Presentation is loading. Please wait.

Presentation is loading. Please wait.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

Published byPhilip Underwood Modified over 9 years ago

Similar presentations

Presentation on theme: "2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005."— Presentation transcript:

1 2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005

2 2005 © SWITCH 2 Outline Introduction – Overview of SWITCH – SWITCH activities in AAI and Grid SWITCHaai: The Swiss Shibboleth-based AAI – How it works – Shibboleth concepts EGEE security framework – Introduction EGEE – How it works – Grid security concepts SWITCH proposal for interoperability Shibboleth - gLite Related efforts Summary

3 2005 © SWITCH 3 Introduction SWITCH has four strategic business areas – Network: operating the Swiss Research and Eduction network – Domain name registration for.ch and.li – Security  Operates (among other things) SWITCHpki – NetServices  providing services on top of the network for academic users NetServices – Video conferences, streaming technologies, support for (physical) mobility – SWITCHaai: Shibboleth-based AAI for the Swiss academic sector – Grid: targeted Grid services as new strategic direction  There is no Swiss grid program  Various grid efforts at some universities Introduction

4 2005 © SWITCH 4 SWITCHaai = federated, national, Shibboleth-based authentication and authorization infrastructure (AAI). SWITCHaai Main efforts: > 110’000 users (  50%) of the Swiss higher education sector are currently “AAI-enabled”. Federally funded cooperation projects will complete the national roll-out and increase the number of new resources. Define cooperation with other federations. Develop accounting (AAAI) services. Introduction

5 2005 © SWITCH 5 Grid support = new strategic direction: national AAI-enabled grid infrastructure in Switzerland. SWITCH Activities in Grid Computing Two main strategic efforts: Within the context of EGEE-2 we want to add interoperability between Shibboleth and the gLite middleware stack. Within the national context we want to work together with our partners (universities, computing centers) to build up such a national grid infrastructure based on the AAI-enabled gLite middleware. Introduction

6 2005 © SWITCH 6 Disclaimer Decision of EU regarding EGEE-2 proposal is pending Assuming a positive answer from the EU EGEE-2 will start in April 2006 and last for two years Introduction

7 2005 © SWITCH 7 University A Library B University C The World without AAI Student Admin Web Mail e-Learning Literature DB e-Learning Research DB Authorization User Administration Authentication Resource Credentials  Tedious user registration at all resources  Unreliable and outdated user data at resources  Different login processes  Many different passwords  Many resources not protected due to difficulties  Often IP-based authorization  Costly implementation of inter-institutional access e-Journals SWITCHaai

8 2005 © SWITCH 8 University A Library B University C AAI The World with AAI Student Admin Web Mail e-Learning Literature DB e-Learning Research DB Authorization User Administration Authentication Resource Credentials  No user registration and user data maintenance at resource needed  Single login process for the users  Many new resources available for the users  Enlarged user communities for resources  Authorization independent of location  Efficient implementation of inter-institutional access e-Journals SWITCHaai

9 2005 © SWITCH 9 How it works SWITCHaai

10 2005 © SWITCH 10 Shibboleth Concepts SWITCHaai Based on SAML Initial focus on Web-based resources

11 2005 © SWITCH 11 EGEE: Enabling Grids for E-sciencE EU sponsored grid project within FP6 – Funding 2004 - 2006: 32 Mio € – Proposal for second phase submitted (2006 - 2008) Emphasis is on – not software development – operating a production grid and supporting the end-users – Hardening, re-engineering and extending existing middleware functionality Large collaboration – > 180 sites – 20 VO’s – > 800 registered users EGEE

12 2005 © SWITCH 12 EGEE Security Framework EGEE

13 2005 © SWITCH 13 EGEE Security Concepts EGEE

14 2005 © SWITCH 14 Interoperability Shibboleth - gLite Part of EGEE-2 proposal (by SWITCH in EGEE NREN Federation) Focus is on – Interoperability (NO replacement for X.509) – Specific for EGEE infrastructure (VOMS etc) – Integrate, re-use, re-engineer existing code, write new code only as needed Key Concepts: – Home institution of the user should be the Identity Provider – Home institution provides some attributes – But VO is needed for (grid specific) attributes Proposal of doing work in three phases: – Two initial, shorter phases with the intention of hooking SWITCHaai up to the grid with a minimal amount of effort to have a working system – A third phase with adding support for SAML at the resource (service provider) Interop. Shib gLite

15 2005 © SWITCH 15 Phase 1 and 2 Note: no changes at the Resource Work is more than just software (policies) Interop. Shib gLite

16 2005 © SWITCH 16 Access for Grid Users to Shib SP Intention: add “symmetry” between enabling access for Shib and grid users Test-bed between SWITCH and INFN in 2006 Interop. Shib gLite

17 2005 © SWITCH 17 SAML Support at the Resource Third (and main) phase of project Goal: Support for SAML for authentication and authorization without relying on X.509 (on a configurable basis) Should be based on SAML2 – Supports ECP Profile (constrained delegation) – Will be used in Shibboleth 2 Interop. Shib gLite

18 2005 © SWITCH 18 Related Efforts GridShib: – Emphasis is on providing attributes based authorization – Based on GT4 and Shib 1.3 – Beta version available since Sept 05 OGSA authZ working group: – Defines specifications for basic interoperability and pluggability of authorization modules in OGSA framework Condor Shibboleth Merger Project – Phase I: Shib enabled Condor web portal – Phase II: Shib enabled Condor fat client Shibboleth - grid activities in UK – ESP-Grid – Further work is planned (JISC) to look at CA/Shib issues Issue of attribute management between IdP and VO (e.g. Signet) Related Efforts

19 2005 © SWITCH 19 Summary There is interest and activity for interoperability AAI / Shibboleth - grid – But X.509 is still the standard security mechanism for grids (and likely to remain so for quite some time) – Issue is not only authentication but also attribute sharing between IdP, VO, SP – Opportunity and need for NREN and Grid communities to interoperate GridShib: – beta version available – GT4 and Shib 1.3 SWITCH participates in EGEE-2 to add interoperability Shibboleth - gLite – Pending approval by EU (expected in November) – We are interested in learn about other activities, share experiences and coordinate efforts

20 2005 © SWITCH 20

Download ppt "2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Interoperability AAI and Grids Christoph.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability AAI and Grids Christoph.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
AAA/SWITCH Overview Christoph Witzig

AAA/SWITCH Overview Christoph Witzig
2005 © SWITCH Authentication and Authorization Infrastructure Martin Sutter, Head of NetServices Thomas Lenggenhager, Deputy Project Manager AAI Christoph.

2005 © SWITCH Authentication and Authorization Infrastructure Martin Sutter, Head of NetServices Thomas Lenggenhager, Deputy Project Manager AAI Christoph.
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.

Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.

2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.

NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.
NSF Middleware Initiative: GridShib Tom Barton University of Chicago.

NSF Middleware Initiative: GridShib Tom Barton University of Chicago.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
FIM-related activities and issues being discussed in Japan 1.GEO Grid Yoshio Tanaka (AIST) 2.HPCI, GakuNin Eisaku Sakane, Kento Aida (NII)

FIM-related activities and issues being discussed in Japan 1.GEO Grid Yoshio Tanaka (AIST) 2.HPCI, GakuNin Eisaku Sakane, Kento Aida (NII)

Similar presentations

Ads by Google