Presentation is loading. Please wait.

Presentation is loading. Please wait.

AAI Interconnection with an European style Diego R. Lopez RedIRIS.

Published byAsher Jennings Modified over 8 years ago

Similar presentations

Presentation on theme: "AAI Interconnection with an European style Diego R. Lopez RedIRIS."— Presentation transcript:

1 AAI Interconnection with an European style Diego R. Lopez RedIRIS

2 The European way (Too) many states, languages, national priorities/laws/prides/… Different systems and/or profiles of existing systems In different degrees of maturity and deployment Look for agreements, even when not fully satisfactory Several initiatives to fill the gaps eduroam (already and successfully running!) GN2-JRA5 (defining the architecture of an AAI) TF-EMC2 (refining the AA-RR and initiating its schema effort, SCHAC) TERENA-EUNIS-EUA (a proposal to enable direct data exchange among European universities through the so-called ECTS) Import whatever is worth from the other side of the Atlantic Shibboleth as basic standard And always with a sense of style and history Your humble speaker and many colleagues

3 GÉANT2 AAI It is intended to be one of the basic services of the coming pan-European academic network Common to all services provided by and based on the network From network access, bandwidth management, etc. To application access (including Grids) Not a substitute of existing infrastructures Nation- or community-based A superstructure connecting them Based on (con-)federating the federations Allowing different kinds of trust meshes But able to build new federations where they do not exist And directly providing AuthN/AuthZ services access through specific interfaces

4 GÉANT2 AAI components A local AAI Instance at each federation/domain/realm Providing the interfaces to the federations or services in it Common Services Home Location Service (the WAYF) Others possible: certificate verification, common diagnostics,… Only available to the local AAI-I Connectors Centralized for a federation (the Local Federation Connector) Local Connectors for resources allowed to interact directly Service Access Points In charge of adapt AAI interfaces to the (isolated) services AA queries/responses Interfaces and operations WS and SAML based As Shibboleth-compatible as possible

5 An example diagram

6 Including Shib in the picture

7 TF-EMC2 and AA-RR Able to impersonate any of the following components Attribute sources (AS): Able to accept queries and respond with attribute information Attribute requesters (AR): Make requests to AS and process them, possibly using AE Authorization engines (AE): Responds queries from AR applying their internal rules Driven by profiles Entity and protocol aspects Attributes and values Protocol agnostic Applications GÉANT2 AAI Connectors Diagnostic tool Interoperability assessment

8 TF-EMC2 and SCHAC An extension to eduPerson Taking into account European idiosyncrasy Based on a collection of national extensions so far Finland, France, Norway, Poland, Spain, Sweden, Switzerland Common requirements have been quickly identified Personal (unique) identifiers Other personal attributes (citizenship, languages,…) Privacy definition and entitlements Go beyond eduPersonAffiliation Initial proposal submitted and being discussed The plan is to present version 1.0 at next TF-EMC2 meeting next June in Poznan

9 The ECTS-enabling proposal ECTS is the European Credit Transfer System To permit European students to complete their curricula at any university within the EU Also known as the “Bologna process” One of the main drives of SCHAC It has made schema harmonization key to IT practitioners in the European universities Close cooperation between TERENA/TF-EMC2 and EUNIS A proposal on schema harmonization to be submitted to the EC Also supported by the EUA (European University Association) and several national associations

Download ppt "AAI Interconnection with an European style Diego R. Lopez RedIRIS."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Page 1 Copyright © 2010 Data Access Technologies, Inc. Model Driven Solutions May 2009 Cory Casanave Architecture of Services SOA for E-Government Conference.

Page 1 Copyright © 2010 Data Access Technologies, Inc. Model Driven Solutions May 2009 Cory Casanave Architecture of Services SOA for E-Government Conference.
Key Multi-domain GÉANT Network Services June 2011.

Key Multi-domain GÉANT Network Services June 2011.
Vehicle-infrastructure integration: creating co-operative mobility systems and services Hearing EU Parliament, 22 January 2009 Hermann Meyer, CEO.

Vehicle-infrastructure integration: creating co-operative mobility systems and services Hearing EU Parliament, 22 January 2009 Hermann Meyer, CEO.
Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.

Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public University of the Future 1 TF-Mobility future Klaas Wierenga

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public University of the Future 1 TF-Mobility future Klaas Wierenga
TAC - Poznan, 6 June 2005 Building trust with a European style Diego R. Lopez RedIRIS.

TAC - Poznan, 6 June 2005 Building trust with a European style Diego R. Lopez RedIRIS.
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a.

17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.

2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.
The TERENA Academic CA Repository. eIRG Meeting. Dublin, 16/04/2004 Diego R. Lopez – TF-AACE  Task Force on Authentication and.

The TERENA Academic CA Repository. eIRG Meeting. Dublin, 16/04/2004 Diego R. Lopez – TF-AACE  Task Force on Authentication and.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March 3. 2008.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.

18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.
Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
Connect. Communicate. Collaborate Federation peering à la European The eduGAIN way Diego R. Lopez - RedIRIS.

Connect. Communicate. Collaborate Federation peering à la European The eduGAIN way Diego R. Lopez - RedIRIS.
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
GEANT Performance Monitoring Infrastructure – Joint Techs meeting July 2004 -- Nicolas Simar GEANT’s Performance Monitoring.

GEANT Performance Monitoring Infrastructure – Joint Techs meeting July Nicolas Simar GEANT’s Performance Monitoring.
Connect. Communicate. Collaborate First steps in federation peering: eduGAIN and eduroam Diego R. Lopez - RedIRIS.

Connect. Communicate. Collaborate First steps in federation peering: eduGAIN and eduroam Diego R. Lopez - RedIRIS.

Similar presentations

Ads by Google