Presentation is loading. Please wait.

Presentation is loading. Please wait.

Diego R. Lopez, RedIRIS JRES2005, Marseille On eduGAIN and the Coming GÉANT Middleware Infrastructure.

Published byMorris Flynn Modified over 9 years ago

Similar presentations

Presentation on theme: "Diego R. Lopez, RedIRIS JRES2005, Marseille On eduGAIN and the Coming GÉANT Middleware Infrastructure."— Presentation transcript:

1 Diego R. Lopez, RedIRIS JRES2005, Marseille On eduGAIN and the Coming GÉANT Middleware Infrastructure

2 NRENs & Grids. Barcelona, September 2009 Across the Stack The Network The Application The Middleware Bottom layer of the application  Service location and discovery  {Con-, inter-}federation  Reputation  Logging and diagnostics Top layer of the network  Mobility  Network access  QoS  Measurement

3 NRENs & Grids. Barcelona, September 2009 eduGAIN in a Nutshell Based on the national identity federations, operated by NRENs  And a community-operated one: EFDA-Fed eduGAIN is a confederation infrastructure  Federates federations SAML 1.1 (and soon SAML 2.0) is the lingua franca Specific software developed  eduGAIN base libraries (Java)  simpleSAMLphp (PHP)  eduGAINFilter (javax.servlet.filter) Direct use of Shibboleth 2.0 possible (with a few restrictions)

4 NRENs & Grids. Barcelona, September 2009 eduGAIN Elements The Metadata Service – MDS  Updated by authorised components  Tagged according to user communities  Queried by user interfaces or autonomous services PKI and registry  Multi-rooted  Includes component identifiers AM/CC (Attribute Mapping / Credential Conversion)  Adapt syntax and semantics Bridging Elements - BE  Adapt protocols  Not required if eduGAIN profiles are natively supported  Hybrid model of integration

5 NRENs & Grids. Barcelona, September 2009 Fully Bridged eduGAIN

6 NRENs & Grids. Barcelona, September 2009 P2P eduGAIN

7 NRENs & Grids. Barcelona, September 2009 Hybrid eduGAIN

8 NRENs & Grids. Barcelona, September 2009 eduGAIN Profiles WebSSO  Shib 1.3 for SAML 1.1  SAML2 (except artifact-based) for SAML 2.0  Going into production service in GÉANT3 AC  Certificates plus optional attribute access UbC  Convey user credentials introduced at the client WE  Constrained delegation DAMe

9 NRENs & Grids. Barcelona, September 2009 The WebSSO Profile

10 NRENs & Grids. Barcelona, September 2009 The AC Profile

11 NRENs & Grids. Barcelona, September 2009 The UbC Profile

12 NRENs & Grids. Barcelona, September 2009 The WE Profile

13 NRENs & Grids. Barcelona, September 2009 Core Services in GN[\d] GN2 saw the first attempt to offer these core services as part of a multi-domain network infrastructure  Not perfect, but many lessons learned  Actual services and working examples  Taking advantage of previous collaborative initiatives GN3 is continuing this trail  Enhancing those already deployed or piloted  Addressing more core services  Providing dynamic integration and invocation  Considering SLAs as part of the process  Better development and deployment cycles A service integration model: the multi-domain ESB

14 NRENs & Grids. Barcelona, September 2009 A framework to define, discover, access, and combine network services  From the infrastructure up to application elements  Federated, multi-domain ESB  Able to integrate any service within the GÉANT infrastructure  Flexible negotiation of service provision capabilities Addressed to  NREN staff  e-Science service providers  and users!! Collaborative architecture  Open to collaboration beyond the academic community  Prosumer-oriented Plug-and-play plus Plug-and-be-played The GEMBus Promise

15 NRENs & Grids. Barcelona, September 2009 α-interfaces  Directly usable by applications β-interfaces  Govern systems and resources γ-interfaces  Abstract access to resources δ-interfaces  Actual control over the resources Source: MANA Position Paper, 2009 Service Interfaces

16 NRENs & Grids. Barcelona, September 2009 GEMBus will provide a set of α-interfaces  Plus the corresponding orchestration systems Specify how β-interfaces have to be published and registered  From individual GÉANT (and external) services γ-interfaces for core services  Those required for direct integration support  Usable by individual services Source: MANA Position Paper, 2009 What Service Interfaces

17 NRENs & Grids. Barcelona, September 2009 A Couple of Archetypal Use Cases An institution willing to distribute an arts performance subject to IPR to a variable number of sites needs to:  Create a multicast group  Generate keys for controlling access to the group  Distribute keys to participant sites according to their attributes and the institution authorization policy  Monitor the usage and performance of the distribution at several points of the network A research team defining a workflow to gather and publish a data flow originated by a singular instrument through a federated repository needs to:  Make informed real-time decisions on the route to be used for storing the data  Enforce certain properties in the selected links  Provide the data processors with appropriate credentials to access data stores  Obtain general, location-independent pointers, to the final data

18 NRENs & Grids. Barcelona, September 2009 Building by Composition Service Components  AutoBAHN DM  perfSONAR MA  eduGAIN AuthN  Composite Services  e-science workflow  A&H performance  eduGAINized repositories  … Service Frameworks  Other NRENs  Governmental  Commercial  … AutoBAHN eduG AIN Grid GÉBusCLARINAPANI2ESNetIPSphereOGSATelcosCanarie Interface descriptions Compositional procedures and orchestration Standard interfaces and support for policy agreements

Download ppt "Diego R. Lopez, RedIRIS JRES2005, Marseille On eduGAIN and the Coming GÉANT Middleware Infrastructure."

Similar presentations

The e-Framework Bill Olivier Director Development, Systems and Technology JISC.

The e-Framework Bill Olivier Director Development, Systems and Technology JISC.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group

Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public University of the Future 1 TF-Mobility future Klaas Wierenga

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public University of the Future 1 TF-Mobility future Klaas Wierenga
1 On Death, Taxes, & the Convergence of Peer-to-Peer & Grid Computing Adriana Iamnitchi Duke University “Our Constitution is in actual operation; everything.

1 On Death, Taxes, & the Convergence of Peer-to-Peer & Grid Computing Adriana Iamnitchi Duke University “Our Constitution is in actual operation; everything.
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.

Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Connect. Communicate. Collaborate The eduGAIN Way Diego R. Lopez - RedIRIS.

Connect. Communicate. Collaborate The eduGAIN Way Diego R. Lopez - RedIRIS.
EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.

EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
The TERENA Academic CA Repository. eIRG Meeting. Dublin, 16/04/2004 Diego R. Lopez – TF-AACE  Task Force on Authentication and.

The TERENA Academic CA Repository. eIRG Meeting. Dublin, 16/04/2004 Diego R. Lopez – TF-AACE  Task Force on Authentication and.
Connect. Communicate. Collaborate Federation peering à la European The eduGAIN way Diego R. Lopez - RedIRIS.

Connect. Communicate. Collaborate Federation peering à la European The eduGAIN way Diego R. Lopez - RedIRIS.
AAF Middleware update February16 2012 Presented by Terry Smith Technical Manager and Heath Marks Manager.

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
Self Adaptivity in Grid Computing Reporter : Po - Jen Lo Sathish S. Vadhiyar and Jack J. Dongarra.

Self Adaptivity in Grid Computing Reporter : Po - Jen Lo Sathish S. Vadhiyar and Jack J. Dongarra.
EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.

EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.
Developments and challenges in authentication and authorisation Klaas Wierenga Berlin, 23 May 2006.

Developments and challenges in authentication and authorisation Klaas Wierenga Berlin, 23 May 2006.
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!

1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
Connect. Communicate. Collaborate First steps in federation peering: eduGAIN and eduroam Diego R. Lopez - RedIRIS.

Connect. Communicate. Collaborate First steps in federation peering: eduGAIN and eduroam Diego R. Lopez - RedIRIS.
European Grid Initiative Federated Cloud update Peter solagna Pre-GDB Workshop 10/11/2015....1.

European Grid Initiative Federated Cloud update Peter solagna Pre-GDB Workshop 10/11/

Similar presentations

Ads by Google