Workspace (virtual room) Workspace (virtual room) Create workspace & roles, add VO members, services, and resources… Create workspace & roles, add VO members, services, and resources…
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.