Presentation is loading. Please wait.

Presentation is loading. Please wait.

18/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s.

Similar presentations


Presentation on theme: "18/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s."— Presentation transcript:

1 18/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s E-Learning Centre of Excellence (MELCOE)

2 28/05/2015 META ACCESS MANAGEMENT SYSTEM Contents Business Case Business Case Trusted Virtual Organisations Trusted Virtual Organisations

3 38/05/2015 META ACCESS MANAGEMENT SYSTEM Business Case What problem are we trying to solve?

4 48/05/2015 META ACCESS MANAGEMENT SYSTEM Current R&D Project Startup Publish funding scheme Publish funding scheme Write grant application and submit Write grant application and submit Review and selection of applications………………………. Review and selection of applications………………………. MP informs successful applications………………………... MP informs successful applications………………………... Contract negotiations start… and get signed……………... Contract negotiations start… and get signed……………... Recruitment starts… Jobs are published… deadline… closes… interviewing… offering jobs… starting to work…. Recruitment starts… Jobs are published… deadline… closes… interviewing… offering jobs… starting to work…. Established a web presence (server, URL, portal)……….. Established a web presence (server, URL, portal)……….. Membership admin Membership admin Added collaboration SW (CMS, Wiki, forum, mailing lists, IM/VoIP/AV)…………………………………………………... Added collaboration SW (CMS, Wiki, forum, mailing lists, IM/VoIP/AV)…………………………………………………... Added research specific tools (GTK, Grid/HPC, etc.)……. Added research specific tools (GTK, Grid/HPC, etc.)……. Really start research (environment is working OK)………. Really start research (environment is working OK)………. Project ends (18m-36m) Project ends (18m-36m) Timeline-1m0m2m6m8m11m13m 13m

5 58/05/2015 META ACCESS MANAGEMENT SYSTEM Proposed R&D Project Startup Publish funding scheme Publish funding scheme Contract gets signed before being allowed to submit Contract gets signed before being allowed to submit Write grant application and submit: Write grant application and submit: New: HR forms (people profiles), 1p executive summary, 1p deliverable summary, infrastructure requirements checklist (e.g. CMS, Wiki, etc.) New: HR forms (people profiles), 1p executive summary, 1p deliverable summary, infrastructure requirements checklist (e.g. CMS, Wiki, etc.) Review and selection of applications …………………………….. Review and selection of applications …………………………….. Project infrastructure set up……………………….………………. Project infrastructure set up……………………….………………. Project URL, Shibbolized Portal (with summary descriptions, for anonymous and authN users), Collab.env: CMS, Wiki, forum, mailing list server, IM/VoIP/AV, MyProxy (if needed); Self- registration through Shibboleth Project URL, Shibbolized Portal (with summary descriptions, for anonymous and authN users), Collab.env: CMS, Wiki, forum, mailing list server, IM/VoIP/AV, MyProxy (if needed); Self- registration through Shibboleth MP informs successful applications……………………… MP informs successful applications……………………… Recruitment starts… Jobs are published… deadline… closes… interviewing… offering jobs… starting to work…………………… Recruitment starts… Jobs are published… deadline… closes… interviewing… offering jobs… starting to work…………………… Added research specific tools (GTK, Grid/HPC, etc.)…………… Added research specific tools (GTK, Grid/HPC, etc.)…………… Really start research (environment is working OK)……………… Really start research (environment is working OK)……………… Project ends (18m-36m) Project ends (18m-36m) Timeline -1m -3w 0m 3m 5m

6 68/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Grouping identities in order to collaborate with resources

7 78/05/2015 META ACCESS MANAGEMENT SYSTEM Possible Middleware HE Infrastructure for Collaboration WAYF > CA? > MyProxy server Federation Services … > IR … MyProxy Client SP: Wiki SP: Forum SP: CMS GTK: Grid GTK: HPC GTK: Store VO-AA Federation Level Institutions Level Virtual Org. Level (intra-institution, eResearch project) Gateway (CTS) > CMS > VO Portal

8 88/05/2015 META ACCESS MANAGEMENT SYSTEM IAM Suite GridSphere Federation SP GroupModule VO-IdP VO-WAYF AuthN IM Fedora (internal or external, e.g. IR) VO-SP Forum Federation FedoraWeb ShARPE Autograph Presence PeoplePicker Calendar MyProxy AuthZ Mgnr VO-SP LMS VO-SP Wiki VO-SP Etc. GTK Storage GTK Specific tools GTK Cluster GTK Equipm. Search Login via IdP Receive assertions Receive assertions Receive proxy cert. AFS adaptor

9 98/05/2015 META ACCESS MANAGEMENT SYSTEM TVO Conceptual Model

10 108/05/2015 META ACCESS MANAGEMENT SYSTEM Demo Current MAMS development in the VO space https://vo.mams.org.au/tvo

11 118/05/2015 META ACCESS MANAGEMENT SYSTEM

12 128/05/2015 META ACCESS MANAGEMENT SYSTEM VO-SP Manager VO-SP Mngr Data store ForumWiki 1.Create SP description Name, description, URL 2.Add service levels (ARP) 3.Add SP-Roles for authZ 4.Default provisioning Based on VO-Role 5.Publish SP SP Wizard Add SP SP name SP description Contact name Contact ACS URL Step 1: Create SP description

13 138/05/2015 META ACCESS MANAGEMENT SYSTEM RBAC within IAM Suite New member is invited to join (by ) New member is invited to join (by ) VO-Role is set VO-Role is set Provisioning Provisioning Automatic: based on VO-Role Automatic: based on VO-Role Automatic: based on VO-Group membership Automatic: based on VO-Group membership Manually: added to VO-SP-Role Manually: added to VO-SP-Role

14 148/05/2015 META ACCESS MANAGEMENT SYSTEM Example of RBAC VO-SP AzMan Data store ForumWiki GS-Role:Guest GS-Role:Member John GS-Role:Administrator Readers Editors Managers Who are you looking for? Current selection:  Your buddy: Carol PeoplePicker portlet Within Federation Select your buddy Member/group/role   

15 158/05/2015 META ACCESS MANAGEMENT SYSTEM VOs Across Federations A use/business case for connecting federations? A use/business case for connecting federations? VO-WAYF can act as WAYF for IdPs VO-WAYF can act as WAYF for IdPs VO-bridge possibly scalable to connect federations VO-bridge possibly scalable to connect federations

16 168/05/2015 META ACCESS MANAGEMENT SYSTEM Final Summary VO: VO: Leverages primary IdP for authN & identity Leverages primary IdP for authN & identity VO-AA manages VO-specific (group, authZ) attributes VO-AA manages VO-specific (group, authZ) attributes VO-WAYF manages trusted IdPs VO-WAYF manages trusted IdPs Any Shibbolized Web App can be plugged in Any Shibbolized Web App can be plugged in JSR168 Portlets can be plugged into GridSphere JSR168 Portlets can be plugged into GridSphere Shibbolized MyProxy server creates proxy certificates for access to the Grid Shibbolized MyProxy server creates proxy certificates for access to the Grid A development challenge, not research A development challenge, not research Requires collaboration within the sector (!reinvent) Requires collaboration within the sector (!reinvent) Solutions should be open source (funding body’s role) Solutions should be open source (funding body’s role)

17 178/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s E-Learning Centre of Excellence (MELCOE)

18 188/05/2015 META ACCESS MANAGEMENT SYSTEM The TVO Workspace Conceptual Model

19 198/05/2015 META ACCESS MANAGEMENT SYSTEM The Architecture of the Shibbolized TVO Prototype tvo-bridge-sp tvo-bridge-idp protected by VO Fed tvo-system-portal tvo-open-idp TVO WAYF and WAYF gateway Level-1 Fed Level-2 Fed Idp-ldap …... mq-idp …... redirected to manage open-idp ldap redirected to joins users accesses sp-for-twiki sp-for-fedora other-sps can join protected by


Download ppt "18/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s."

Similar presentations


Ads by Google