Presentation is loading. Please wait.

Presentation is loading. Please wait.

VO and Internet2 Middleware. Presenter’s Name Topics Motivations for Internet2 Middleware work Federated identity and InCommon Other IdM Groups, privileges,

Published byLydia Goodman Modified over 8 years ago

Similar presentations

Presentation on theme: "VO and Internet2 Middleware. Presenter’s Name Topics Motivations for Internet2 Middleware work Federated identity and InCommon Other IdM Groups, privileges,"— Presentation transcript:

1 VO and Internet2 Middleware

2 Presenter’s Name Topics Motivations for Internet2 Middleware work Federated identity and InCommon Other IdM Groups, privileges, diagnostics COManage Next steps

3 Presenter’s Name Motivations for Internet2 Middleware Create consistent campus middleware infrastructure Extend local identity into a federated community Improve use of collaboration tools Better couple research with education Allow a class to invoke some VO privileges Integrate research and administrative processes Deploy as infrastructure, not just develop

4 Presenter’s Name Connecting SoAs, Integrating with Existing Infrastructure

5 Presenter’s Name Federated identity Shibboleth and SAML created the concept of federated identity Local authentication and attributes leveraged globally Privacy preserving; scalable security Shibboleth 1.3 widely deployed; Shib 2.0 in beta; Shib embedded in products from Verisign, Sun, Oracle, MS, etc. In the corporate world, all “federations” are bilateral; in the public sector almost all are multilateral

6 Presenter’s Name InCommon US R&E Federation, a 501(c)3 Addresses legal, LOA, shared attributes, business proposition, etc issues Members are universities, service providers, government agencies Over 70 organizations and growing steadily; 1.3 million user base now, crossing 2 million by the end of the year Uses range from popular and academic content access to wiki and list controls to access NIH applications to … Almost all use is transparent to users (its middleware) but that is about to change www.incommonfederation.org

7 Presenter’s Name International R&E federations Substantial deployments in many countries, including UK, Norway, Switzerland, US, Australia, France, Denmark, Finland, Spain, Germany, Netherlands, etc. Most are Shib based; some use other SAML products. Scope of membership usually higher ed, but some are broader, e.g. UK, Spain, Netherlands Use cases range from content access to collaboration support to learning management systems to wireless roaming to… Peering federations give a global R&E trust fabric

8 Presenter’s Name Managing authority: Signet and Grouper Tools to manage privileges and groups Taken together, they can provide tools for the “static” part of the authorization problem – management of roles and privileges assigned to individuals (and other things) Newly released 1.0+ versions of both, with a combined interface International development community beginning to happen… Analysts are discovering privilege management, much as they “discovered” federated identity. Giving no credit to higher education for seeing a different problem…

9 Presenter’s Name Relative Roles of Signet & Grouper Grouper Signet RBAC (role-based access control) model Users are placed into groups (aka “roles”) Privileges are assigned to groups Groups can be arranged into hierarchies to effectively bestow privileges Grouper manages, well, groups Signet manages privileges Separates responsibilities for groups & privileges

10 Presenter’s Name Grouper Architecture

11 Presenter’s Name Privilege Elements by Example By authority of the UPCI IRB grantor UPCI Researchers grantee (group/role) who have an approved UPCI IRB protocol prerequisite can access de-identified data and order tissue function from the network of caTIES participants scope for Study HD7687 resource up to 100 patients limit until January 1, 2006 as long as approved for material transfer… conditions Privilege Lifecycle

12 Presenter’s Name A Bloom of Collaboration Tools An over-abundance of new tools that provide rich and growing collaboration capabilities (aka Web 2.0) Do you Wiki, blog, moodle, sakai, IM, Chat, videoconference, audioconference, calendar, flikr, netmeeting, access grid, dimdim, listserv, webdav, etc Share files among workgroups, access Elsevier, work with the IEEE, etc No uber-app – limits invention and community of users 3 - 4 is fine, but many per user is hard to manage

13 Presenter’s Name Collaboration Tools and Identity Management Required for effective interactions Deeply enriches collaboration tools Fine-grain access control and wikis spaces.internet2.edu, “member of the community” processes Transparently shared file stores Collaboratively visible calendaring Embedded VO IM channels in campus portals

14 Presenter’s Name Collaboration Management Platforms Management of collaboration a real impediment to collaboration, particularly with the growing variety of tools Goal is to develop a “platform” for handling the identity management aspects of many different collaboration tools Platform includes a framework and model, specific running code that implements the model, and applications that take advantage of the model This space presents possibilities of improving the overall unified UI as well as UI for specific applications and components.

15 Presenter’s Name Comanage Leverages federated identity and the attribute ecosystem heavily Uses Grouper to manage groups and Signet to manage privileges, Eddy for diagnostics Built completely on open protocols, using open source components Open and proprietary applications can be plumbed to work with it

16 Presenter’s Name Comanageable applications Already done Sympa, Federated wikis, Asterisk (open- source IP audioconferencing), Dim-Dim (open-source web meeting), Bedeworks federated and public calendars Immediate targets Rich access controlled wikis Web-based file shares

17 Presenter’s Name CMP dimensions of growth In the applications that can be driven by it Collaboration and domain science prime areas Largely a function of the application’s respect for middleware In the areas being managed Diagnostics? Others? In the identities being managed In the coupling of autonomous and diverse instances Deployment instances may be at many layers of organization and shift as it matures Underlying stores may be db, directory, or other

18 Presenter’s Name NSF Grant Two previous multi-year awards lead to Shibboleth, Grouper, Signet, Eddy New SDCI grant (awarded 10/1/07) supports product improvements and develop collaboration management platforms Commits to working with two VO’s to evaluate the software (Note: budget cuts and domain science…)

19 Presenter’s Name Lots of COManage deployment options Platform at Stanford Deploy on LIGO servers Deploy on campus servers Instances can communicate with each other

20 Presenter’s Name Two types of application enablement “well-behaved” apps draw their entitlements, attributes and roles from a directory or db or… (something external) Other apps can have information from COManage pushed into them Static or dynamic provisioning Connectors could be X.509 certs, SAML assertions, etc.

21 Presenter’s Name First questions Is there work to do together? Do time frames work? Co-reality check Relationship to VOMS

22 Presenter’s Name Next steps

Download ppt "VO and Internet2 Middleware. Presenter’s Name Topics Motivations for Internet2 Middleware work Federated identity and InCommon Other IdM Groups, privileges,"

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.
The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.
From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…

From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…
Ken Klingenstein Director, Internet2 Middleware and Security Current stuff.

Ken Klingenstein Director, Internet2 Middleware and Security Current stuff.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.

Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.
Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,

Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.

Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.

A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Internet Scale Identity, Collaboration and Higher Education.

Internet Scale Identity, Collaboration and Higher Education.
Leading in a new IT environment: Old saws and new technologies.

Leading in a new IT environment: Old saws and new technologies.
Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.

Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
New CyberInfrastructure for Collaboration between Higher Ed and NIH.

New CyberInfrastructure for Collaboration between Higher Ed and NIH.
Signet and Grouper for Distributed Attribute Administration

Signet and Grouper for Distributed Attribute Administration
Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.

Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.

Similar presentations

Ads by Google