Presentation is loading. Please wait.

Presentation is loading. Please wait.

Running List of Comanage Framework Stuff. Parked issues Discussion of how to share the work of domesticating apps - real important to do soon, but the.

Published byClarence Watson Modified over 8 years ago

Similar presentations

Presentation on theme: "Running List of Comanage Framework Stuff. Parked issues Discussion of how to share the work of domesticating apps - real important to do soon, but the."— Presentation transcript:

1 Running List of Comanage Framework Stuff

2 Parked issues Discussion of how to share the work of domesticating apps - real important to do soon, but the next call PR - Niels has offered to do some videos of both the service and the framework - Surfnet has good expertise in this Cutover issues for existing VO's, and type of collabs to target for appliance, etc Domesticated Zimbra - a lot of us are interested in it and claim to have connections with the company How might the appliance and an RSS feed offer a "collaboration stream” Maintaining a base level appliance Setting a new time for the COmanage dev calls Assess the viability of the existing appliance code base

3 More parked issues VOMS comparison/integration Licensing issues Application check-in services Development use cases Flashbacks and echos

4 Positioning COmanage Comanage is not intended as an enterprise-class approach, though many enterprises and federations may well deploy large numbers of instances or a “refactored for industrial use” implementation Comanage is intended as a collaboration-class approach that works well and sustainably with enterprise, federated and interfederated infrastructure Collaboration-class means lightweight in scope of services commonly managed (just IdM), minimal application requirements, easy implementation options (for example as a collaboration support appliance offered in a cloud), lack of enterprise oriented features (such as a full ESB), etc. Works well and sustainably with enterprise, federated and interfederated infrastructure means that Comanage can easily and gracefully link Comanage and federated accounts, work with data feeds from enterprise services, be refactored to leverage different types of infrastructure, etc. A lightweight collaboration support approach that integrates with deeper infrastructure

5 Other issues “Domesticating” apps as a name will turn off a lot of apps developers. It was suggested “identity services enabling” (ise an app?) Is the proper technical phrasing “claims-aware”, “STS aware”, externalized or something else Results of Comanage BoF at Advanced CAMP – Bedeworks Has domestication taken flavors based on how attributes are delivered (e.g. LDAP, SAML,…)?

6 Four Types of “Users” Sysadmin – installs apps and comanage Collabmin – the primary collaboration flywheel; a “steveo” Power User – e.g. a PI who wants to be able to do some basic commands (add users to groups) themselves End-user – goes directly to apps or maybe a VO dashboard

7 STS services {K, SAML} in, GridShib cert out Pubcookie in, SAML out Authn in, dedicated user/pwd out SAML token in, webcookie out

8 Up first issues What do we mean by a framework? How many levels does it have? What is its role? What is its degree of specificity? What might some of the specifications be? What do we mean by domestication? How does it relate to the framework? What do we mean about separating out COmanage parts to support different deployments - such as enterprise or national level services. What needs to detach? What connections need to be in place among the detached pieces?

9 Framework -1 Several different but consistent perspectives, for different audiences – – CIO (block functionality flows) – Apps developer – (API’s, services, etc) – User (user workflows, for different types of users) – Others? Framework also has layers – Language and tech specs – Data and metadata specs (to follow later) – Others?

10 Block flow framework parts A local datastore STS (security token service, aka credential convertor) Provisioning/deprovisioning into local store service An account linking mechanism Group and privilege manager (represent as unified for now) Shib SP stub Local Shib IdP Invitation engine Plug and play service for apps that want it Attribute services (?) Policy engine System monitoring and diagnostics User dashboard that includes a user collaboration data feed service

11 Putting parts together Next slide is an old one of Tom’s that has some of the pieces there and shows the level of representation for this framework. A big action item is to create a first diagram for Comanage, perhaps for each perspective of the framework

12 Org IdP integrated domesticated authN/link attrs/authZ legacy provision confluence drupal sympa apache/IIS bedework SAKAI3 TeraGriduPortal webFiles Google Groups legacy OSG persona SP Local store local store user attrs user accounts groups & privs platform use provisioner policy engine monitoring diagnostics user invitation account linking service manager register provisioning user dashboard service status notifications access manager groups privilege s IdPSTSLDAPID services

13 Org IdP collabmi n SP Local store local store user attrs user accounts groups & privs platform use provisioner policy engine monitoring diagnostics user invitation account linking service manager register provisioning user dashboard service status notifications access manager groups privilege s IdPSTSLDAPID services confluence drupal sympa apache/IIS bedework SAKAI3 TeraGriduPortal webFiles Google Groups legacy OSG Collabmin adds a new CO to the platform 1 2 2 1.Create group, assign Admin to power user 2.Allocate service resources 1 2

14 Org IdP power user SP Local store local store user attrs user accounts groups & privs platform use provisioner policy engine monitoring diagnostics user invitation account linking service manager register provisioning user dashboard service status notifications access manager groups privilege s IdPSTSLDAPID services confluence drupal sympa apache/IIS bedework SAKAI3 TeraGriduPortal webFiles Google Groups legacy OSG Power user invites a collaborator and gives them privileges 1.Invite user 2.Add user to CO group 3.User receives invitation token, presents it to invitation service to register with the platform end user 1 2 3 1 2 3

15 Org IdP end user SP Local store local store user attrs user accounts groups & privs platform use provisioner policy engine monitoring diagnostics user invitation account linking service manager register provisioning user dashboard service status notifications access manager groups privilege s IdPSTSLDAPID services confluence drupal sympa apache/IIS bedework SAKAI3 TeraGriduPortal webFiles Google Groups legacy OSG End user accesses a service 1.User goes to service 2.Redirected to platform IdP, then back to user’s home 3.Platform attributes, groups, and privs added 1 2 2 2 3 3

16 Org IdP end user SP Local store local store user attrs user accounts groups & privs platform use provisioner policy engine monitoring diagnostics user invitation account linking service manager register provisioning user dashboard service status notifications access manager groups privilege s IdPSTSLDAPID services confluence drupal sympa apache/IIS bedework SAKAI3 TeraGriduPortal webFiles Google Groups legacy OSG End user accesses a service 1.User goes to service 2.Redirected to platform IdP, then back to user’s home 3.Platform attributes, groups, and privs added 1 2 2 2 3 3

17 App developer framework Two types – Stand-alone app – Apps written in an application development environment, e.g..NET or Spring or… Make clear that app data stays in app, not in comanage Presents a set of services – which ones

18 App developer framework Services provided are: – Authn – Authz (Y/N/?) – Attributes for app needs – Provisioning (?) – Some kind of monitoring Services explicitly not provided are:

19 How do apps get info Push into legacy apps Domesticated apps ask for it Domesticated apps need to speak LDAP or SAML or generic STS

20 Flows

21 Refactoring COmanage Right word for the concept? – Unbundling, debinding, distributing What are likely refactorings? What connections need to be in place among refactored pieces

22 Next Steps Who else to engage? When? Resched or rethink comanage-dev? Role of comanage-community?

Download ppt "Running List of Comanage Framework Stuff. Parked issues Discussion of how to share the work of domesticating apps - real important to do soon, but the."

Similar presentations

EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Towards Common Identity Services Tom Barton University of Chicago.

Towards Common Identity Services Tom Barton University of Chicago.
CACORE TOOLS FEATURES. caCORE SDK Features caCORE Workbench Plugin EA/ArgoUML Plug-in development Integrated support of semantic integration in the plugin.

CACORE TOOLS FEATURES. caCORE SDK Features caCORE Workbench Plugin EA/ArgoUML Plug-in development Integrated support of semantic integration in the plugin.
TF-EMC2 – Internet2 update Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at Boulder.

TF-EMC2 – Internet2 update Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at Boulder.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,

Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.

Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
28 October 2008CIS 340 # 1 Topics (continuing) To develop the concepts guiding SOA To define SOA components.

28 October 2008CIS 340 # 1 Topics (continuing) To develop the concepts guiding SOA To define SOA components.
© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,

© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Realising the Potential of Service Oriented Architecture Kris Horrocks Connected Systems Division Microsoft.

Realising the Potential of Service Oriented Architecture Kris Horrocks Connected Systems Division Microsoft.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Cloud Computing for the Enterprise November 18th, 2011. This work is licensed under a Creative Commons.

Cloud Computing for the Enterprise November 18th, This work is licensed under a Creative Commons.
AAF Middleware update February16 2012 Presented by Terry Smith Technical Manager and Heath Marks Manager.

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.

Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
BfB: Supporting Collaboration with Infrastructure.

BfB: Supporting Collaboration with Infrastructure.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

Similar presentations

Ads by Google