Extending Authentication to Members of Social Networks

Slides:



Advertisements
Similar presentations
Enabling Grids for E-sciencE A new framework to build Science Gateways based on EnginFrame and Liferay.
Advertisements

Lousy Introduction into SWITCHaai
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Federated access to e-Infrastructures worldwide
Introduction on Science Gateway Understanding access and functionalities Catania, 09/06/2014Riccardo Rotondo
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo
AAI with simpleSAMLphp
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Middleware Support for Virtual Organizations Internet 2 Fall 2006 Member Meeting Chicago, Illinois Stephen Langella Department of.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie.
Technical Break-out group What are the biggest issues form past projects – need for education about standards and technologies to get everyone on the same.
1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.
Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
How to integrate EGI portals with Identity Federations Roberto Barbera Univ. of Catania and INFN EGI Technical Forum – Prague,
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Transforming the Existing User Credentials.
Tutorial on Science Gateways, Roma, Riccardo Rotondo Introduction on Science Gateway Understanding access and functionalities.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Networks ∙ Services ∙ People Andrea Biancini #TNC15, Porto, Portugal Implementing Grouper to federate user authorization Federated Authorization.
A. Costa, P. Massimino, C. Vuerli, U. Becciani INAF CTA Gateway Prototype Based on gUSE/WS-PGRADE and Single-Sign-On (SSO)
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Web and mobile access to digital repositories Mario Torrisi National Institute of Nuclear Physics – Division of
The Catania Science Gateway Success Stories Mr. Riccardo Rotondo Consortium GARR, Rome, Italy
The Catania Science Gateway framework Mr. Riccardo Rotondo Consortium GARR, Rome, Italy
The FederID project The First Identity Management and Federation Free Software.
A Data Engine for Grid Science Gateways Enabling Easy Transfers and Data Sharing Dr. Marco Fargetta (1), Mr. Riccardo Rotondo (2,*), Prof. Roberto Barbera.
Access Policy - Federation March 23, 2016
User authentication on the e-Culture Science Gateway with Identity Federations and Identity Providers INDICATE Final Conference, Ankara,
Secure Single Sign-On Across Security Domains
Using Your Own Authentication System with ArcGIS Online
Federated Identity Management at Virginia Tech
LIGO Identity and Access Management
Analyn Policarpio Andrew Jazon Gupaal
Federation made simple
Identity Federations - Overview
Grid accounting system
Federated Identity Management for Researchers (FIM4R)
Riccardo Rotondo INFN Catania – Italy
Wrap-up and future activities Roberto Barbera (roberto.
Q&A about Science Gateways
Identity Federations - Installation and operation
Shibboleth Implementation in EZproxy
ESA Single Sign On (SSO) and Federated Identity Management
Elisa Ingrà – Consortium GARR
Mechanisms for Distributed Global Authentication David R Newman.
Community AAI with Check-In
Grid Engine Riccardo Rotondo
Grid Engine Diego Scardaci (INFN – Catania)
AAI in EGI Status and Evolution
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

Extending Authentication to Members of Social Networks The Grid Goes “Social” Extending Authentication to Members of Social Networks Dr. Marco Fargetta(1), Mr. Riccardo Rotondo(2,*), Prof. Roberto Barbera(3,4) (1) Consorzio COMETA, Catania, Italy (2) Consortium GARR, Rome, Italy (3) Department of Physics and Astronomy of the University of Catania, Italy (4) INFN – National Institute of Nuclear Physics, Division of Catania, Italy (*) riccardo.rotondo@garr.it.

Outline Identity Federation (IF) Why Social Federation Grid enabled IF Why Social Federation Social Grid Authentication Authorisation Conclusions & Outlook EGICF 2012, Munich

Identity Federation (IF) In the web technology arena many approaches are available to federate authentication A standard provided by OASIS defines the Security Assertion Markup Language (SAML) Several tools are available, e.g.: Shibboleth SimpleSAMLphp Organisations can rely on traditional tools to manage users: LDAP, CAS, plain text, etc. Free and Open Source EGICF 2012, Munich

Identity Federations in the world (https://refeds.org) EGICF 2012, Munich

Enabling Grid to Federations Grid services are starting to be integrated in community-dedicated web portals; Referred to as Science Gateways The distributed/cross-domain nature of Grid requires strong security mechanisms Users struggle to comply with complex security rules: Get & manage digital certificates, create proxy, update credentials and so on Some institutions want to maintain the control of their own users’ authentication EGICF 2012, Munich

Federated Grid User ? Science Gateway EGICF 2012, Munich

Identity provided federated { idp1, idp2, … idPN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } EGICF 2012, Munich

Federated Grid User Science Gateway EGICF 2012, Munich

Number of users in … EGICF 2012, Munich

Why Social Federation Federated identities are only a subset of potential users Users can work in non-federated institutions IDP can be not included in supported federations Mash-up Grid and social tools could be useful for many users and special applications Outreach of science organizations to broader communities “Citizen scientist” to government services Freely accessible repositories (e.g. of cultural heritage) where one wants to profile visitors E-collaboration using social facilities/tools in the same page user performs e-research Grid-based activities EGICF 2012, Munich

Social Grid Authentication Social services are grouped in a special IdP Included in our “catch-all” federation GrIDP Users have the same account even they access with different credentials, either social or federated Each account can register a list of user emails and these are used for identification EGICF 2012, Munich

Federated Grid User Science Gateway EGICF 2012, Munich

For more information watch the video The Social Networks’ Bridge Identity Provider (https://idpsocial.ct.infn.it) For more information watch the video www.youtube.com/watch?v=w6wfuGUwVVU EGICF 2012, Munich

Authorisation (1/2) Technically a social IDP has same security mechanisms of other IDP but user identity are not generally verified Social user requires a stronger control on the authorisation A preliminary identity control is requested Users from Social Networks can not automatically access resources An authorisation request is mandatory The authorisations process does not use SAML A central server maintains authorisation assertions An OpenLDAP server is used EGICF 2012, Munich

Authorisation (2/2) To be authorised, users have to provide verifiable information E.g., an e-mail address of an official organisation Name and e-mail available in institutional pages Users registered in a federation don’t need to specify an official mail. Users can own both federated and social credentials enabled for authorisation. Information is verified by the portal administrators who decide to accept/reject the request EGICF 2012, Munich

Conclusions Support of both federated and social users enables the access to Science Gateways to a very large audience AuthN/AuthZ complies with Grid strict control on users Outlook Other social services to be integrated E.g., Twitter, LinkedIn, etc. A test case for the SG integration within a social service is under development Provide a mechanism helping SPs to identify trusted users A trusted user is one who has been already verified. Users should be filtered from the IDP or the SP using additional SAML attributes EGICF 2012, Munich

Thank you for your kind attention EGICF 2012, Munich

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.