AAI Interconnection with an European style Diego R. Lopez RedIRIS.

Slides:



Advertisements
Similar presentations
Lousy Introduction into SWITCHaai
Advertisements

Page 1 Copyright © 2010 Data Access Technologies, Inc. Model Driven Solutions May 2009 Cory Casanave Architecture of Services SOA for E-Government Conference.
Key Multi-domain GÉANT Network Services June 2011.
Vehicle-infrastructure integration: creating co-operative mobility systems and services Hearing EU Parliament, 22 January 2009 Hermann Meyer, CEO.
Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public University of the Future 1 TF-Mobility future Klaas Wierenga
TAC - Poznan, 6 June 2005 Building trust with a European style Diego R. Lopez RedIRIS.
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.
The TERENA Academic CA Repository. eIRG Meeting. Dublin, 16/04/2004 Diego R. Lopez – TF-AACE  Task Force on Authentication and.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.
Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
Connect. Communicate. Collaborate Federation peering à la European The eduGAIN way Diego R. Lopez - RedIRIS.
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
GEANT Performance Monitoring Infrastructure – Joint Techs meeting July Nicolas Simar GEANT’s Performance Monitoring.
Connect. Communicate. Collaborate First steps in federation peering: eduGAIN and eduroam Diego R. Lopez - RedIRIS.
High-quality Internet for higher education and research do you like to puzzle, build an AAI ! xxx AA systems 2nd EuroCAMP - Porto November 8, 2005
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005
Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.
Towards Interconnecting the Nordic Identity Federations TNC2007 Walter M Tveter, UiO Mikael Linden, CSC/HAKA Ingrid Melve, Uninett/Feide.
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
19 May 2003, TERENA, Zagreb Civilizing eduPerson Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group Keith Hazelton,
Schac attributes and common vocabularies TF-EMC Mikael Linden CSC, the Finnish IT Center for Science.
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.
Connect. Communicate. Collaborate The MetaData Service Distributing trust in AAI confederations Manuela Stanica, DFN.
Connect. Communicate. Collaborate AAI scenario: How AutoBAHN system will use the eduGAIN federation for Authentication and Authorization Simon Muyal,
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.
Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.
Diego R. Lopez, RedIRIS JRES2005, Marseille On eduGAIN and the Coming GÉANT Middleware Infrastructure.
NRENs, Grids and Integrated AAI In Search For the Utopian Solution Christos Kanellopoulos AUTH/GRNET October 17 th, 2005 skanct at physics.auth.gr 2nd.
Diego R. Lopez, RedIRIS TF-EMC2, Umea SIR, FedSSH and more to come…
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Deploying Authorization Mechanisms for Federated Services in eduroam Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007.
Diego R. Lopez, RedIRIS TTC, Amsterdam Aims and Work Items for the Coming EMC2.
5th TF-EMC2 Meeeting. Zagreb How AA-RR Says “Hello, SAML” José Manuel Macías Diego R. Lopez.
Programme ›TERENA ›Overview of the middleware initiatives in the European Higher Education ›What is eduroam: the technology and how to set up eduroam ›eduroam-in-a-box:
DICE: Authorizing Dynamic Networks for VOs Jeff W. Boote Senior Network Software Engineer, Internet2 Cándido Rodríguez Montes RedIRIS TNC2009 Malaga, Spain.
Connect. Communicate. Collaborate GN2 Activities and the LOBSTER Project Nicolas Simar, DANTE TNC 2005, Poznan, June 2005.
Diego R. Lopez RedIRIS update Middleware activities at the South-western Border.
Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,
Welcome to 3 rd EuroCAMP Diego R. Lopez RedIRIS. Welcome to 3 rd EuroCAMP What Is All This About The third step in our Domination Conspiracy Supported.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting AARC and AARC2 Vienna, 1 st December.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Networks ∙ Services ∙ People Andrea Biancini #TNC15, Porto, Portugal Implementing Grouper to federate user authorization Federated Authorization.
Workshop on Security for Web Services. Amsterdam, April 2010 Applying SAML to Identity Data Exchange.
Connect. Communicate. Collaborate Applying eduGAIN to network operations The perfSONAR case Diego R. Lopez (RedIRIS) Maurizio Molina (DANTE)
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Access Policy - Federation March 23, 2016
Bob Jones EGEE Technical Director
Applying eduGAIN to network operations The perfSONAR case
First steps in federation peering: eduGAIN and eduroam
The GEMBus Architecture and Core Components
Federation peering à la European The eduGAIN way
Federation peering à la European The eduGAIN way
The DAMe’s First Steps: eduroam and NAS-SAML
Some data about the CBIC Federation
Multi-Domain User Applications Research (JRA3)
It Is All about Identity (Whatever the Sphere)
A(nother) view on federation issues
Presentation transcript:

AAI Interconnection with an European style Diego R. Lopez RedIRIS

The European way (Too) many states, languages, national priorities/laws/prides/… Different systems and/or profiles of existing systems In different degrees of maturity and deployment Look for agreements, even when not fully satisfactory Several initiatives to fill the gaps eduroam (already and successfully running!) GN2-JRA5 (defining the architecture of an AAI) TF-EMC2 (refining the AA-RR and initiating its schema effort, SCHAC) TERENA-EUNIS-EUA (a proposal to enable direct data exchange among European universities through the so-called ECTS) Import whatever is worth from the other side of the Atlantic Shibboleth as basic standard And always with a sense of style and history Your humble speaker and many colleagues

GÉANT2 AAI It is intended to be one of the basic services of the coming pan-European academic network Common to all services provided by and based on the network From network access, bandwidth management, etc. To application access (including Grids) Not a substitute of existing infrastructures Nation- or community-based A superstructure connecting them Based on (con-)federating the federations Allowing different kinds of trust meshes But able to build new federations where they do not exist And directly providing AuthN/AuthZ services access through specific interfaces

GÉANT2 AAI components A local AAI Instance at each federation/domain/realm Providing the interfaces to the federations or services in it Common Services Home Location Service (the WAYF) Others possible: certificate verification, common diagnostics,… Only available to the local AAI-I Connectors Centralized for a federation (the Local Federation Connector) Local Connectors for resources allowed to interact directly Service Access Points In charge of adapt AAI interfaces to the (isolated) services AA queries/responses Interfaces and operations WS and SAML based As Shibboleth-compatible as possible

An example diagram

Including Shib in the picture

TF-EMC2 and AA-RR Able to impersonate any of the following components Attribute sources (AS): Able to accept queries and respond with attribute information Attribute requesters (AR): Make requests to AS and process them, possibly using AE Authorization engines (AE): Responds queries from AR applying their internal rules Driven by profiles Entity and protocol aspects Attributes and values Protocol agnostic Applications GÉANT2 AAI Connectors Diagnostic tool Interoperability assessment

TF-EMC2 and SCHAC An extension to eduPerson Taking into account European idiosyncrasy Based on a collection of national extensions so far Finland, France, Norway, Poland, Spain, Sweden, Switzerland Common requirements have been quickly identified Personal (unique) identifiers Other personal attributes (citizenship, languages,…) Privacy definition and entitlements Go beyond eduPersonAffiliation Initial proposal submitted and being discussed The plan is to present version 1.0 at next TF-EMC2 meeting next June in Poznan

The ECTS-enabling proposal ECTS is the European Credit Transfer System To permit European students to complete their curricula at any university within the EU Also known as the “Bologna process” One of the main drives of SCHAC It has made schema harmonization key to IT practitioners in the European universities Close cooperation between TERENA/TF-EMC2 and EUNIS A proposal on schema harmonization to be submitted to the EC Also supported by the EUA (European University Association) and several national associations

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.