FEUDAL Uros Stevanovic Federated User Credential Deployment Portal SA1

Slides:

Advertisements

Similar presentations

RASPro is a secure high performance remote application delivery platform through a perfect combination of application hosting and application streaming.

Advertisements

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

VCT May 20, 2009 Sapna Blesson Advisor: Dr.Christopher Pollett.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

.NET Mobile Application Development Introduction to Mobile and Distributed Applications.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Module 12: Designing an AD LDS Implementation. AD LDS Usage AD LDS is most commonly used as a solution to the following requirements: Providing an LDAP-based.

Riccardo Bruno INFN.CT Sevilla, Sep 2007 The GENIUS Grid portal.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education

Module 8 Configuring and Securing SharePoint Services and Service Applications.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.

Exchange Exchange Server Role Architecture in Exchange Server 2013 Server roles in Exchange Server 2013: Client Access Server Mailbox Server Client.

Microsoft SharePoint Server 2010 for the Microsoft ASP.NET Developer Yaroslav Pentsarskyy

Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.

GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.

Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Unified Distributed (UDub Mail) Life Cycle Objectives Sachin Pradhan Gabriel Maganis.

WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.

Satisfy Your Technical Curiosity 27, 28 & 29 March 2007 International Convention Center (ICC) Ghent, Belgium.

Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.

Virtualization Technology and Microsoft Virtual PC 2007 YOU ARE WELCOME By : Osama Tamimi.

Using the ARCS Grid and Compute Cloud Jim McGovern.

Spring RabbitMQ Martin Toshev.

Security Solutions Rachana Ananthakrishnan University of Chicago.

1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

Globus and ESGF Rachana Ananthakrishnan University of Chicago

Identities and Azure AD Premium

Interaction classes Record context Custom lookups.

WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.

Building web applications with the Windows Azure Platform Ido Flatow | Senior Architect | Sela | This session.

Citrix ShareFile. Instant file access from any device Sharing and collaboration—with anyone Easy & Familiar (love Dropbox) USERS DEMAND Security Control.

Antonio Fuentes RedIRIS Barcelona, 15 Abril 2008 The GENIUS Grid portal.

Fault – Tolerant Distributed Multimedia Streaming Web Application By Nirvan Sagar – Srishti Ganjoo – Syed Shahbaaz Safir

Web and mobile access to digital repositories Mario Torrisi National Institute of Nuclear Physics – Division of

Barracuda SSL VPN 2012.

CudaLaunch for Barracuda NG Firewall.

ENOG13 Saint Petersburg Diego Luis Neto SW NL-ix.

eduroam Managed IdP - Roadmap

EGI Updates Check-in Matthew Viljoen – EGI Foundation

Federation made simple

Module Overview Installing and Configuring a Network Policy Server

Identity Federations - Overview

CheckIn: the AAI platform for EGI

Check-in Nicolas Liampotis

Study course: “Computing clusters, grids and clouds” Andrey Y. Shevel

Secure communication among services

SharePoint Cloud hosted Apps

An Innovative Distributive Training and Information Platform

Dynamic DNS support for EGI Federated cloud

Solutions for federated services management EGI

CDISC SHARE API v1.0 CAC Update 22 February 2018

Proposal to Create IAM Working Group

File Transfer Issues with TCP Acceleration with FileCatalyst

SharePoint Online Hybrid – Configure Outbound Search

Community AAI with Check-In

STATEL an easy way to transfer data

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

LifeWatch AARC Pilot Fernando Aguilar 13th FIM4R Workshop

Presentation transcript:

FEUDAL Uros Stevanovic Federated User Credential Deployment Portal SA1 Karlsruhe Institute of Technology AARC AHM, Milan, Italy 19-22.11.2018

In the beginning….

“Science”

“Cloud”

Remote resources

Remote access “AARC BPA”

Remote access “AARC BPA” #MAAGA

Remote access

Remote access Accounts (Credentials)

“User deployment” User “creation”  Account provisioning Creating/assigning a user account on the Service side E.g. name, group, home folder Deploying a credential for a user SSH Password Tokens

TTS service (existing solutions) “User deployment” User “creation”  Account provisioning Creating/assigning a user account on the Service side E.g. name, group, home folder Deploying a credential for a user SSH Password Tokens TTS service (existing solutions)

“User deployment” User “creation”  Account provisioning Creating/assigning a user account on the Service side E.g. name, group, home folder Deploying a credential for a user SSH Password Tokens

Federated User Credential Deployment Portal “User deployment” User “creation”  Account provisioning Creating/assigning a user account on the Service side E.g. name, group, home folder Deploying a credential for a user SSH Password Tokens Federated User Credential Deployment Portal FEUDAL

AARC BPA

AARC BPA FEUDAL

FEUDAL requirements Web Portal Deployment Services At the sites: Federated user authentication Credentials: SSH public keys Fault tolerant Fast response time Services Distributed Services can be hosted at multiple sites Sites can host multiple services At the sites: Interface with all possible User Management Systems (within reason) Customisable by the local Administrator Easy integration Management of no incoming connections Secure

FEUDAL architecture Distributed: Central elements: Web portal FEUDAL clients Every site hosts one or more clients The clients execute the deployments Central elements: Web portal User interface FEUDAL backend + database Sends messages to the clients Stores user information and credentials

Architecture

Architecture Interface to SP-IdP-Proxy: OpenID Connect Backend: Django/Python Inbuilt administration frontend Simplifies usage of Database Django REST Framework Clients: Go (others supported) Static linking Webpage: Angular/Typescript

Messaging JSON Backend → Client: Backend ← Client: Acknowledgement identifier action ∈ { “deploy”, “remove” } service SSH public key user info (from OpenID Connect) group memberships (from Unity) Backend ← Client: Acknowledgement

Messaging Publish Subscribe Quick transmission (close to network latency) Only outgoing connections at the clients Dedicated message broker: RabbitMQ Delegated authentication of clients Inbuilt message routing

DEMO

Summary FEUDAL provides: Account provisioning Deploying credentials Key features: Realtime deployment: Instant feedback for users Asynchronous deployment: Retransmission of information (if sites are offline) “Discovery” deployments: "new" sites/resources (in a “VO”) automatically receive info Full sites control integration: system admins provides “mechanisms/call-outs” for user management FEUDAL transmits “unmodified” user information

uros.stevanovic@kit.edu