Presentation is loading. Please wait.

Presentation is loading. Please wait.

126/02/2016 META ACCESS MANAGEMENT SYSTEM A Ship on the Grid – Interoperability between Shibboleth and the Grid – Dr. Erik Vullings Programme Manager Macquarie.

Published bySarah Harrison Modified over 9 years ago

Similar presentations

Presentation on theme: "126/02/2016 META ACCESS MANAGEMENT SYSTEM A Ship on the Grid – Interoperability between Shibboleth and the Grid – Dr. Erik Vullings Programme Manager Macquarie."— Presentation transcript:

1 126/02/2016 META ACCESS MANAGEMENT SYSTEM A Ship on the Grid – Interoperability between Shibboleth and the Grid – Dr. Erik Vullings Programme Manager Macquarie University E-Learning Centre of Excellence (MELCOE) Australia Erik.Vullings@melcoe.mq.edu.au

2 226/02/2016 META ACCESS MANAGEMENT SYSTEM Backing Australia’s Ability DEST founded ARIIC to guide the first round of SII projects: Australian Digital Thesis (ADT) Australian Digital Thesis (ADT) Australian Partnership for Sustainable Repositories (APSR) Australian Partnership for Sustainable Repositories (APSR) Australian Research Repositories Online to the World (ARROW) Australian Research Repositories Online to the World (ARROW) Meta Access Management System (MAMS) Meta Access Management System (MAMS) Financed by DEST till the end of 2006 (3y, $4.2 million ~ €2,7m) Financed by DEST till the end of 2006 (3y, $4.2 million ~ €2,7m) FRODO (Federated Repositories of Digital Objects)

3 326/02/2016 META ACCESS MANAGEMENT SYSTEM Single Sign-On Digital Identity Mgmt Federated Identity Mgmt Access Control Provisioning Federated search Legacy plug-ins

4 426/02/2016 META ACCESS MANAGEMENT SYSTEM Projects I won’t spend a slide on… Australian Inqueu-like Federation Australian Inqueu-like Federation Easy Install CD, incl. registration Easy Install CD, incl. registration Mini-grant program: Shibbolizing SPs Mini-grant program: Shibbolizing SPs Shibbolizing GridSphere, DSpace, Zope/Plone, Wiki... Shibbolizing GridSphere, DSpace, Zope/Plone, Wiki... Institutional Repository WebGUI Institutional Repository WebGUI Fedora with XACML Fedora with XACML Virtual Librarian Service Virtual Librarian Service Use Shibboleth to validate IM service Use Shibboleth to validate IM service XACML editor for repository policies XACML editor for repository policies XML-free interface XML-free interface

5 526/02/2016 META ACCESS MANAGEMENT SYSTEM Attribute Release Policies When I visit an SP, how do I present myself? Reference #123456 Staff at Macquarie Uni Erik Vullings Staff at Macquarie Uni Erik Vullings Erik@mq.edu.au Staff at Macquarie Uni +61-(0)2-9850.6537 MQ

6 626/02/2016 META ACCESS MANAGEMENT SYSTEM Different cards open different doors – Attributes give access to Features – Reference #123456 Staff at Macquarie Uni Erik Vullings Staff at Macquarie Uni Erik Vullings Erik@mq.edu.au Staff at Macquarie Uni +61-(0)2-9850.6537 MQ Enables access to repository Allows me to rank material Allows me to add comments

7 726/02/2016 META ACCESS MANAGEMENT SYSTEM Different cards open different doors – Services & Service Level –

8 826/02/2016 META ACCESS MANAGEMENT SYSTEM Multiple Attribute Authority (Join SAML assertions as SP) Visit other IdP/AA and return

9 926/02/2016 META ACCESS MANAGEMENT SYSTEM AuthN federated Search (AFS) (Delegated SAML Profile?) University Staff member FS IdP > R > S > AFS > R > S > Repository i > Search 1 Login via WAYF & IdP Access Query 2a Create User Shib session (bypass WAYF) 3 Query + SessionID > Repository i > Attribute Mngr > Search 2b Target=SessionMngr/SessionID Old New

10 1026/02/2016 META ACCESS MANAGEMENT SYSTEM Shibbolizing MyProxy (with Jim Basney & Von Welch) University Staff member IdP 1 Login via WAYF & IdP 2a Create User Shib session (bypass WAYF) 2b Target=SessionMngr/SessionID > GS Portal > MyProxy 3 Get proxy cert + SessionID MyProxy Server > Attribute Mngr MyProxy Server GS Portal > MyProxy Old New Login with Username1 & pwd1 Username2 & pwd2

11 1126/02/2016 META ACCESS MANAGEMENT SYSTEM Virtual Organisation (Attribute Authority) 1 University Staff member SP User session Attribute Requester 3 IdP LDAP directory Attribute Authority Credentials Request access VO AA WAYF VO members 2 Redirect Notes: 1.At step 4 and 5, mapping of attr. names and values can take place. 2.Typical VO attr. are entitlements, such as ethnicity, IEEE fellow, etc. 3.Extendable between federations 4 IdP attributes SP AR 5 IdP+VO attributes IdP AA LDAP (session) Claim Transformation Service (CTS)

12 1226/02/2016 META ACCESS MANAGEMENT SYSTEM Federation A (Fa) Federation B (Fb) IdP SP CTSWAYF CTS WAYF 1 2 3 4 5 6 7 CTS: Claim Transformation Service WAYF: Where Are You From IdP: Identity Provider SP: Service Provider Fed2Fed SSO

Download ppt "126/02/2016 META ACCESS MANAGEMENT SYSTEM A Ship on the Grid – Interoperability between Shibboleth and the Grid – Dr. Erik Vullings Programme Manager Macquarie."

Similar presentations

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
Demonstrations at PRAGMA 13 10 demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.

Demonstrations at PRAGMA demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.
Federated Identity for Grid Architects Tom Scavo NCSA

Federated Identity for Grid Architects Tom Scavo NCSA
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Access management: challenges and approaches James Dalziel Adjunct Professor and Director Macquarie E-learning Centre of Excellence

Access management: challenges and approaches James Dalziel Adjunct Professor and Director Macquarie E-learning Centre of Excellence
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch

GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.

Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
18/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s.

18/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Security Approaches and Requirements John Watt NCeSS Conference 2008 - Workshop 3 Data Management through e-Social Science June 18th 2008.

Security Approaches and Requirements John Watt NCeSS Conference Workshop 3 Data Management through e-Social Science June 18th 2008.
Alex Reid, AARNet Australia Middleware Update; 16-Oct-06 Middleware in Australia - Update TF-ECM2 Malaga 16-Oct-06 Alex Reid Director, eResearch/Middleware.

Alex Reid, AARNet Australia Middleware Update; 16-Oct-06 Middleware in Australia - Update TF-ECM2 Malaga 16-Oct-06 Alex Reid Director, eResearch/Middleware.
Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,

Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,
16/3/2015 META ACCESS MANAGEMENT SYSTEM Implementing Authorised Access Dr. Erik Vullings MAMS Programme Manager

16/3/2015 META ACCESS MANAGEMENT SYSTEM Implementing Authorised Access Dr. Erik Vullings MAMS Programme Manager
EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.

EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.
ARROW Progress Report to CAUL, April 2005 Cathrine Harboe-Ree ARROW Project Leader.

ARROW Progress Report to CAUL, April 2005 Cathrine Harboe-Ree ARROW Project Leader.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

Similar presentations

Ads by Google