We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byEliana Snead
Modified about 1 year ago
2005 © SWITCH Authentication and Authorization Infrastructure Martin Sutter, Head of NetServices Thomas Lenggenhager, Deputy Project Manager AAI Christoph Graf, Head of Network Security
2005 © SWITCH 2 SWITCHaai Agenda AAI deployment in Switzerland SWITCHaai key issues AAI & Grid Outlook EUGridPMA
2005 © SWITCH 3 SWITCHaai Motivation for SWITCHaai Need for SWITCHaai spawned by Swiss Virtual Campus, a large national e-learning project. -About 30 projects developing e-learning contents involving at least three different sites Authentication & Authorization not to be solved by each project individually
2005 © SWITCH 4 SWITCHaai Identity Providers (Home Orgs) Service Providers (Resources) Organizational Framework Interoperation Central Services Funding SWITCHaai Building Blocks
2005 © SWITCH 5 SWITCHaai SWITCH acts as SWITCHaai Federation service provider Federation membership is based on signed service agreements Organization Organizational Framework
2005 © SWITCH 6 SWITCHaai Interoperation Requires agreement on technical details like Standards -SAML 1.1 Software versions (as per May 2005) -Shibboleth 1.1 for identity providers Shibboleth for service providers Accepted certificate authorities -SWITCHpki plus Thawte, Trustcenter, VeriSign Attribute specification -swissEduPerson
2005 © SWITCH 7 SWITCHaai Criteria for attribute specification -Start simple, extend as required -Common understanding on interpretation -Already widely used swissEduPerson Attribute usage by applications -Use minimal set required -Data protection principle Interoperation Interoperation: Attributes
2005 © SWITCH 8 SWITCHaai Identity Provider Integration AAI-enabled Identity Provider User Directory Authentication System AAI Currently in use in SWITCHaai: Authentication Systems OpenLDAP with CAS or Pubcookie Kerberos AuthN with Active Directory Windows AuthN with IIS User Directory OpenLDAP Active Directory Identity Providers
2005 © SWITCH 9 SWITCHaai Identity Providers in SWITCHaai Operational AAI Identity Provider ETH Zurich University Zurich Virtual Home Org SWITCH University Geneva 110’000 Swiss Higher Ed users have an AAI-Account (≈ 50% of all) Zurich University of Applied Sciences Winterthur AAI Identity Provider getting ready University Hospital Zurich University Lucerne University Fribourg University Berne University Lausanne Identity Providers
2005 © SWITCH 10 SWITCHaai Federation Member Identity Provider Resource Owner End User Admin Some end users without identity provider VHO User Dir VHO Policy Identity Providers Virtual Home Organization – VHO Integrate end users without Identity Provider -Resource owner creates ‘AAI-enabled’ for users without an identity provider -A VHO account is only usable for the resource(s) managed by the resource owner
2005 © SWITCH 11 SWITCHaai Types of Service Providers e-learninglibraries other web applications DOIT VITELS AD Learn & Co Vconf-Reservation SMS-Gateway EZproxy commercial ScienceDirect OLAT Moodle BSCW Blackboard SwissLex IS-Academia ILIAS TWiki eShops Service Providers … 50 ‘shibbolized’ servers 10’000 active AAI Users
2005 © SWITCH 12 SWITCHaai Service Provider Example: DOIT University Zurich University Lausanne AAI Identity Provider University Berne AAI Service Provider DOIT: Dermatology Online with Interactive Technology 500 AAI Users Access Rule: IdP = UniZH | UniBE | UniL Affiliation= student studyBranch= medicine studyLevel= 15 Service Providers
2005 © SWITCH 13 SWITCHaai Service Providers Integration of „Blackboxes“ AAIportal (open source, GPL) Authentication / authorization gateway Portal functionalities (optional) User management (optional) Adaptors to blackbox applications: -WebCT Vista -WebCT CE -… AAIportal Sign On A A2 API Application Shibboleth
2005 © SWITCH 14 SWITCHaai Central Services Central AAI Services Strategy & marketing International contacts Support, consulting, training Providing federation-specific files and configuration guides Operating WAYF server Testing parties (identity provider service provider) Jump-start service Virtual Home Organization ‘Where are you from?’
2005 © SWITCH 15 SWITCHaai Key Issues in SWITCHaai Structure of SWITCHaai Federation -Switzerland is strongly federal solve problems at the lowest level coordinate where useful AAI is more than Shibboleth -SWITCHaai designed to be extensible policies federation SAML 2 and Shibboleth 2 will allow interoperability with other SAML based infrastructures
2005 © SWITCH 16 SWITCHaai AAI and Grid SWITCHaai concept is ready for Grid integration Current Shibboleth version not yet Grid ready GridShib, an Internet2 project, links upcoming Shibboleth 1.3 with Globus Toolkit 4.1 -first phase to be implemented until autumn second phase to be implemented until second half of http://grid.ncsa.uiuc.edu/GridShib/ Extension to other n-tier use cases possible
2005 © SWITCH 17 SWITCHaai Outlook 2005 – 2007 More national AAI related projects -supported by federal grants (on matching funds) Non-web browser based service providers (like Grid) Study on AAI and ECTS Study on extending AAI to AAAI -accounting, but not limited to billing Integration of federation partners -resources from non-members -other federations
2005 © SWITCH 18 SWITCHaai EUGridPMA What the EUGridPMA does -A useful job for Grid projects (evaluating CP/CPSs) -Impressive PR: made it into eIRG papers (together with TACAR) NREN perspective: -NRENs engaging in PKIs need something similar to interwork -But we will need more than one assurance level (Grid strength certs and basic strength certs) The predicted future of EUGridPMA: -Perish: If they stay Grid-specific -Flourish: if they become relevant beyond the Grid Recommendation: -NRENs to collaborate and eventually host EUGridPMA activities -Terena to play an important role (how about TACAR++?)
2005 © SWITCH Deployment of a Shibboleth-based Infrastructure in Switzerland: SWITCHaai Martin Sutter, Head of NetServices, SWITCH (Ueli Kienholz & Thomas.
2005 © SWITCH Interoperability Shibboleth and gLite in EGEE-2 MWSG Amsterdam Dec 15, 2005 Christoph Witzig SWITCH.
2004 © SWITCH 1 Shibboleth in Switzerland Internet2 Spring Meeting 2004 Thomas Lenggenhager Overview SWITCH & SWITCHaai Project.
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.
2006 © SWITCH Grid Activities at SWITCH Christoph Witzig EGEE - 06 Geneva Sep 28, 2006.
2008 © SWITCH Lousy Introduction into SWITCHaai Pragma UZH Summit March 17, 2008 Christoph Witzig SWITCH.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
SWITCHaai Team Federated Identity Management.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
2006 © SWITCH Spring 2006 Internet2 Member Meeting The SWITCHaai Federation in Switzerland Thomas Lenggenhager
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
2003 © SWITCH Authentication and Authorisation Infrastructure - AAI Christoph Graf Project Leader AAI SWITCH.
Kerberos and Identity Federations Daniel Kouřil, Luděk Matyska, Michal Procházka, Tomáš Kubina AFS & Kerberos Best Practices Worshop 2008.
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
ESnet RAF and eduroam ™ Tony J. Genovese ATF Team ESnet/Lawrence Berkeley National Laboratory.
Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team
Widely Distributed Access Management Tom Barton University of Chicago.
EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop , CERN,
2003 © SWITCH Realization of a Vision: Authentication and Authorization Infrastructure for the Swiss Higher Education Community Copyright Martin Sutter,
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
Federated A(A(A))I Jens Jensen hepsysman, RAL,
GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Agenda AD to Windows Azure AD Sync Options Federation Architecture AD to AAD Quick start By Sachin Shetty.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.
PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
NSF Middleware Initiative: GridShib Tom Barton University of Chicago.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.
High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005
Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.
© 2017 SlidePlayer.com Inc. All rights reserved.