Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNINETT. 1 An Evaluation of Shibboleth, PAPI and A-Select.

Published byAmberlynn Greer Modified over 9 years ago

Similar presentations

Presentation on theme: "UNINETT. 1 An Evaluation of Shibboleth, PAPI and A-Select."— Presentation transcript:

1 UNINETT

2 1 An Evaluation of Shibboleth, PAPI and A-Select

3 1 What We Are Not Trying To Do ● Do a direct comparison between systems ● Pick a “best” solution/architecture given our particular needs

4 1 Our Motivation ● Which features do we really need? ● Where are the minefields? ● Identify (partial) solutions/ideas that may match our particular needs.

5 1 Shibboleth ● Well-thought out architecture ● Clearly defined system components/interfaces. ● Promises to scale well ● Indexing server solution.

6 1 Shibboleth ● Logistics of user ARPs? ● Does it scale well? Clubs may help. ● FEIDE won't need per-user ARPs. ● Integrates existing authN schemes ●... as do PAPI, and A-Select. ● No existing authN schemes to consider in FEIDE. ● WAYF ● Another step on the user's way to the resource. ● No percieved need in FEIDE for a WAYF.

7 1 Shibboleth ● Java (mostly) ● FEIDE knows Java. ● Supports LDAP as user data source ● FEIDE knows LDAP. ● Alpha available ● Not a trivial task to get up and running. ● How about the latest release? ● In test phase

8 1 Shibboleth: Summary ● Attractive architecture ● Unneccessary features? ● FEIDE doesn't need the WAYF. ● FEIDE doesn't need user ARPs.

9 1 PAPI ● Scalability issues ● Potentially a lot of traffic to PoAs. GPoAs will help. ● No global index of home organization authN servers – but not necessarily a problem in FEIDE. ● User's home org must know which (G)PoAs the user have access to. ● Easy integration with existing web resources ● Hide them behind a PoA.

10 1 PAPI ● Privacy issues? ● Encrypted user identity code sent between AS and client. ● Complete list of accessible resources sent to client after authN; each resource is then contacted.

11 1 PAPI ● PERL ● Too “PERL-ish”? ● Supports LDAP as user data source ● Again, FEIDE knows LDAP. ● Production release available ● Currently in use!

12 1 PAPI: Summary ● It's being used! ● Will the basic architecture itself be able to scale well?

13 1 A-Select ● Not designed for cross-organizational operation ●... although possible with remote A-Select Servers. ● No global indexing of A-Select Servers; each Server must know about all relevant remote Servers. ●... but is this really a problem for FEIDE?

14 1 A-Select ● High degree of inter-component interaction ● Lots of arrows in that functional flow diagram... ● Especially when involving remote A-Select Servers. ● Need to modify applications to use A- Select Agent? ● Not an issue with the introduction of filters.

15 1 A-Select ● Java ● Again, good news for FEIDE. ● Supports LDAP as user data source ● More good news. ● Currently in test phase.

16 1 A-Select: Summary ● Lacks good cross-organizational support ●... but this may not be an issue for FEIDE. ● Easy integration with existing authN solutions and web resources ●... especially if filters handle the A-Select Agent interaction.

17 1 Questions? cato.olsen@uninett.no

Download ppt "UNINETT. 1 An Evaluation of Shibboleth, PAPI and A-Select."

Similar presentations

May 2005IVOA Interoperability Meeting, Kyoto1 IRAF Web Services Michael Fitzpatrick NOAO T HE US N ATIONAL V IRTUAL O BSERVATORY.

May 2005IVOA Interoperability Meeting, Kyoto1 IRAF Web Services Michael Fitzpatrick NOAO T HE US N ATIONAL V IRTUAL O BSERVATORY.
Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.
Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.

Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.
MIT Lincoln Laboratory A Service-Oriented Approach to Application Development Robert Darneille & Gary Schorer WPI MQP Presentations ICS Group 10 October.

MIT Lincoln Laboratory A Service-Oriented Approach to Application Development Robert Darneille & Gary Schorer WPI MQP Presentations ICS Group 10 October.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Data Mining and Text Analytics GATE, by Joel Bywater.

Data Mining and Text Analytics GATE, by Joel Bywater.
Global MP3 Geoffrey Beers Deborah Ford Mike Quinn Mark Ridao.

Global MP3 Geoffrey Beers Deborah Ford Mike Quinn Mark Ridao.
© Copyright 2012 STI INNSBRUCK Apache Lucene Ioan Toma based on slides from Aaron Bannert

© Copyright 2012 STI INNSBRUCK Apache Lucene Ioan Toma based on slides from Aaron Bannert
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Indications in green = Live content Indications in white = Edit in master Indications in blue = Locked elements Indications in black = Optional elements.

Indications in green = Live content Indications in white = Edit in master Indications in blue = Locked elements Indications in black = Optional elements.
MNO Cloud Use Case 3 Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#43Tdoc SA3LI11_116.

MNO Cloud Use Case 3 Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#43Tdoc SA3LI11_116.
Chapter 7 Advantages and Disadvantages of Web Services

Chapter 7 Advantages and Disadvantages of Web Services
Caleb Stepanian, Cindy Rogers, Nilesh Patel

Caleb Stepanian, Cindy Rogers, Nilesh Patel
EFDA Federation PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme,

EFDA Federation PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme,
DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.

DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
Facebook Apps Teppo Räisänen. Facebook apps Facebook apps are normal Web pages – They are run inside Facebook so they can take advantage of Facebooks.

Facebook Apps Teppo Räisänen. Facebook apps Facebook apps are normal Web pages – They are run inside Facebook so they can take advantage of Facebooks.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.

Similar presentations

Ads by Google