Presentation is loading. Please wait.

Presentation is loading. Please wait.

Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.

Published byDonald Bruce Modified over 9 years ago

Similar presentations

Presentation on theme: "Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago."— Presentation transcript:

1 Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago

2 MACE: Objective & Modus Operandi Promote deployment of common middleware infrastructure across higher ed Practices, standards, models, tools, documentation to facilitate campus design & implementation Community-based, community-driven Early adopters, working groups Liaison, collaboration with other middleware communities Demonstrate viable models to vendor community

3 Current activities span … … typical dimensions of middleware for management of security Directories, identifiers, schema Authentication Authorization Messaging Diagnostics Operational practices but …

4 … take account of realities that are particularly higher ed Students Courses Multiple affiliations Multiple authorities and authority structures Self-identified activities Loosely affiliated populations Activities that span many organizations

5 Selected Harvest Recent releases eduPerson (200604) Enterprise Authentication Implementation Roadmap Higher Education Person Survey Use Cases: AAMC Identifier in Identity Management Systems Shibboleth 1.3d Signet 1.0 Grouper 0.9 Nexus pre-release 3 And a few integrative moments

6 Identity & Access Management: Functional Vocabulary VerbObjects ReflectData of interest from systems of record into registry, directory JoinIdentity information across systems ManageCredentials, group memberships, affiliations, privileges, services, policies Provide IAM info via - relay thru run-time request/response - provisioning into App/Service stores Authenticate (AuthN)Claimed identities Authorize (AuthZ)Access or denial of access LogUsage for audit

7 Connecting Sources of Authority

8 LDAP Attribute Management & Delivery: Affiliation, Privilege, & Privacy uid: jdoe eduPersonAffiliation: … isMemberOf: … eduCourseMember: … eduPersonEntitlement: … SIS HR Distributed Authorities/ Self Loaders Person Registry Group Registry Grouper Privilege Registry Signet Core Business Systems Shibboleth/ GridShib Attribute Authority Attribute Release Policies ShARPe Subject API Nexus

9 Finishing What’s On Our Plate Shibboleth 2.X & openSAML 2 Delegation, standards-based webSSO Enhanced management (AU partnership) Signet 1.X & Grouper 1.X Signet API, UI customization, XACML Group math Common rules engine, final Subject API

10 Finishing What’s On Our Plate Documentation Integrated story of when & how to deploy tools Concrete scenarios harvested from early adoption Toolset integration Harmonious design: configuration, internationalization, installation, site integration, composability

11 Tour of related track sessions Tuesday Federations – 1:15 EDDY – 3:00 FWNA – 4:30 VO Management – 4:30 Wednesday Preparing for Shibboleth – 8:45 Roles & Privileges – 1:15 PKI & USHER – 1:15 Inter-campus resource sharing – 3:00 Accessibility – 4:15 Managing Middleware – 4:15

Download ppt "Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago."

Similar presentations

04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.

04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.
Towards Common Identity Services Tom Barton University of Chicago.

Towards Common Identity Services Tom Barton University of Chicago.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.

NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.
Managing Authorization with Signet and Grouper Tom Barton, University of Chicago Lynn McRae, Stanford University Tom Barton, University of Chicago Lynn.

Managing Authorization with Signet and Grouper Tom Barton, University of Chicago Lynn McRae, Stanford University Tom Barton, University of Chicago Lynn.
Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford.

Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford.
CAMP: Building a Distributed Access Management Infrastructure Lynn McRae, Stanford University Denver, Nov 7-9, 2006.

CAMP: Building a Distributed Access Management Infrastructure Lynn McRae, Stanford University Denver, Nov 7-9, 2006.
Practices from the Field NSF Middleware Initiative: Identity and Privilege Management Model Michael Gettes, Duke University Jim Phelps, UW-Madison EDUCAUSE.

Practices from the Field NSF Middleware Initiative: Identity and Privilege Management Model Michael Gettes, Duke University Jim Phelps, UW-Madison EDUCAUSE.
Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.

Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.
A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.

A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.
Internet2 MACE Identity and Access Management (IAM) Projects integ-tb-kh-02.ppt Keith Hazelton, U Wisconsin With help.

Internet2 MACE Identity and Access Management (IAM) Projects integ-tb-kh-02.ppt Keith Hazelton, U Wisconsin With help.
UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.

UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Introduction to Grouper. Open source, community-driven project of the Internet2 Middleware Initiative Initial release v0.5 in December 2004 Grouper originally.

Introduction to Grouper. Open source, community-driven project of the Internet2 Middleware Initiative Initial release v0.5 in December 2004 Grouper originally.
NSF Middleware Initiative: GridShib Tom Barton University of Chicago.

NSF Middleware Initiative: GridShib Tom Barton University of Chicago.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
Introduction to Group Management Tom Barton, Blair Christensen University of Chicago.

Introduction to Group Management Tom Barton, Blair Christensen University of Chicago.
A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.

A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.

Similar presentations

Ads by Google