Presentation is loading. Please wait.

Presentation is loading. Please wait.

UAB NMI Testbed Program: Integrated Directory Services  Grid Computing UAB Middleware Team.

Published byAdolfo Baty Modified over 9 years ago

Similar presentations

Presentation on theme: "UAB NMI Testbed Program: Integrated Directory Services  Grid Computing UAB Middleware Team."— Presentation transcript:

1 UAB NMI Testbed Program: Integrated Directory Services  Grid Computing UAB Middleware Team

2 2 Internet2 Member Meeting 28 Sept – Oct 1, 2004 UAB Middleware Team & Support IT Academic Computing David L. Shealy Jill Gemmill John-Paul Robinson Jason Lynn Zach Garner Ramesh Puljala Rajani Sadasivam Aditya Srinivasan Pravin Joshi Silbia Peechakara Yiyi Chen Other IT Divisions  Sheila Sanders  Landy Manderson  David Green Acknowledgement of Support UAB Office VPIT NSF ANI-0123937 via SURA-2002-103 NMI Testbed Participant Shealy, Gemmill NSF EPS-0096193 Alabama EPSCoR Cooperative Agreement : Internet2 Initiative Griffin (PI), Cordes, Gemmill, Graves, Hancock, Shealy NSF ANI-022710 ViDe.Net: Middleware for Scalable Video Services for Research and Higher Education. Gemmill (PI), Chatterjee, Johnson, Verharen

3 3 Internet2 Member Meeting 28 Sept – Oct 1, 2004 UAB Benefits from NMI Enhanced Integrated Directory Services, based on eduPerson, eduOrg, LDAP Recipe WebLogin service is rolling out, based on Pubcookie Grid Computing service is rolling out, based on Globus

4 4 Internet2 Member Meeting 28 Sept – Oct 1, 2004 OUTLINE Integrated Directory Services WebLogin using Pubcookie Grid Computing using Globus

5 5 Internet2 Member Meeting 28 Sept – Oct 1, 2004 Historical Background 1983-90:  Implemented Access Control Facility (ACF2) security software on mainframe & database of eligible users  Campus Directory  BITNET; SURAnet; Internet mailhost 1991-99:  UIUC/CCSO qi directory online for “alias@uab.edu” e- mail forwarding with web page registration where information provided from merge of employee and student databases  Setup LDAP directory to mirror qi directory  Phonebook alias used for web sign-in to authenticate SMTP relay

6 6 Internet2 Member Meeting 28 Sept – Oct 1, 2004 Historical Background 2000-02:  Dr. Clair Goldsmith hired as CIO / VPIT  LDAP committees formed; and then, recommendations from LDAP and Win2K Task Force were implemented  UAB Alias => BlazerID  VPN implemented with qi authentication  Library’s Virtual Desktop interfaced to qi  ResNet online using qi authentication

7 7 Internet2 Member Meeting 28 Sept – Oct 1, 2004 UAB LDAP Committees Propose useful attributes Define “continuums of association” and when to add, remove, or inactivate people in LDAP directory EmployeesStudents Job applicantAdmissions applicant Job offer extendedAccepted for enrollment HiredEnrolled On leaveNot taking classes TerminatedDropped out RetiredGraduated

8 8 Internet2 Member Meeting 28 Sept – Oct 1, 2004 How NMI Helped Existing UAB LDAP schema was arbitrary, out-of-date, and did not have important attributes useful to educational institutions, such as, courses taught or enrolled in NMI eduPerson gave opportunity to add additional data to campus LDPA for support of new applications

9 9 Internet2 Member Meeting 28 Sept – Oct 1, 2004 LDAP Milestones – Aug 2002 New schema put into production Passwords sync in real-time between qi and LDAP Follow eduPerson and Recipe 1.0, which were LDAP Committee recommendations Group local attributes under uabPerson based on eduPerson, such as, courses taken or taught Provide for non-person (entity) look-up Implement new base root per Recipe, but old still works Include passwords & “unlisted” users so that WebCT and other applications can use LDAP directory

10 10 Internet2 Member Meeting 28 Sept – Oct 1, 2004 LDAP 2002 - 03 Created BlazerID Central New web screens sync BlazerID and password between qi, LDAP, AD, Novell. All authentication done through secure services Strong passwords enforced Microsoft Active Directory synchronization Central Exchange 2000 mail service Oracle HR/Finance sign-on Unix authentication (PAM) Wireless sign-on Class e-mail distribution & bulk/broadcast e-mail

11 11 Internet2 Member Meeting 28 Sept – Oct 1, 2004 Where UAB is Today Single authoritative directory  Single management point for Creating BlazerID password resets user account creation/deactivation Implemented Groups, commObject, latest NMI schema recommendations (eduPerson, eduOrg, LDAP Recipe) Even more applications use LDAP

12 12 Internet2 Member Meeting 28 Sept – Oct 1, 2004 UAB Authoritative Directory

13 13 Internet2 Member Meeting 28 Sept – Oct 1, 2004 More on LDAP-enabled Apps… Authentication & Authorization Services  Authentication – Identifying people  Authorization – Allow proper access Download Software Licensed to UAB Community Unix Account Management

14 14 Internet2 Member Meeting 28 Sept – Oct 1, 2004 Application: Download Software Licensed to UAB Community Client - BrowserJSP with embedded HTML HTTP serverApache Application container Tomcat version 4.0.3 – JSP, Servlets Backend connectivity JNDI BackendLDAP Implementation Details Session Management Session Management Secure Socket layer (SSL) for Authentication but not for download Secure Socket layer (SSL) for Authentication but not for download Collecting the authenticated user’s group information for making a policy decision Collecting the authenticated user’s group information for making a policy decision Customizable timeout mechanism during login Customizable timeout mechanism during login Problems Solved http://www.uab.edu/it/software/index.html

15 15 Internet2 Member Meeting 28 Sept – Oct 1, 2004 Application: Unix Account Management Tools  Enterprise LDAP Infrastructure  OSF Pluggable Authentication Module (PAM) Architecture  PADL Software’s LDAP module for PAM on Unix Systems (pam_ldap) http://www.uab.edu/it/academic/Presentations/pr esentations/authentication-timgroup.ppt http://www.uab.edu/it/academic/Presentations/pr esentations/authentication-timgroup.ppt

16 16 Internet2 Member Meeting 28 Sept – Oct 1, 2004 OUTLINE Integrated Directory Services WebLogin using Pubcookie Grid Computing using Globus

17 17 Internet2 Member Meeting 28 Sept – Oct 1, 2004 What is WebLogin? WebLogin allows users with standard web browsers to authenticate to web-based resources across many web servers using a central authentication service with username & password. WebLogin is moving towards a production service at UAB

18 18 Internet2 Member Meeting 28 Sept – Oct 1, 2004 Overview of WebLogin Features  Single Sign-On  Consistent Login Interface and Experience  User Security  Independence for Web Server Administrators Components  User-Agent (Web Browser)  Authentication Service (e.g. Campus LDAP Server)  Uses Pubcookie Application Server (Web Server Plug-in to protect resource) Login Server

19 19 Internet2 Member Meeting 28 Sept – Oct 1, 2004 … What is it? Open-source software for intra-institutional web authentication - http://www.pubcookie.org/http://www.pubcookie.org/ Uses a standalone login server and modules for common web server platforms like Apache and Microsoft IIS. Uses these components with existing authentication services (like Kerberos, LDAP, or NIS) into a solution for single sign-on authentication to websites throughout an institution. At UAB, pubcookie authenticates username & password (“BlazerID”) with LDAP directory.

20 20 Internet2 Member Meeting 28 Sept – Oct 1, 2004 Using Pubcookie Install a pubcookie Apache or IIS module on each web server to be protected Put protected information in a directory protected by this module User’s attempts to access the URL Pubcookie redirects them to login if they have not today; otherwise cookie credential is checked

21 21 Internet2 Member Meeting 28 Sept – Oct 1, 2004 Pubcookie Limitations All authenticated users are equal; useful for resources available to entire campus only  Library materials  Licensed software Usually, the target population is smaller  Students in a particular school or class  Faculty, staff, students in School of Engineering

22 22 Internet2 Member Meeting 28 Sept – Oct 1, 2004 User’s First Login Perspective 1. User tries to access secure webpage/application/document. 2. User is presented with UAB login screen. 3. User supplies BlazerID and Password (over a secure connection). 4. Upon successful credentials, user sees the secured webpage & application doc.

23 23 Internet2 Member Meeting 28 Sept – Oct 1, 2004 User’s Perspective After Initial Login 1. User tries to access secure webpage/application/document. 2. User sees the secured webpage/application/document.

24 24 Internet2 Member Meeting 28 Sept – Oct 1, 2004 WebLogin Demonstration Servers  metric.it.uab.edu (Apache Webserver 1.3.27) Sample 01 Sample 02 Sample 03 Sample 05  polka.it.uab.edu (IIS Webserver 5.0) Sample 04 Demonstration Webpage  http://lab.ac.uab.edu/node/view/145 Servers  metric.it.uab.edu (Apache Webserver 1.3.27) Sample 01 Sample 02 Sample 03 Sample 05  polka.it.uab.edu (IIS Webserver 5.0) Sample 04 Demonstration Webpage  http://lab.ac.uab.edu/node/view/145

25 25 Internet2 Member Meeting 28 Sept – Oct 1, 2004 Modifying Existing Applications The Problem  Many Web Applications create their own authentication system  So, the user needs a username/password for each application The Solution  Pubcookie-enable those applications to use centralized username/password

26 26 Internet2 Member Meeting 28 Sept – Oct 1, 2004 Modifying Existing Applications Two Pubcookie-enabled two open source applications  Bugzilla (Written in Perl)  PHPWebsite (Written in PHP) Similar changes were required for both applications

27 27 Internet2 Member Meeting 28 Sept – Oct 1, 2004 Modifications Remove old user login/password web form  Instead, Pubcookie authenticates the user  Authenticated users can proceed if they also have a Bugzilla or PHPwebsite account Change behavior of “Log Out” and “Change Password” pages

28 28 Internet2 Member Meeting 28 Sept – Oct 1, 2004 Future Directions Modifying Pubcookie to support Client- Side SSL Certificates  Enables authentication of users without a user remembering username/password Modifying Pubcookie to support PAM for the authentication mechanism  PAM is a standard system for flexibly using a large number of authentication systems.

29 29 Internet2 Member Meeting 28 Sept – Oct 1, 2004 OUTLINE Integrated Directory Services WebLogin using Pubcookie Grid Computing using Globus

30 UABGrid Resource Infrastructure

31 UABGrid Software Infrastructure

32 UABGrid Architecture

33 One Time Registration

34 Login for Registered Users

35 User Environment

36 Usage Management - Details (One Time Registration)

37 UABGrid Summary

38 38 Internet2 Member Meeting 28 Sept – Oct 1, 2004 Summary of Benefits from NMI Enhanced Integrated Directory Services, based on eduPerson and LDAP Recipe Campus WebLogin service is rolling out, based on Pubcookie Grid Computing service is rolling out, based on Globus

Download ppt "UAB NMI Testbed Program: Integrated Directory Services  Grid Computing UAB Middleware Team."

Similar presentations

My AmeriCorps Release 3 State Commissions and Programs User Roles and Management – Implementing Presentation developed for the Corporation for National.

My AmeriCorps Release 3 State Commissions and Programs User Roles and Management – Implementing Presentation developed for the Corporation for National.
1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senns Information Technology, 3 rd Edition Chapter 7 Enterprise Databases.

1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senns Information Technology, 3 rd Edition Chapter 7 Enterprise Databases.
IS 6116 Introduction – 10 Jan 2011. Lecturer Details Aonghus Sugrue Website: aonghussugrue.wordpress.com

IS 6116 Introduction – 10 Jan Lecturer Details Aonghus Sugrue Website: aonghussugrue.wordpress.com
Chapter 14 Intranets & Extranets. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning an Intranet.

Chapter 14 Intranets & Extranets. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning an Intranet.
Distributed Systems Architectures

Distributed Systems Architectures
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
Secure Videoconferencing Jill Gemmill, UAB. Room for Improvement… Videoconferencing applications today No resource discovery – need to already know address.

Secure Videoconferencing Jill Gemmill, UAB. Room for Improvement… Videoconferencing applications today No resource discovery – need to already know address.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
HL7 Project Management Tool Overview for HL7 Project Facilitators

HL7 Project Management Tool Overview for HL7 Project Facilitators
MyProxy Jim Basney Senior Research Scientist NCSA

MyProxy Jim Basney Senior Research Scientist NCSA
18 Copyright © 2005, Oracle. All rights reserved. Distributing Modular Applications: Introduction to Web Services.

18 Copyright © 2005, Oracle. All rights reserved. Distributing Modular Applications: Introduction to Web Services.
11 Copyright © 2005, Oracle. All rights reserved. Creating the Business Tier: Enterprise JavaBeans.

11 Copyright © 2005, Oracle. All rights reserved. Creating the Business Tier: Enterprise JavaBeans.
17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.

17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.
Copyright CompSci Resources LLC 2009 1 Web-Based XBRL Products from CompSci Resources LLC Virginia, USA. Presentation by: Colm Ó hÁonghusa.

Copyright CompSci Resources LLC Web-Based XBRL Products from CompSci Resources LLC Virginia, USA. Presentation by: Colm Ó hÁonghusa.
ActionDescription 1Decisions about planning and managing the coast are governed by general legal instruments. 2Sectoral stakeholders meet on an ad hoc.

ActionDescription 1Decisions about planning and managing the coast are governed by general legal instruments. 2Sectoral stakeholders meet on an ad hoc.
Www.gisela-grid.eu Grid Initiatives for e-Science virtual communities in Europe and Latin America The VRC-driven GISELA Science Gateway Diego Scardaci.

Grid Initiatives for e-Science virtual communities in Europe and Latin America The VRC-driven GISELA Science Gateway Diego Scardaci.
Click to edit Master title style Page - 1 OneSky Teams Step-by-Step Online Corporate Communication Support 2006.

Click to edit Master title style Page - 1 OneSky Teams Step-by-Step Online Corporate Communication Support 2006.
DISTRICT AND SCHOOL ASSESSMENT & TECHNOLOGY COORDINATOR ONLINE TESTING WEBINAR FEBRUARY 7 AND 9, 2012 Washington Online Testi ng OSPI Office of Superintendent.

DISTRICT AND SCHOOL ASSESSMENT & TECHNOLOGY COORDINATOR ONLINE TESTING WEBINAR FEBRUARY 7 AND 9, 2012 Washington Online Testi ng OSPI Office of Superintendent.
PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.

PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.
Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft Torsten Antoni – LCG Operations Workshop, CERN 02-04/11/04 Global Grid User Support - GGUS -

Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft Torsten Antoni – LCG Operations Workshop, CERN 02-04/11/04 Global Grid User Support - GGUS -

Similar presentations

Ads by Google