Presentation is loading. Please wait.

Presentation is loading. Please wait.

18/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s.

Published byAlexandra Norris Modified over 9 years ago

Similar presentations

Presentation on theme: "18/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s."— Presentation transcript:

1 18/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s E-Learning Centre of Excellence (MELCOE) peterhs@melcoe.mq.edu.au

2 28/05/2015 META ACCESS MANAGEMENT SYSTEM Contents Business Case Business Case Trusted Virtual Organisations Trusted Virtual Organisations

3 38/05/2015 META ACCESS MANAGEMENT SYSTEM Business Case What problem are we trying to solve?

4 48/05/2015 META ACCESS MANAGEMENT SYSTEM Current R&D Project Startup Publish funding scheme Publish funding scheme Write grant application and submit Write grant application and submit Review and selection of applications………………………. Review and selection of applications………………………. MP informs successful applications………………………... MP informs successful applications………………………... Contract negotiations start… and get signed……………... Contract negotiations start… and get signed……………... Recruitment starts… Jobs are published… deadline… closes… interviewing… offering jobs… starting to work…. Recruitment starts… Jobs are published… deadline… closes… interviewing… offering jobs… starting to work…. Established a web presence (server, URL, portal)……….. Established a web presence (server, URL, portal)……….. Membership admin Membership admin Added collaboration SW (CMS, Wiki, forum, mailing lists, IM/VoIP/AV)…………………………………………………... Added collaboration SW (CMS, Wiki, forum, mailing lists, IM/VoIP/AV)…………………………………………………... Added research specific tools (GTK, Grid/HPC, etc.)……. Added research specific tools (GTK, Grid/HPC, etc.)……. Really start research (environment is working OK)………. Really start research (environment is working OK)………. Project ends (18m-36m) Project ends (18m-36m) Timeline-1m0m2m6m8m11m13m 13m

5 58/05/2015 META ACCESS MANAGEMENT SYSTEM Proposed R&D Project Startup Publish funding scheme Publish funding scheme Contract gets signed before being allowed to submit Contract gets signed before being allowed to submit Write grant application and submit: Write grant application and submit: New: HR forms (people profiles), 1p executive summary, 1p deliverable summary, infrastructure requirements checklist (e.g. CMS, Wiki, etc.) New: HR forms (people profiles), 1p executive summary, 1p deliverable summary, infrastructure requirements checklist (e.g. CMS, Wiki, etc.) Review and selection of applications …………………………….. Review and selection of applications …………………………….. Project infrastructure set up……………………….………………. Project infrastructure set up……………………….………………. Project URL, Shibbolized Portal (with summary descriptions, for anonymous and authN users), Collab.env: CMS, Wiki, forum, mailing list server, IM/VoIP/AV, MyProxy (if needed); Self- registration through Shibboleth Project URL, Shibbolized Portal (with summary descriptions, for anonymous and authN users), Collab.env: CMS, Wiki, forum, mailing list server, IM/VoIP/AV, MyProxy (if needed); Self- registration through Shibboleth MP informs successful applications………………………............. MP informs successful applications………………………............. Recruitment starts… Jobs are published… deadline… closes… interviewing… offering jobs… starting to work…………………… Recruitment starts… Jobs are published… deadline… closes… interviewing… offering jobs… starting to work…………………… Added research specific tools (GTK, Grid/HPC, etc.)…………… Added research specific tools (GTK, Grid/HPC, etc.)…………… Really start research (environment is working OK)……………… Really start research (environment is working OK)……………… Project ends (18m-36m) Project ends (18m-36m) Timeline -1m -3w 0m 3m 5m

6 68/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Grouping identities in order to collaborate with resources

7 78/05/2015 META ACCESS MANAGEMENT SYSTEM Possible Middleware HE Infrastructure for Collaboration WAYF > CA? > MyProxy server Federation Services IdP1@UQIdP2@UTSIdPn@MQ … > IR … MyProxy Client SP: Wiki SP: Forum SP: CMS GTK: Grid GTK: HPC GTK: Store VO-AA Federation Level Institutions Level Virtual Org. Level (intra-institution, eResearch project) Gateway (CTS) > CMS > VO Portal

8 88/05/2015 META ACCESS MANAGEMENT SYSTEM IAM Suite GridSphere Federation SP GroupModule VO-IdP VO-WAYF AuthN IM Fedora (internal or external, e.g. IR) VO-SP Forum Federation FedoraWeb ShARPE Autograph Presence PeoplePicker Calendar MyProxy AuthZ Mgnr VO-SP LMS VO-SP Wiki VO-SP Etc. GTK Storage GTK Specific tools GTK Cluster GTK Equipm. Search Login via IdP Receive assertions Receive assertions Receive proxy cert. AFS adaptor

9 98/05/2015 META ACCESS MANAGEMENT SYSTEM TVO Conceptual Model

10 108/05/2015 META ACCESS MANAGEMENT SYSTEM Demo Current MAMS development in the VO space https://vo.mams.org.au/tvo

11 118/05/2015 META ACCESS MANAGEMENT SYSTEM

12 128/05/2015 META ACCESS MANAGEMENT SYSTEM VO-SP Manager VO-SP Mngr Data store ForumWiki 1.Create SP description Name, description, URL 2.Add service levels (ARP) 3.Add SP-Roles for authZ 4.Default provisioning Based on VO-Role 5.Publish SP SP Wizard Add SP SP name SP description Contact name Contact email ACS URL Step 1: Create SP description

13 138/05/2015 META ACCESS MANAGEMENT SYSTEM RBAC within IAM Suite New member is invited to join (by email) New member is invited to join (by email) VO-Role is set VO-Role is set Provisioning Provisioning Automatic: based on VO-Role Automatic: based on VO-Role Automatic: based on VO-Group membership Automatic: based on VO-Group membership Manually: added to VO-SP-Role Manually: added to VO-SP-Role

14 148/05/2015 META ACCESS MANAGEMENT SYSTEM Example of RBAC VO-SP AzMan Data store ForumWiki GS-Role:Guest GS-Role:Member John Doe@MQ Alice@ANU GS-Role:Administrator Bob@Monash Readers Editors Managers Who are you looking for? Current selection:  Your buddy: Carol PeoplePicker portlet Within Federation Select your buddy Member/group/role   

15 158/05/2015 META ACCESS MANAGEMENT SYSTEM VOs Across Federations A use/business case for connecting federations? A use/business case for connecting federations? VO-WAYF can act as WAYF for IdPs VO-WAYF can act as WAYF for IdPs VO-bridge possibly scalable to connect federations VO-bridge possibly scalable to connect federations

16 168/05/2015 META ACCESS MANAGEMENT SYSTEM Final Summary VO: VO: Leverages primary IdP for authN & identity Leverages primary IdP for authN & identity VO-AA manages VO-specific (group, authZ) attributes VO-AA manages VO-specific (group, authZ) attributes VO-WAYF manages trusted IdPs VO-WAYF manages trusted IdPs Any Shibbolized Web App can be plugged in Any Shibbolized Web App can be plugged in JSR168 Portlets can be plugged into GridSphere JSR168 Portlets can be plugged into GridSphere Shibbolized MyProxy server creates proxy certificates for access to the Grid Shibbolized MyProxy server creates proxy certificates for access to the Grid A development challenge, not research A development challenge, not research Requires collaboration within the sector (!reinvent) Requires collaboration within the sector (!reinvent) Solutions should be open source (funding body’s role) Solutions should be open source (funding body’s role)

17 178/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s E-Learning Centre of Excellence (MELCOE) peterhs@melcoe.mq.edu.au

18 188/05/2015 META ACCESS MANAGEMENT SYSTEM The TVO Workspace Conceptual Model

19 198/05/2015 META ACCESS MANAGEMENT SYSTEM The Architecture of the Shibbolized TVO Prototype tvo-bridge-sp tvo-bridge-idp protected by VO Fed tvo-system-portal tvo-open-idp TVO WAYF and WAYF gateway Level-1 Fed Level-2 Fed Idp-ldap …... mq-idp …... redirected to manage open-idp ldap redirected to joins users accesses sp-for-twiki sp-for-fedora other-sps can join protected by

Download ppt "18/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s."

Similar presentations

Federated Identity for Grid Architects Tom Scavo NCSA

Federated Identity for Grid Architects Tom Scavo NCSA
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Microsoft Learning Gateway for HE Rob Miles – Hull University, Lecturer Romola Ganguli – Microsoft Education Technology Advisor.

Microsoft Learning Gateway for HE Rob Miles – Hull University, Lecturer Romola Ganguli – Microsoft Education Technology Advisor.
Introduction on Science Gateway Understanding access and functionalities Catania, 09/06/2014Riccardo Rotondo

Introduction on Science Gateway Understanding access and functionalities Catania, 09/06/2014Riccardo Rotondo
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.

Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Alex Reid, AARNet Australia Middleware Update; 16-Oct-06 Middleware in Australia - Update TF-ECM2 Malaga 16-Oct-06 Alex Reid Director, eResearch/Middleware.

Alex Reid, AARNet Australia Middleware Update; 16-Oct-06 Middleware in Australia - Update TF-ECM2 Malaga 16-Oct-06 Alex Reid Director, eResearch/Middleware.
16/3/2015 META ACCESS MANAGEMENT SYSTEM Implementing Authorised Access Dr. Erik Vullings MAMS Programme Manager

16/3/2015 META ACCESS MANAGEMENT SYSTEM Implementing Authorised Access Dr. Erik Vullings MAMS Programme Manager
EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.

EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Identity Management, PKI and Grids Jill Gemmill, PhD University of Alabama at Birmingham.

Identity Management, PKI and Grids Jill Gemmill, PhD University of Alabama at Birmingham.
The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.

The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo

Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo

Similar presentations

Ads by Google