Download presentation
Presentation is loading. Please wait.
Published byHorace Byrd Modified over 9 years ago
1
2005 © SWITCH Deployment of a Shibboleth-based Infrastructure in Switzerland: SWITCHaai Martin Sutter, Head of NetServices, SWITCH (Ueli Kienholz & Thomas Lenggenhager) UK e-Science Core Programme Town Meeting Monday 11 th April 2005
2
2005 © SWITCH 2AAI Deployment in Switzerland Project Timeline 200120022003200420052006 Implementation PilotOperation Study, Planning Study Architecture Evaluation Shibboleth
3
2005 © SWITCH 3AAI Deployment in Switzerland University A Library B University C Without AAI Student Admin Web Mail e-Learning Literature DB e-Learning Research DB Authorization User Administration Authentication Resource Credentials Tedious user registration at all resources Unreliable and outdated user data at resources Different login processes Many different passwords Many resources not protected due to difficulties Often IP-based authorization Costly implementation of inter-institutional access e-Journals
4
2005 © SWITCH 4AAI Deployment in Switzerland University A Library B University C AAI With AAI Student Admin Web Mail e-Learning Literature DB e-Learning Research DB No user registration and user data maintenance at resource needed Single login process for the users Many new resources available for the users Enlarged user communities for resources Authorization independent of location Efficient implementation of inter-institutional access e-Journals Authorization User Administration Authentication Resource Credentials
5
2005 © SWITCH 5AAI Deployment in Switzerland SWITCHaai Building Blocks Identity Providers (Home Orgs) Service Providers (Resources) Organizational Framework Interoperation Central Services Finances
6
2005 © SWITCH 6AAI Deployment in Switzerland Organizational Framework SWITCH acts as SWITCHaai Federation service provider Federation membership based on signed service agreements Organization
7
2005 © SWITCH 7AAI Deployment in Switzerland Requires agreement on technical details like Standards SAML 1.1 Software versions Shibboleth 1.1 for identity providers Shibboleth 1.2.1 for service providers Accepted certificate authorities SWITCHpki, plus Thawte, Trustcenter, VeriSign Attribute specification SwissEduPerson Interoperation
8
2005 © SWITCH 8AAI Deployment in Switzerland Criteria for attribute specification Start simple, extend as required Common understanding on interpretation Already widely used SwissEduPerson Attribute usage by applications Use minimal set required Data protection principle Interoperation Interoperation: Attributes
9
2005 © SWITCH 9AAI Deployment in Switzerland Identity Provider Integration AAI-enabled Identity Provider User Directory Authentication System AAI Currently in use in SWITCHaai: Authentication Systems OpenLDAP with CAS or Pubcookie Kerberos AuthN with Active Directory Windows AuthN with IIS User Directory OpenLDAP Active Directory Identity Providers
10
2005 © SWITCH 10AAI Deployment in Switzerland Identity Providers in SWITCHaai Operational AAI Identity Provider SFIT Zurich University Zurich Virtual Home Org SWITCH Université de Genève 110’000 Swiss Higher Ed users have an AAI-Account (≈ 50% of all) Zürcher Hochschule Winterthur AAI Identity Provider getting ready University Hospital Zurich University Lucerne Université de Fribourg Prototype running University Bern Université de Lausanne Service Agreement Identity Providers
11
2005 © SWITCH 11AAI Deployment in Switzerland Virtual Home Organization – VHO Integrate end users without identity pprovider Resource owner creates @VHO “AAI-enabled” accounts for users without an identity provider A VHO account is only usable for the resource managed by the resource owner Federation Member Identity Provider Resource Owner End User Admin Some end users without identity provider VHO Service @SWITCH User Dir VHO Policy Identity Providers
12
2005 © SWITCH 12AAI Deployment in Switzerland SWITCHaai Building Blocks Identity Providers (Home Orgs) Service Providers (Resources) Organizational Framework Interoperation Central Services Finances
13
2005 © SWITCH 13AAI Deployment in Switzerland Types of Service Providers e-learninglibraries other web applications DOIT VITELS Vista@SVC AD Learn & Co Vconf-Reservation SMS-Gateway EZproxy commercial ScienceDirect WebCT@ETHZ OLAT Moodle BSCW Blackboard SwissLex IS-Academia Jobs@BWI ILIAS TWiki eShops Service Providers …
14
2005 © SWITCH 14AAI Deployment in Switzerland Service Provider Example: DOIT ETHZUniZH SWITCH UniL AAI Identity Provider UniGE UniBE VHO AAI Service Provider DOIT: Dermatology Online with Interactive Technology 500 AAI Users Access Rule IdP = UniZH | UniBE | UniL affiliation = student studyBranch = medicine studyLevel = 15 Service Providers
15
2005 © SWITCH 15AAI Deployment in Switzerland Service Provider Example: OLAT ETHZ UniZH SWITCH UniL AAI Identity Provider UniGE UniBE VHO AAI Service Provider OLAT: Online Learning an Training (open source e-learning platform of the University of Zurich) 5000 AAI Users 75 Courses Service Providers
16
2005 © SWITCH 16AAI Deployment in Switzerland Integration of „Blackboxes“ Authentication / authorization gateway Portal functionalities (optional) User management (optional) Adaptors to blackbox applications: WebCT Vista WebCT CE …… AAIportal Shibboleth Sign On A1...... A2 Service Providers API Application
17
2005 © SWITCH 17AAI Deployment in Switzerland Central AAI Services Strategy & marketing International contacts Support, consulting, training Providing federation-specific files and configuration guides Operating WAYF Testing parties (identity provider service provider) Jump-start service Central Services
18
2005 © SWITCH 18AAI Deployment in Switzerland Funding 20002001200220032004200520062007200820092010 funding / costs pilot projectproject operational service funded by SWITCH & Universities funded by federal grants funded by tariffs Finances
19
2005 © SWITCH 19AAI Deployment in Switzerland Outlook Projects with federal grants Non-web service providers, e.g. grid ECTS (Study) AAA (Study) Federation partners
20
2005 © SWITCH 20AAI Deployment in Switzerland Further Information SWITCHaai Website http://www.switch.ch/aai Shibboleth http://shibboleth.internet2.edu/ Shibboleth Demo http://www.switch.ch/aai/demo Attribute Specification http://www.switch.ch/aai/docs/AAI_Attr_Specs.pdf
21
2005 © SWITCH 21AAI Deployment in Switzerland Questions ? Q & A http://www.switch.ch/aai aai@switch.ch
22
2005 © SWITCH 22AAI Deployment in Switzerland Central Services SWITCHaai Team Supporting Universities Training Consulting General Support Shibbolizing Services Tools (AAIportal) Integrating Identity Providers Deployment Guides Federation Metadata Services Test Lab Jump Start Service WAYF VHO Test-Installations (Feasibility) Organisation and Policies Marketing Central Services
23
2005 © SWITCH 23AAI Deployment in Switzerland Central AAI Services Support (1) SWITCH’s AAI Services WAYF AAI Tools Consulting, Training, Test Lab Outsourcing Service Virtual Home Org Strategy, Marketing Optional AAI ServicesAAI Base PackageAAI-related Services Security Services RA / CA Integration Service Implementation / Integration Operation Implementation / Integration Operation Implementation / Integration Operation AAI Jump Start
24
2005 © SWITCH 24AAI Deployment in Switzerland Showcase: NET ETHZ SWITCH UniL AAI Home Organization UniGE UniBE VHO AAI Resource NET: Network for Educational Technology 300 AAI Users, 2 Courses ETHZ UniZH
25
2005 © SWITCH 25AAI Deployment in Switzerland Shibboleth Process: The Details Resource User’s Home Org Resource Owner HSHandle Server Handle 7 AAAttribute Authority SHARShibboleth Attribute Requestor WAYF‘Where Are You From’-Server SHIREShibboleth Indexical Reference Establisher ARPAAP HS SHIRE 3 2 RM 11 Attributes 8 8 RMResource Manager 6 Handle 6 4 5 Credentials 5 9 Attributes 10 User Dir Authen- tication Shibboleth AAI Components AA WAYF SHAR 1
26
2005 © SWITCH 26AAI Deployment in Switzerland Outlook 2005 2001200220032004200520062007 Impl. V1.0 Pilot Operation V1.0 Study, Pilot, Impl. Operation V2.0 Study, Pilot, Impl. Study resource registry Shibboleth 1.3 EZproxy BSCW IS-Academia Operations Committee TF Attributes ECTS-Study AAA-Study lead SUC projects redundant WAYF migration Pilot -> Prod service agreements more campuses more resources branding
27
2005 © SWITCH 27AAI Deployment in Switzerland WAYF Single Sign On Demo Resource 1 3 2 6 4 5 Credentials Home Org 8 9 wayf1.switch.ch kohala.switch.ch E-Learning Resource 7 http://aaidemo.alzheimerlearn.net/ aaidemo.alzheimerlearn.net 10
28
2005 © SWITCH 28AAI Deployment in Switzerland Unique Identifier Surname Given name E-mail Address(es) Phone number(s) Preferred language Date of birth Gender Name of Home Organization Type of Home Organization Affiliation (student, staff, faculty, …) Study branch Study level Staff category Group membership Organization Path Organizational Unit Path based on eduPerson specification study branch, study level, staff category are based on SHIS/SIUS username and password are missing only used locally! commonName is missing no common understanding on how to use it ‘Matrikelnummer’ is missing for data protection reasons Personal attributes Group membership Attributes: SwissEduPerson
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.