Presentation is loading. Please wait.

Presentation is loading. Please wait.

Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.

Published byEunice Williams Modified over 8 years ago

Similar presentations

Presentation on theme: "Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications."— Presentation transcript:

1 Collaborative Platforms

2 kjk@internet2.edu Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications and user communities Virtual organizations represent critical communities of researchers sharing domain resources and applications as well as general collaboration tools. Providing a unified identity management platform for collaboration is essential in a multi-domain, multi-tool world. Lots of activities in domesticating applications to work in a federated world, moving from tool-based identity to collaboration-centric identity.

3 kjk@internet2.edu Collaboration Platform Integrated set of collaboration apps (wikis, listprocs, CVS, file share, calendaring, etc) Integration of at least identity and access control via group memberships Integration of content and meta-data is harder Repackages successful approaches for a collaborative/project/VO setting Federated identity, group management, directories, and security token services (aka credential convertors)

4 kjk@internet2.edu Examples of Collaborative Platforms COmanage http://middleware.internet2.edu/co/ http://www.surfnet.nl/Documents/indi-2009-07- 020%20(Report%20Collaboration%20Infrastructure).pd f Commercial offerings – Sharepoint, Adobe Connect, Google Sites, Google Wave, Google Apps Repurposed LMS –Sakai, Croquet

5 kjk@internet2.edu Collaboration Infrastructure (COIN) Dutch National Collaboration Infrastructure Domesticated tools -Adobe Connect; Alfresco; Foodle; Filesender; Confluence; WSO2 mashup server; OpenFire; Drupal; KnowledgeTree, Sympa and Limesurvey Domesticated services -Google Apps; MyExperiment.org; Twitter; PubMed Integration across VO, institution and third-party domains Workflow Grid integration

6 kjk@internet2.edu Domestication of applications The work of re-factoring applications to use the emergent identity services infrastructure Begins with federated identity and authentication, use of directories; gains a lot from group management for access control, etc Needs a fine grain set of authorization tools down the road Domesticated apps can receive IdM attributes via LDAP, SAML, X.509, SQL, Kerberos PAC, and maybe all of the above

7 kjk@internet2.edu Typical activities in collaboration management Add or remove people from groups Create new subgroups, identify overlapping memberships, etc. Permit or deny access control to wiki pages, calendars, computing resources, version control systems, etc Add people to mailing lists, wikis, etc Create and delete/archive users, accounts, keys Identify group membership on a given date

8 kjk@internet2.edu COManage Elements Dashboard Shib SP GrouperSTS Shib IdP LdapPC Including provisioning Applications Data Store

9 kjk@internet2.edu What’s in a COmanage data store Enterprise AttributesProject/VO attributes Federated IdPI groups Enrolled classesWiki editing permissions Display nameInstrument permissions CitizenshipVO certificates Enterprise affiliation…

10 kjk@internet2.edu Grouper A general purpose, extensible, open-source group management tool In production at many institutions in the US and overseas Core national infrastructure service in several countries Manages groups of things – people, devices, processes Has GUI, people picker, group math, inheritance, delegation, provisioning and deprovisioning, etc. Stores values in LDAP directory Aimed at spectrum from power user to collabmin, sysadmin and enterprise IdM.

11 kjk@internet2.edu Security Token Service Converts the form of an existing credential or packs a set of attributes into a new credential Presents external security information to an application or service in the lingua of the app/service Conversions – SAML into X.509, SAML into Kerberos, SAML to LDAP, etc. Mythical in a single comprehensive package; legion in individual instances

12 kjk@internet2.edu What forms does COmanage take? Usually as an assembled set of services A dashboard, directory product, Shibboleth IdP and SP, Grouper, and a set of applications provisioned on other servers On an enterprise level to serve its collaborations and VO’s, within a large VO, or at a federation level to serve a national community Can also be a VM, a VM in the cloud, or a service with the applications in the cloud. Can be embedded in a science portal or gateway

13 kjk@internet2.edu Some key issues Extent of application domestication Waiting for other technologies to happen – interfederation, discovery, metadata tagging, etc. GUI approach Domain application/science portal integration

14 kjk@internet2.edu Roles, schema and attributes Research communities have their own cultures, vocabularies, needs Building community-wide consistency on roles, privileges, groups provides tremendous leverage for collaborations Keeping it simple is critical and difficult

15 kjk@internet2.edu Needs of Big Science Researchers Access to collaboration tools Basic group management and access control Command line tools Integration of web and command line IdM and access control No modifications to existing domain science apps International capabilities Multiple levels of assurance Roles, attributes, metadata and ontologies

16 kjk@internet2.edu Flows of attributes - 1 Enterprise Data Store Project comanage RelyingParty Enterprise

17 kjk@internet2.edu Flows of attributes – 2 – PDP extra pass Enterprise Data Store Project comanage RelyingParty Enterprise

18 kjk@internet2.edu Flows of attributes – 3 – IdP to RP Enterprise Data Store Project comanage RelyingParty Enterprise

Download ppt "Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications."

Similar presentations

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…

From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.

Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.

Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.

A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Enterprise SharePoint Service (ESPS) 17 August 2011 A Combat Support Agency Defense Information Systems Agency.

Enterprise SharePoint Service (ESPS) 17 August 2011 A Combat Support Agency Defense Information Systems Agency.
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
Federated A(A(A))I Jens Jensen hepsysman, RAL, 20110701.

Federated A(A(A))I Jens Jensen hepsysman, RAL,
Claims Based Authentication

Claims Based Authentication
Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.

Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
Updates on Internet Identity. Topics Consumer marketplace update The big consumer players – OIX - and the other big consumer players.

Updates on Internet Identity. Topics Consumer marketplace update The big consumer players – OIX - and the other big consumer players.
BfB: Supporting Collaboration with Infrastructure.

BfB: Supporting Collaboration with Infrastructure.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
11-July-2011, SURFnet Heather Flanagan, COmanage Project Coordinator Benn Oshrin, COmanage Developer Scott Koranda, U. Wisconsin – Milwaukee and LIGO.

11-July-2011, SURFnet Heather Flanagan, COmanage Project Coordinator Benn Oshrin, COmanage Developer Scott Koranda, U. Wisconsin – Milwaukee and LIGO.

Similar presentations

Ads by Google