We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byIsabela Bartlett
Modified over 2 years ago
2006 © SWITCH Group Management Tool Lukas Haemmerle
2006 © SWITCH 2 Situation Web application/files/functions that must be protected Access/authorization shall be based on user groups Overhead for group administration shall be small Shibboleth/Other solution available Users have an AAI account Real life example: The slides/photos of this meeting shall only be accessible by all people who attended the meeting.
2006 © SWITCH 3 Case 1: Users share common attributes HomeOrg = IdP X| IdP Y| IdP Z Affiliation = Student StudyBranch = Medicine Access Rule
2006 © SWITCH 4 Case 2: No common user attributes How can these users be authorized?
2006 © SWITCH 5 Solution 1: Create a common attribute Add an entitlement attribute for specific users Require entitlement urn:mace:rediris.es:entitlement:wiki:jra5 Easy solution for a difficult problem Additional work for user directory administrator Difficult to efficiently manage many entitlement values Only IdP admin can manage access + - Access Rule
2006 © SWITCH 6 Solution 2.a: Use uniqueIDs or 1.Get unique IDs or AAI addresses of users. 2.Create access rules like: require uniqueID […] require […] Straight-forward solution SP administrator must know unique ID/ address Difficult to efficiently manage for many users/apps Only SP admin can manage access + - Access Rule
2006 © SWITCH 7 Solution 2.b: Use SWITCH GMT 0.9 Open Source software (BSD license) Easy to install Light-weight PHP application Human readable text files to store group data Features Manage multiple groups for multiple applications Three user/admin roles with different privileges Transfer privileges to other users Invite new users to join group via User can request to join a group (self-registration) Generate authorization files (Apache.htaccess) API for use on remote hosts
2006 © SWITCH 8 Administration interface Every role has different options and views Red groups are system groups
2006 © SWITCH 9 Group settings
2006 © SWITCH 10 Manage a group
2006 © SWITCH 11 Adding users to a group Add registered users to one or more groups with a certain role
2006 © SWITCH 12 Inviting new users Invitation token (link) is sent to provided addresses Tokens can be revoked
2006 © SWITCH 13 Request to join a group
2006 © SWITCH 14 Generate authorization files Multiple authorization files can be generated per group Files are updated automatically on changes
2006 © SWITCH 15 Authorization files
2006 © SWITCH 16 Interface for remote hosts PHP/PERL functions: isInGroup($uniqueID, $gName) getGroupModifyURL($gName) getUserGroups($uniqueID) getStatus() getError() Secure queries: Over SSL Encrypted with shared key Limited to allowed hosts
2006 © SWITCH 17 Summary and outlook Summary Convenient management of “virtual” groups Roles can be transferred Users can request to join a group with self-registration Authorize users on remote servers Libraries available for PHP and Perl Preliminary outlook for GMT 1.0 Generation of Shibboleth XML authorization files Additional API functions with SOAP/REST Probably new name (e.g. “grot”, “groupy”, …)
2006 © SWITCH 18 Questions Q & A
© 2006 IBM Corporation Introduction to z/OS Security Lesson 4: There’s more to it than RACF.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability AAI and Grids Christoph.
© 2006 FedEx. All rights reserved. FedEx Ship Manager ® at fedex.com Shipping Administration.
©Silberschatz, Korth and Sudarshan8.1Database System Concepts, 5 th Ed, slide version 5.0, August Chapter 8: Application Design and Development.
Grouper Training End Users Lite UI – External Users Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
Services Course Windows Live SkyDrive Participant Guide.
© 2008 FedEx. All rights reserved. FedEx Ship Manager ® at fedex.com Shipping Administration Presentation for administrators.
Web Center v4.1 Proprietary and Confidential Topic Section Overview 1 Rates and Data 2 Creating Promotions 3 Sitemap / Formatting Content 4 Administration.
2008 © SWITCH Lousy Introduction into SWITCHaai Pragma UZH Summit March 17, 2008 Christoph Witzig SWITCH.
EVERY CONNECTION has a starting point. EVERY CONNECTION has a starting point. WorldCat Navigator - Authentication Library Hosted Navigator EZproxy and.
Final Project Instructor: Nguyen Anh Tu Students: Tran Tien Tai Tran Tien Tai Tran Ngoc Mai Tran Ngoc Mai Tu Kim Tuan Tu Kim Tuan Nguyen Ngoc Phuong Nguyen.
Its alright to laugh for who is allowed in. Its alright to laugh for who is allowed in. HiPath SIcurity Card Manager Smartcard Management and Personalization.
Copyright line. Configuring Server Roles in Windows 2008 Exam Objectives New Roles in 2008 New Roles in 2008 Read-Only Domain Controllers (RODCs) Read-Only.
IATI Technical Advisory Group Technical Proposals Simon Parrish IATI Technical Advisory Group, DIPR March 2010.
1 Identification Who are you? How do I know you are who you say you are?
MEGS+ Michigan Electronic Grants System Plus https://mdoe.state.mi.us/megsplus Session Two: Home Page Details and Initiation of an Application/Task.
HTTP Reading: Section and COS 461: Computer Networks Spring
Securing Your Swiss Cheese Environment PAUL KOUFALIS PRESIDENT PROGRESSWIZ CONSULTING.
SOFTWARE SOLUTIONS Identification, Server-Side Printing, Tracking & Mobility Software TEKLYNX CENTRAL Bundled Solutions.
Managing Users. Overview for School Admin Users Define Users Users Module Add Users Importing Users and Groups Manually adding users Search for Users.
Nortel Contact Center: An Overview Symposium ACD Press F5 to begin presentation Click on your mouse or use the spacebar or arrow keys to advance to the.
From Info to Enterprise Implementation Case Study: SBC Corporation Presented to the Crystal Decisions Regional Users Group for the Bay Area on July 24,
IEs Protected Mode in Windows Vista TM January 20, 2006 Marc Silbey Program Manager.
Microsoft ® Exchange Online Overview. Notes (hidden) The default view of this deck is a short (6-slide) presentation, targeted to mid-sized customers.
Chapter 10, Slide 1Starting Out with Visual Basic 3 rd Edition Chapter 11 Developing Web Applications.
Database Controls 2012 National State Auditors Association Information Technology Conference September 2012.
1 Version Created by G.Wright CCNA 3 Module 9 Virtual Trunk Protocol.
BIBC Member ID Card System By Lizette Burger. 2 BIBC REQUIREMENTS In the interest of all employers and employees, Council has instituted a system to provide.
RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: XML framework for component communication Date Submitted: July.
© 2016 SlidePlayer.com Inc. All rights reserved.