Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.

Similar presentations


Presentation on theme: "Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning."— Presentation transcript:

1 Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning Technology, and Director, Macquarie E-Learning Centre Of Excellence (MELCOE) Macquarie University Presentation for Internet2 Conference, San Diego, USA, Monday 8 th October, 2007

2 Overview MAMS & AAF update –Other federation collaboration services IAMSuite –VO Federation management –VOs and workspaces –People picker for finding potential members National collaboration services

3 MAMS Testbed Federation “Level-2” Federation (at 26/6/07) : 21 Service Providers 19 Identity Providers (approx 900,000 end users) Growing…

4 Admin tool: ShARPE April 2007 IdP Administrators import “service descriptions” and create site & group ARPs

5 User privacy: Autograph April 2007 Users can view attributes released to a SP and manage User ARPs.

6 Australian Access Federation The Australian Access Federation project is taking forward the work of the MAMS (Shibboleth) and e-Security (PKI) projects to develop a unified trust federation for higher education and research –Policy and governance –PKI and Shibboleth production rollout –Adoption support, workshops, supporting systems, etc Overall AAF rollout led by University of Queensland –Macquarie University leading Shibboleth & AusCERT leading PKI

7 AAF Shib Trust Fed Components April 2007

8 Examples of collaboration services Trusted (secure) repositories (documents, data, media) –DSpace (integration of “traditional” application) –Fedora (native support for SAML, XACML for authorisation) –Others to come Secure Real-Time Text Chat –Example: Online Librarian Trusted Gridsphere portal and Virtual Organisation management (“IAMSuite”) –Including access to Grid services via Shibboleth/PKI bridge Workflow for collaborative research (“RAMS”)

9 A A Shibboleth-enabled DSpace repository

10 A A “Muradora” - Shibboleth and XACML-based Fedora Repository

11 A A Shibboleth-based Secure chat service (Jabber) – Online Librarian

12 RAMS workflow authoring: Online research group meeting

13 A A Shibboleth-based Virtual Organisation system - IAMSuite

14 IAMSuite Overview A framework & toolkit for managing a VO Federation under a larger national federation where additional user attributes are managed within VOs. –Core identity attributes come from home IdP each session; only “extras” held in VO –VO attributes can be used for access to VO Federation-only Service Providers, or VO-only features of national Service Providers –IAMSuite provides tools and templates for configuring extra attributes to be released to VO Service Providers, eg for levels of SP authorization (eg, view vs edit wiki) –VO Federation-specific OpenIdP is available (but no access to national federation) VO members can be selected via "People Picker", a federated IdP search –People Picker & IAMSuite may provide a stronger identity foundation than simple "roundtrips" for VO invitation/membership (foundation based on current directory attributes, not working ) –Provides roundtrips as alternative function if no People Picker Current IAMSuite integrated services such as wikis, instant messaging, document repository, video meeting, shared calendars and MyProxy integration The V1 beta release is currently available, and the production V1 release is planned for early 2008.

15 IAMSuite VO Federation Architecture Fed A VO Fed SP IAMSuite VO VO IdP IdP SP … External SP 1 External SP 2 External SP 3 IdP SP IdP SP OpenIdP WAYF SP

16 A IAMSuite Toolkit for management of VO Federations and VOs (secure workspaces)

17 A VO frontpage (right) and components (Services, Content, Roles, Participants - left)

18 Use PeoplePicker to find a Federation Member.

19 Configure IdPs to search. Select IdPs from list. Set Search Time-out and limit no. of results to be displayed.

20 Perform a search based on surname Select the required user information row.

21 A A IAMSuite VO: Configuring User Authorisation for Trusted Services

22 A IAMSuite integration with Grid Portlet for Certificates

23 MAMS is implementing IAMSuite for VeRSI eResearch projects

24 National collaboration services? Current discussion of federation-level (national) provision of basic collaboration services for any eResearch users For example: –WAYF, People Picker, Virtual Home Organisation (OpenIdP), MyProxy, IAMSuite, Wiki, Mailing List, Shib Instant Messaging, audio & video conf, collaborative activity workflow, etc –Could also provide data federation national services (ANDS “data commons”), eg, Persistent Identifier infrastructure, Data collections registries, National Discovery Service/Authenticated Federated Search, National authorisation fabric, etc Importance of high availability, redundancy, backup, 24x7 support, helpdesk, etc

25 NB: Under development IAMSuite, People Picker, SP integrations/adaptors, etc are all under current development –Final version may resemble current screenshots IAMSuite & People Picker V1 production release late 07/early 08 Muradora V1 production release this week RAMS (collab workflow) out already, Shib to come soon Online Librarian (Shib Jabber) out already


Download ppt "Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning."

Similar presentations


Ads by Google