Presentation on theme: "Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning."— Presentation transcript:
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning Technology, and Director, Macquarie E-Learning Centre Of Excellence (MELCOE) Macquarie University Presentation for Internet2 Conference, San Diego, USA, Monday 8 th October, 2007
Overview MAMS & AAF update –Other federation collaboration services IAMSuite –VO Federation management –VOs and workspaces –People picker for finding potential members National collaboration services
MAMS Testbed Federation “Level-2” Federation (at 26/6/07) : 21 Service Providers 19 Identity Providers (approx 900,000 end users) Growing…
Admin tool: ShARPE April 2007 IdP Administrators import “service descriptions” and create site & group ARPs
User privacy: Autograph April 2007 Users can view attributes released to a SP and manage User ARPs.
Australian Access Federation The Australian Access Federation project is taking forward the work of the MAMS (Shibboleth) and e-Security (PKI) projects to develop a unified trust federation for higher education and research –Policy and governance –PKI and Shibboleth production rollout –Adoption support, workshops, supporting systems, etc Overall AAF rollout led by University of Queensland –Macquarie University leading Shibboleth & AusCERT leading PKI
AAF Shib Trust Fed Components April 2007
Examples of collaboration services Trusted (secure) repositories (documents, data, media) –DSpace (integration of “traditional” application) –Fedora (native support for SAML, XACML for authorisation) –Others to come Secure Real-Time Text Chat –Example: Online Librarian Trusted Gridsphere portal and Virtual Organisation management (“IAMSuite”) –Including access to Grid services via Shibboleth/PKI bridge Workflow for collaborative research (“RAMS”)
A A Shibboleth-enabled DSpace repository
A A “Muradora” - Shibboleth and XACML-based Fedora Repository
A A Shibboleth-based Secure chat service (Jabber) – Online Librarian
RAMS workflow authoring: Online research group meeting
A A Shibboleth-based Virtual Organisation system - IAMSuite
IAMSuite Overview A framework & toolkit for managing a VO Federation under a larger national federation where additional user attributes are managed within VOs. –Core identity attributes come from home IdP each session; only “extras” held in VO –VO attributes can be used for access to VO Federation-only Service Providers, or VO-only features of national Service Providers –IAMSuite provides tools and templates for configuring extra attributes to be released to VO Service Providers, eg for levels of SP authorization (eg, view vs edit wiki) –VO Federation-specific OpenIdP is available (but no access to national federation) VO members can be selected via "People Picker", a federated IdP search –People Picker & IAMSuite may provide a stronger identity foundation than simple "roundtrips" for VO invitation/membership (foundation based on current directory attributes, not working ) –Provides roundtrips as alternative function if no People Picker Current IAMSuite integrated services such as wikis, instant messaging, document repository, video meeting, shared calendars and MyProxy integration The V1 beta release is currently available, and the production V1 release is planned for early 2008.
IAMSuite VO Federation Architecture Fed A VO Fed SP IAMSuite VO VO IdP IdP SP … External SP 1 External SP 2 External SP 3 IdP SP IdP SP OpenIdP WAYF SP
A IAMSuite Toolkit for management of VO Federations and VOs (secure workspaces)
A VO frontpage (right) and components (Services, Content, Roles, Participants - left)
Use PeoplePicker to find a Federation Member.
Configure IdPs to search. Select IdPs from list. Set Search Time-out and limit no. of results to be displayed.
Perform a search based on surname Select the required user information row.
A A IAMSuite VO: Configuring User Authorisation for Trusted Services
A IAMSuite integration with Grid Portlet for Certificates
MAMS is implementing IAMSuite for VeRSI eResearch projects
National collaboration services? Current discussion of federation-level (national) provision of basic collaboration services for any eResearch users For example: –WAYF, People Picker, Virtual Home Organisation (OpenIdP), MyProxy, IAMSuite, Wiki, Mailing List, Shib Instant Messaging, audio & video conf, collaborative activity workflow, etc –Could also provide data federation national services (ANDS “data commons”), eg, Persistent Identifier infrastructure, Data collections registries, National Discovery Service/Authenticated Federated Search, National authorisation fabric, etc Importance of high availability, redundancy, backup, 24x7 support, helpdesk, etc
NB: Under development IAMSuite, People Picker, SP integrations/adaptors, etc are all under current development –Final version may resemble current screenshots IAMSuite & People Picker V1 production release late 07/early 08 Muradora V1 production release this week RAMS (collab workflow) out already, Shib to come soon Online Librarian (Shib Jabber) out already