Presentation is loading. Please wait.

Presentation is loading. Please wait.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006."— Presentation transcript:

1 2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006

2 2006 © SWITCH 2 e-IRG Helsinki Oct 4, 2006 Outline Introduction – SWITCH – AAIs and e-Science Case study SWITCHaai  As an example for the role of an NREN in e-Science Interoperability AAI - Grid The broader picture in Europe Summary

3 2006 © SWITCH 3 e-IRG Helsinki Oct 4, 2006 Foundation (non-profit organization) located in Zurich 70 employees Network SWITCH - Teleinformatikdienste für Lehre und Forschung Internet Identifiers Domain name registration.ch and.li Security CERT Middleware AAI Mobile PKI Grid NetServices Video conferencing Streaming collaboration tools

4 2006 © SWITCH 4 e-IRG Helsinki Oct 4, 2006 AAI in e-Science AAI solve the old problem of access control to resources There are various technologies in use - their usefulness depends on the underlying infrastructure 1.Crusader Castle 2.League of Nations 3.Federations

5 2006 © SWITCH 5 e-IRG Helsinki Oct 4, 2006 Crusader Castle Appropriate for few, non-mobile users

6 2006 © SWITCH 6 e-IRG Helsinki Oct 4, 2006 University A Library B University C Crusader Castle Student Admin Web Mail e-Learning Literature DB e-Learning Research DB Authorization User Administration Authentication Resource Credentials e-Journals  Tedious user registration at all resources  Unreliable and outdated user data at resources  Different login processes  Many different passwords  Many resources not protected due to difficulties  Often IP-based authorization  Costly implementation of inter-institutional access

7 2006 © SWITCH 7 e-IRG Helsinki Oct 4, 2006 University A University C League of Nations Student Admin Web Mail e-Learning Research DB Authorization User Administration Authentication Resource Credentials  User registration process with CA  User has one credential to present to resources  authN and authZ at resource  User has to manage credential  Standard use in grids (IGTF)  Delegation mechanism Standardized Credentials (International Conference on Passports 1920) Passport Issuer (CA) X.509 credentials

8 2006 © SWITCH 8 e-IRG Helsinki Oct 4, 2006 University A Library B University C Federated Identity Management Federated Identity Management Student Admin Web Mail e-Learning Literature DB e-Learning Research DB Authorization User Administration Authentication Resource Credentials e-Journals  No user registration and user data maintenance at resource needed  Single login process for the users  Many new resources available for the users  Enlarged user communities for resources  Efficient implementation of inter-institutional access Shibboleth open source internet2 SAML Web-based Single Sign-on authN at Identity Provider authZ at Service Provider based on user’s attributes as provided by IdP Privacy

9 2006 © SWITCH 9 e-IRG Helsinki Oct 4, 2006 Introduction Case Study SWITCHaai  As an example for the role of an NREN in e-Science Interoperability AAI - Grid The broader picture in Europe Summary

10 2006 © SWITCH 10 e-IRG Helsinki Oct 4, 2006 SWITCHaai Need for a national AAI infrastructure identified in 2001 Problems: – How to agree on one AAI implementation – How to introduce a national AAI in a highly fragmented higher education sector? – How to formally agree on a federation policy in a country with a very strong federalist tradition Today about 160’000 (75%) of the members of the Swiss higher education and research sector have SWITCHaai accounts. About 10’000 users access regularly about 100 resources. Examples of resources are e-learning, e-Journals, software distributions, v-conf and others

11 2006 © SWITCH 11 e-IRG Helsinki Oct 4, 2006 SWITCHaai Project Timeline Working groups and sub-projects between universities IT services, researchers and SWITCH Co-operative work to have all stakeholders involved Architecture Evaluation  Shibboleth 2001200220032004200520062007 Pilot OperationProduction OperationStudy Stakeholders involved

12 2006 © SWITCH 12 e-IRG Helsinki Oct 4, 2006 Federations Federation = a group of organizations that agree on a common set of rules and standard with the goal to cooperate in inter- organizational authentication, authorization and accounting

13 2006 © SWITCH 13 e-IRG Helsinki Oct 4, 2006 Funding 20002001200220032004200520062007200820092010 funding / costs Pilot PhaseProject Phase Operational Service funded by SWITCH & universities funded by federal grants funded by tariffs SWITCH has applied for federal grants in the name of the Swiss Universities Grants have to be used for AAI projects and with matching funds strategy

14 2006 © SWITCH 14 e-IRG Helsinki Oct 4, 2006 Introduction Case study SWITCHaai Interoperability AAI - Grid The broader picture in Europe Summary

15 2006 © SWITCH 15 e-IRG Helsinki Oct 4, 2006 Why Interoperability AAI - Grid ? For AAI Federations: Add grid resources to federation For Grids: Add huge user base (campus network) For Users: Simpler management of credentials Easy access to grids For e-Science: Unified user base Bring stakeholder together (NRENs - Grids)

16 2006 © SWITCH 16 e-IRG Helsinki Oct 4, 2006 SWITCH and EGEE-II SWITCH joined EGEE-II: Interoperability gLite - Shibboleth Focus is on – Interoperability (NO replacement for X.509) Key Concepts: – Home institution of the user should be the Identity Provider – Home institution provides some attributes – But VO is needed for (grid specific) attributes

17 2006 © SWITCH 17 e-IRG Helsinki Oct 4, 2006 Interoperability gLite - Shibboleth

18 2006 © SWITCH 18 e-IRG Helsinki Oct 4, 2006 Introduction Case study SWITCHaai Interoperability AAI - Grid The broader picture in Europe Summary

19 2006 © SWITCH 19 e-IRG Helsinki Oct 4, 2006 AAI’s in Europe There are many AAI efforts underway in Europe Normally they are tied to NRENs eduGAIN: – Within GEANT2 – Interoperability between AAIs  Architecture of Bridging Elements between Federations  Based on SAML  Bridging Element to Shibboleth is being developed by SWITCH

20 2006 © SWITCH 20 e-IRG Helsinki Oct 4, 2006 Interoperability Efforts Grid - AAIs Various interoperability efforts Grid - AAIs underway – UK, MAMS, GridShib – Prerequisite: rather well established AAI federation Approach varies (depending on requirements) : – Web-based Portals as Gateway to Grid – Command line – IGTF accreditation

21 2006 © SWITCH 21 e-IRG Helsinki Oct 4, 2006 Conclusions National AAI’s aim to interconnect campus networks – Single log-on experience for the user – Enable the user to access many resources AA mechanism of Grids is based on X.509 certificates Benefits of interoperability between these national AAIs and grid infrastructure(s) (on national and European scale) – User: simple access to many resources – e-Science: connect the largest audience possible SWITCH: – SWITCHaai: operate a Shibboleth-based AAI in production mode – gLiteShib: contribution to EGEE-II

Download ppt "2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Interoperability AAI and Grids Christoph.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability AAI and Grids Christoph.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.

Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.
2005 © SWITCH Authentication and Authorization Infrastructure Martin Sutter, Head of NetServices Thomas Lenggenhager, Deputy Project Manager AAI Christoph.

2005 © SWITCH Authentication and Authorization Infrastructure Martin Sutter, Head of NetServices Thomas Lenggenhager, Deputy Project Manager AAI Christoph.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.

Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.
5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.

5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.

2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.
The TERENA Academic CA Repository. eIRG Meeting. Dublin, 16/04/2004 Diego R. Lopez – TF-AACE  Task Force on Authentication and.

The TERENA Academic CA Repository. eIRG Meeting. Dublin, 16/04/2004 Diego R. Lopez – TF-AACE  Task Force on Authentication and.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.

Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.
2005 © SWITCH Deployment of a Shibboleth-based Infrastructure in Switzerland: SWITCHaai Martin Sutter, Head of NetServices, SWITCH (Ueli Kienholz & Thomas.

2005 © SWITCH Deployment of a Shibboleth-based Infrastructure in Switzerland: SWITCHaai Martin Sutter, Head of NetServices, SWITCH (Ueli Kienholz & Thomas.
Michal Procházka, Jan Oppolzer CESNET.

Michal Procházka, Jan Oppolzer CESNET.

Similar presentations

Ads by Google