Presentation is loading. Please wait.

Presentation is loading. Please wait.

Community Architecture Kevin Benson TL Dave Morris Brian McIlwrath Paul Harris.

Published byHoratio Dixon Modified over 8 years ago

Similar presentations

Presentation on theme: "Community Architecture Kevin Benson TL Dave Morris Brian McIlwrath Paul Harris."— Presentation transcript:

1

2 Community Architecture Kevin Benson TL Dave Morris Brian McIlwrath Paul Harris

3 Overview  Architecture  Uniqueness  Policy Service –Permission Check –Policy Management  Authentication Process –Token based

4 General Architecture Portal 1 - * Community DB SQL Compliant Policy Manager Administration Policy Service Authentication Identity Other commonents in the community Ex: myspace, JES, registry.

5 Unique Community  Community -> domain style recommended  Account -> user name@communityuser name@community  Group -> group name@communitygroup name@community  Resource -> community:resource name Community: MSSL.ucl.ac.uk Account: kmb@mssl.ucl.ac.ukkmb@mssl.ucl.ac.uk Group: Solar@mssl.ucl.ac.ukSolar@mssl.ucl.ac.uk Resource: mssl.ucl.ac.uk:registry

6 Policy Manager Services  Insert/Remove/View Account  Insert /Remove/View Community  Insert /Remove/View Permission  Insert /Remove/View Resources  Insert /Remove/View Groups  Insert /Remove/View Members  Change Password

7 Policy Service  Check Permission – Account/ Group/ Resource/ Action  Check Membership

8 Authentication Token  Authenticate Login ( account, password)  Create Token ( account token, target)  Authenticate Token ( account, token, target)

9 Policy Process Portal Credentials Internal KMB@mssl group Solar@mssl Permission: “Read” on “mssl:myspace” resource External 1 KMB@mssl group Solar@mssl Permission: “Read” on “Edinburg:DataCentre” External 3 KMB@mssl Astrophysics@leicester Permission: “Write” on “Jodrel:registry” External 2 KMB@mssl group Solar@leicester Permission: “Insert” on “leicester:myspace”

10 Policy Process Internal KMB@mssl group Solar@mssl Permission: “Read” on “mssl:myspace” resource External 1 KMB@mssl group Solar@mssl Permission: “Read” on “Edinburg:DataCentre” External 3 KMB@mssl Astrophysics@leicester Permission: “Write” on “Jodrel:registry” External 2 KMB@mssl group Solar@leicester Permission: “Insert” on “leicester:myspace”

11 Config file Flexibility is the key here, this config file can live anywhere on the system because we use JNDI (J2EE spec) to read the config file location from the web.xml. You may also use any webservice technology not just “Axis” or any app server not just “tomcat” by supplying the necessary config parameters. Community.name – specify your community name. Community.host – the actual domain name of your community (may be empty) Policy.manager.url – admin/manager service url (may be empty) Policy.service.url – service url (may be empty) Authentication.url – authentication webservice (may be empty) Community.security – “on”/”off” do we have https/ssl for the community server. Community.secure.port – “8443”; https secure port for the community server. Portal.security – “on”/”off” – do we have https for the portal. Portal.secure.port – “8443”, https secure port for the portal. Astrogrid.admin – Administrators name Astrogrid.adminEmail – Administrators e-mail *Database.name – name of the database *Database.config – config file location for the database. *Database.mapping – config file location for JDO mapping with Castor. *myspace.service.url – url of the myspace webservice *Only used for community server side.

12 Few other details.  Deployment is done by a small release kit that is created through an “ant” task. This kit will build the necessary jar files and descriptors for placing on your community server. Other “ant” tasks have been created to actually install and deploy the community server. But some admins do not wish to do this, they may wish to build it on another system and deploy it. A Readme.txt file is being provided for this.  Security – As you can see from the config file you can turn “off” security, but by all means the default is “on” This configuration can be set for the portal side and/or the community server side. When they are “on” the portal will redirect to an “https” secure connection for anything dealing with passwords which cover “login”, “Insert Account”, and “Change Password”. On the community side if it is turned on it will send a secure web service call through the “https” url.  The only other external web service calls is for “Insert Account” and “Remove Account” where we must notify the myspace server of any account changes.

Download ppt "Community Architecture Kevin Benson TL Dave Morris Brian McIlwrath Paul Harris."

Similar presentations

Eric J. Oszakiewski MCTS: SharePoint Application Development SharePoint Configuration.

Eric J. Oszakiewski MCTS: SharePoint Application Development SharePoint Configuration.
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
WaveMaker Visual AJAX Studio 4.0 Training

WaveMaker Visual AJAX Studio 4.0 Training
Login dan Permission dfd, 2012. Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.

Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
® IBM Software Group © 2006 IBM Corporation Securing Your Application With WebSphere Security You will need to develop Login procedures for your web applications.

® IBM Software Group © 2006 IBM Corporation Securing Your Application With WebSphere Security You will need to develop Login procedures for your web applications.
My First Building Block Presented By Tracy Engwirda 28 September, 2005.

My First Building Block Presented By Tracy Engwirda 28 September, 2005.
ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.

ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.
Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.

Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.
NETOP ONDEMAND What’s new in version 2.1? DECEMBER 09 NETOP ONDEMAND1.

NETOP ONDEMAND What’s new in version 2.1? DECEMBER 09 NETOP ONDEMAND1.
TWSd Configuring Tivoli Workload Scheduler Security 1of3

TWSd Configuring Tivoli Workload Scheduler Security 1of3
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.

1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

Similar presentations

Ads by Google