Presentation is loading. Please wait.

Presentation is loading. Please wait.

Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.

Published byJoleen Adams Modified over 9 years ago

Similar presentations

Presentation on theme: "Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008."— Presentation transcript:

1 Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008

2 Connect. Communicate. Collaborate Outline Introducing eduGAIN eduGAIN in real life eduGAIN FAQ Future plans

3 Connect. Communicate. Collaborate Outline Introducing eduGAINIntroducing eduGAIN eduGAIN in real life eduGAIN FAQ Future plans

4 Connect. Communicate. Collaborate Introduction: Concepts eduGAIN federates federations Federation software and policy remain untouched Providing trust among partners Using standards

5 Connect. Communicate. Collaborate INTRODUCTION: ARCHITECTUREIntroduction: Architecture Connect. Communicate. Collaborate

6 Bridging Elements Adapt eduGAIN messages to local protocols Query the MDS for other BEs in the infrastructure Several BEs available

7 Connect. Communicate. Collaborate Federation Peering Point Publishes SAML 2.0 metadata to the MDS Metadata describes federation interfaces in eduGAIN, such as IdPs, SPs, AAs..

8 Connect. Communicate. Collaborate Metadata Service Allows storage and retrieving of federation information Different search options Metadata must be signed by the FPP

9 Connect. Communicate. Collaborate INTRODUCTION: ARCHITECTURE Introduction: To BE or not to BE Connect. Communicate. Collaborate MDS SP BE IdP BE IdP BE IdP BE SP BE SP BE SP BE FPP BE SP IdP BE FPP

10 Connect. Communicate. Collaborate Outline Introducing eduGAIN eduGAIN in real lifeeduGAIN in real life eduGAIN FAQ Future plans

11 Connect. Communicate. Collaborate eduGAIN in real life Two approaches –Components URN Registry eduGAIN PKI MDS-based WFAYF eduGAINFilter –Applications / Projects autoBAHN Web applications perfSONAR, DAMe

12 Connect. Communicate. Collaborate Components: URN Registry Each eduGAIN component MUST have a unique URN Registry can be delegated Registry software available Can produce XML output Format: urn:geant:edugain:component:be:rediris:rediris.es URL: http://registry.edugain.orghttp://registry.edugain.org

13 Connect. Communicate. Collaborate Components: eduGAIN PKI Each eduGAIN component MUST have a X.509 certificate –Which includes the previously registered URN Different RAs can be delegated from eduGAINSCA PKI software available URL: http://sca.edugain.orghttp://sca.edugain.org eduGAIN supports multiple roots of trust –Certs MUST include a proper URN –CA MUST comply to eduGAIN PMA policy

14 Connect. Communicate. Collaborate Components: MDS-based WAYF (1) WAYF = Where Are You From Queries the MDS for available federations and IdPs

15 Connect. Communicate. Collaborate Components: MDS-based WAYF (2) Highlight available federations Federation info available through javascript events Servlet can be queried by other interfaces RedIRIS federation -Organization info - IdPs - …

16 Connect. Communicate. Collaborate Components: eduGAINFilter Implementation of the javax.servlet.Filter interface eduGAINizes any application inside a servlet container… … without any federation software! Operates as an eduGAIN Remote Bridging Element Beta version available at GÉANT2 SVN

17 Connect. Communicate. Collaborate Applications: autoBAHN (1) AutoBAHN is a research activity for engineering, automating and streamlining the inter-domain setup of guaranteed capacity (Gbit/s) end-to-end-paths A chained-solution is adopted: –A user is authenticated and his/her BoD request is authorized successively in each domain on the path where bandwidth should be scheduled. –The scheduled resource are enabled in each domain by the Domain Manager (DM) only after AA Extract from a presentation by Victor Reijs (HEAnet) http://tnc2007.terena.org/meetings/aai-slides/autoBAHN_AAI_TNC2007-vr-03.ppt

18 Connect. Communicate. Collaborate Applications: AutoBAHN (2) User authN is performed through eduGAINFilter DM fetches user data and includes it in the WS message using SAML Parser Each IDM may use the data to perform authorization locally

19 Connect. Communicate. Collaborate Applications: WebSSO Tested eduGAINized applications –Wikis JRA5 wiki: http://wiki.rediris.es/jra5http://wiki.rediris.es/jra5 DemoWiki: http://demowiki.feide.nohttp://demowiki.feide.no –Flyspray: http://flyspray.edugain.orghttp://flyspray.edugain.org –OTRS: http://edugain-rnd.srce.hr/otrs/customer.plhttp://edugain-rnd.srce.hr/otrs/customer.pl All apps listed here can be connected: –http://rnd.feide.no/view/federatedsoftwarehttp://rnd.feide.no/view/federatedsoftware –https://wiki.internet2.edu/confluence/display/seas/Homehttps://wiki.internet2.edu/confluence/display/seas/Home Lessons learned –We need attribute conversion –We need to agree on access policies –It works :-)

20 Connect. Communicate. Collaborate Outline Introducing eduGAIN eduGAIN in real life eduGAIN FAQeduGAIN FAQ Future plans

21 Connect. Communicate. Collaborate The common reaction

22 Connect. Communicate. Collaborate eduGAIN FAQs Question: What the $%&/ is eduGAIN about? –Answer: Watch the presentation from the beginning Q: Does this freak stuff really work? –A: YES Q: What do I need to become part of the infrastructure? –A: The recipe is: Choose your SW, add a pinch of URN and mix it with certificates; cook your metadata on slow fire, take it from the fire and place it in a MDS. It can be seasoned with your own CA. Q: My problem can’t be solved with the current eduGAIN profiles –A: Contact us!

23 Connect. Communicate. Collaborate Outline Introducing eduGAIN eduGAIN in real life eduGAIN FAQ Future plansFuture plans

24 Connect. Communicate. Collaborate Future plans Complete the implementation, make it stable Add SAML 2.0 support Shib 2.0 testing Dynamic metadata discovery Explore new profiles and use cases Transition to service

25 Connect. Communicate. Collaborate Thanks to…

26 Connect. Communicate. Collaborate For More Information http://www.edugain.org http://www.geant2.net For latest news and factsheets http://www.geant2.net/mediahttp://www.geant2.net/media For research activities http://www.geant2.net/researchhttp://www.geant2.net/research

Download ppt "Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008."

Similar presentations

Federated Identity for Grid Architects Tom Scavo NCSA

Federated Identity for Grid Architects Tom Scavo NCSA
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
CLARIN AAI, Web Services Security Requirements

CLARIN AAI, Web Services Security Requirements
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.

Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Connect. Communicate. Collaborate The eduGAIN Way Diego R. Lopez - RedIRIS.

Connect. Communicate. Collaborate The eduGAIN Way Diego R. Lopez - RedIRIS.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.

Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.
Connect. Communicate. Collaborate Federation peering à la European The eduGAIN way Diego R. Lopez - RedIRIS.

Connect. Communicate. Collaborate Federation peering à la European The eduGAIN way Diego R. Lopez - RedIRIS.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
AAF Middleware update February16 2012 Presented by Terry Smith Technical Manager and Heath Marks Manager.

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.

EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.
Identity Management Report By Jean Carreon and Marlon Gonzales.

Identity Management Report By Jean Carreon and Marlon Gonzales.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
Using the Open Metadata Registry (openMDR) to create Data Sharing Interfaces October 14 th, 2010 David Ervin & Rakesh Dhaval, Center for IT Innovations.

Using the Open Metadata Registry (openMDR) to create Data Sharing Interfaces October 14 th, 2010 David Ervin & Rakesh Dhaval, Center for IT Innovations.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
CLARIN Infrastructure Vision (and some real needs) Daan Broeder CLARIN EU/NL Max-Planck Institute for Psycholinguistics.

CLARIN Infrastructure Vision (and some real needs) Daan Broeder CLARIN EU/NL Max-Planck Institute for Psycholinguistics.

Similar presentations

Ads by Google