We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byIsabela Bartlett
Modified over 2 years ago
2006 © SWITCH Group Management Tool Lukas Haemmerle email@example.com
2006 © SWITCH 2 Situation Web application/files/functions that must be protected Access/authorization shall be based on user groups Overhead for group administration shall be small Shibboleth/Other solution available Users have an AAI account Real life example: The slides/photos of this meeting shall only be accessible by all people who attended the meeting.
2006 © SWITCH 3 Case 1: Users share common attributes HomeOrg = IdP X| IdP Y| IdP Z Affiliation = Student StudyBranch = Medicine Access Rule
2006 © SWITCH 4 Case 2: No common user attributes How can these users be authorized?
2006 © SWITCH 5 Solution 1: Create a common attribute Add an entitlement attribute for specific users Require entitlement urn:mace:rediris.es:entitlement:wiki:jra5 Easy solution for a difficult problem Additional work for user directory administrator Difficult to efficiently manage many entitlement values Only IdP admin can manage access + - Access Rule
2006 © SWITCH 6 Solution 2.a: Use uniqueIDs or email 1.Get unique IDs or AAI email addresses of users. 2.Create access rules like: require uniqueID firstname.lastname@example.org email@example.com […] require email firstname.lastname@example.org email@example.com […] Straight-forward solution SP administrator must know unique ID/Email address Difficult to efficiently manage for many users/apps Only SP admin can manage access + - Access Rule
2006 © SWITCH 7 Solution 2.b: Use SWITCH GMT 0.9 Open Source software (BSD license) Easy to install Light-weight PHP application Human readable text files to store group data Features Manage multiple groups for multiple applications Three user/admin roles with different privileges Transfer privileges to other users Invite new users to join group via email User can request to join a group (self-registration) Generate authorization files (Apache.htaccess) API for use on remote hosts
2006 © SWITCH 8 Administration interface Every role has different options and views Red groups are system groups
2006 © SWITCH 9 Group settings
2006 © SWITCH 10 Manage a group
2006 © SWITCH 11 Adding users to a group Add registered users to one or more groups with a certain role
2006 © SWITCH 12 Inviting new users Invitation token (link) is sent to provided email addresses Tokens can be revoked
2006 © SWITCH 13 Request to join a group
2006 © SWITCH 14 Generate authorization files Multiple authorization files can be generated per group Files are updated automatically on changes
2006 © SWITCH 15 Authorization files
2006 © SWITCH 16 Interface for remote hosts PHP/PERL functions: isInGroup($uniqueID, $gName) getGroupModifyURL($gName) getUserGroups($uniqueID) getStatus() getError() Secure queries: Over SSL Encrypted with shared key Limited to allowed hosts
2006 © SWITCH 17 Summary and outlook Summary Convenient management of “virtual” groups Roles can be transferred Users can request to join a group with self-registration Authorize users on remote servers Libraries available for PHP and Perl Preliminary outlook for GMT 1.0 Generation of Shibboleth XML authorization files Additional API functions with SOAP/REST Probably new name (e.g. “grot”, “groupy”, …) http://www.switch.ch/aai/gmt
2006 © SWITCH 18 Questions Q & A http://www.switch.ch/aai firstname.lastname@example.org
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013
Electronics-line.com My ELAS December electronics-line.com Business Propositions All customers would like to have the advantages ELAS gives A large.
The Enterprise Business Center. #2 CyberSource Enterprise Business Center your payment processing dashboard ******** Log out security feature All tools.
2008 © SWITCH Lousy Introduction into SWITCHaai Pragma UZH Summit March 17, 2008 Christoph Witzig SWITCH.
Addition 1’s to
Test B, 100 Subtraction Facts
Addition Facts = = =
XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
In The Name Of Allah, The Most Beneficent, The Most Merciful 1 1 Copyright 2010 © Punjab Education Foundation. All rights reserved.
LobbyPal Online Visitor Management System by Aquarius Soft Administrator User Guide.
WEEK 1 You have 10 seconds to name…
Social Web Design 1 Darby Chang Social Web Design.
Self-registration of non-institute patron identifiers in Aleph.
CHAPTER 20 Oracle Secure Backup. Introduction to Oracle Secure Backup Backing up to tape is often a business requirement. To this end, Oracle provides.
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION 2. TAKE THE INVERSE OF THE SECOND NUMBER 3. FOLLOW THE RULES FOR ADDITION 4. ADD THE OPPOSITE.
By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.
Past Tense Probe Past Tense Probe – Practice 1 Past Tense Probe – Practice 2.
CS 22: Enhanced Web Site Design - Week 8Slide 1 of 15 Enhanced Web Site Design Stanford University Continuing Studies CS 22 Mark Branom
1 PLAY 60 Challenge Online Tracker. 2 Introduction The PLAY 60 Challenge Online Tracker is a web based physical activity tracker teachers across the country.
1 State Wildlife Action Plans Wiki: Business Transformation Tutorial Brand Niemann July 5, 2008
Click to edit Master title style Page - 1 OneSky Teams Step-by-Step Online Corporate Communication Support 2006.
1 eduroam Delegate Authentication System with Shibboleth SSO Hideaki Goto, Hideaki Sone Tohoku Univ. / NII Ichiro Yamaguchi, Takaaki Suzuki Tohoku Univ.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Online Access to Student Information "The primary goal of the Cleveland Metropolitan School District is to become a premier school district in the United.
= This is the fact family. You say: 8+3=11 and 3+8= =8 and 11-8=3.
Copyright © Open Text Corporation. All rights reserved. Slide 1 Automatic Routing With Captaris FaxPress and FaxPress Premier Darin McGinnes Sales Engineer.
Web Server Administration Chapter 6 Configuring a Web Server.
© 2009 Cisco Systems, Inc. All rights reserved.Cisco Public 1 September 2009 Service Access Management Tool Tour: Contract Number.
Services Course Windows Live SkyDrive Participant Guide.
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .
1 Advanced with GMail A CYC Electives Module
Grouper Training End Users Lite UI – External Users Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
Ryan Hemmy. The ultimate goal is to create a single efficient and lightweight program that both unifies features of existing programs and offers unique.
Virtual techdays INDIA │ august 2010 IIS 7/7.5 Tips & Tricks Jaskirat Singh │ Technical Lead [IIS|Asp.Net team], Microsoft.
IEs Protected Mode in Windows Vista TM January 20, 2006 Marc Silbey Program Manager.
1 Welcome to JCCAA Data base presentation Click box to see the DEMO 1.JCCAA Web Site 2. Member Login 3. My Acount 4. School DBA The end.
Faculty of Information Technology 31242/32549 Advanced Internet Programming Advanced Java Programming Web services Intro.
Web Services using PHP. web services (recap) Web services today are frequently just Application Programming Interfaces (API) or web APIs that can be accessed.
1 An Update on XML.org Registry and Repository Una Kearns Documentum, Inc.
Slide 1 Insert your own content. Slide 2 Insert your own content.
Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.
Cisco Confidential 1 © Cisco and/or its affiliates. All rights reserved. Last Updated: April 2014 Instructions for Navigating in the Training.
Networks ∙ Services ∙ People Mandeep Saini TNC15, Porto, Portugal Virtual organisation Authorisation Management Practices in Research and.
©2011 Quest Software, Inc. All rights reserved.. Andrei Polevoi, Tatiana Golubovich Program Management Group ActiveRoles Add-on Manager Overview.
2 Industry trends and challenges Windows Server 2012: Modern workstyle, enabled Access from virtually anywhere, any device Full Windows experience.
Drybridge Consulting Party Identification Directory Installing the Microsoft Research Service IDEAlliance and Drybridge Consulting – collaborating to deliver.
© 2017 SlidePlayer.com Inc. All rights reserved.