Fernando M Silva The role of authentication and eID interoperability in the access to scientific databases Fernando M. Silva Instituto Superior Técnico.

Slides:



Advertisements
Similar presentations
ICT research priorities and recommendations for strategy development in the WBC Ulrike Kunze / PT-DLR, Germany Consultation session on recommendations.
Advertisements

Lousy Introduction into SWITCHaai
Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.
e-TrustEx e-PRIOR CIPA e-Delivery
How eID and eSignatures work in a cross-border setting Wendy Carrara SPOCS Deputy Programme Director eID workshop Reaping the benefits of eID in different.
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
School of Health Science AND Human Services Health Science Cluster Biotechnology Research and Development Diagnostic Services CAS — Public Health and Advanced.
The European Activities of BR Communication e-CODEX e-Justice Communication via Online Data Exchange Bucharest, June 14 th 2013.
Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION STORK eGov Symposium Bern 09.Nov.2010 Dipl.-Ing. (FH) Klaus J. John.
ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Stork is an EU co-funded project INFSO-ICT-PSP Secure Identity Across Borders Linked Secure Electronic Identity Across Europe! STORK – 4 TH I NDUSTRY.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Password?. Project CLASP: Common Login and Access rights across Services Plan
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)
E-SENS Electronic Simple European Networked Services Moving services forward Dr. Cagatay KARABAT National Coordinator of e-SENS.
Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION STORK Presentation Lithuania March 2010.
Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
7. Careers in Engineering
(From Radius Hierarchy to AAI) Miroslav Milinović University Computing Centre - Srce EuroCAMP Ljubljana, March 2006.
Authentication and Authorization in a federated environment Jules Wolfrat (SARA)
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
LEGO Mindstorms. Engineering What is Engineering? The profession of acquiring and applying technical, scientific, and mathematical knowledge to design.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.
Kerberos and Identity Federations Daniel Kouřil, Luděk Matyska, Michal Procházka, Tomáš Kubina AFS & Kerberos Best Practices Worshop 2008.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
Semantic based P2P System for local e-Government Fernando Ortiz-Rodriguez 1, Raúl Palma de León 2 and Boris Villazón-Terrazas 2 1 1Universidad Tamaulipeca.
Introduction to Engineering
Stork is an EU co-funded project INFSO-ICT-PSP Students Mobility: STORK Project Deployment Paúl Santapau Nebot Vicente Andreu Navarro.
Scenario w/ WS-Federation to SAML 2.0 interop challenge for Danish public sector The following slides illustrates in a basic manner the technical/security.
Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.
February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.
Web Services Security Patterns Alex Mackman CM Group Ltd
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Programme ›TERENA ›Overview of the middleware initiatives in the European Higher Education ›What is eduroam: the technology and how to set up eduroam ›eduroam-in-a-box:
Strategy and experience of Spain in interoperability for eGovernment.
19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.
University of Murcia Gabriel López.  Network authentication in eduroam and SSO token distribution ◦ RADIUS hierarchy ◦ Token based on SAML  Network.
WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.
Tutorial on Science Gateways, Roma, Riccardo Rotondo Introduction on Science Gateway Understanding access and functionalities.
Engineering. What is Engineering & What do Engineers Do? Engineering involves developing innovative solutions to benefit humanity Engineering is essential.
INSTITUTO SUPERIOR TÉCNICO Universidade Técnica de Lisboa 1 “The EUREC M.Sc. In Renewable Energy” “The Specialisation Modulus in Ocean Energy” INSTITUTO.
Networks ∙ Services ∙ People Andrea Biancini #TNC15, Porto, Portugal Implementing Grouper to federate user authorization Federated Authorization.
Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION Frank LEYMAN Manager International Relations 04/06/2009.
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
The Umbrella Project Authentication The minimum user information possible is stored centrally to avoid Data Protection issues. The Authentication is done.
Web and mobile access to digital repositories Mario Torrisi National Institute of Nuclear Physics – Division of
Secure Single Sign-On Across Security Domains
562: Power of Single Sign-On in OpenEdge
Cross-sector and user-centric AAI
LIGO Identity and Access Management
Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
AAI for a Collaborative Data Infrastructure
Extending Authentication to Members of Social Networks
Data and Applications Security Developments and Directions
European AFS & Kerberos Conference 2010
Similarities between Grid-enabled Medical and Engineering Applications
Building a National Access Management Infrastructure
NAAS 2.0 Features and Enhancements
Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.
Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS.
Presentation transcript:

Fernando M Silva The role of authentication and eID interoperability in the access to scientific databases Fernando M. Silva Instituto Superior Técnico Lisboa, Portugal November 2013, UP

euroCRIS, November 2013, Porto Outline About Técnico Lisboa Access to scientific resources Authentication and eID eID interoperability –ID Federations –National eID –European developments on eID interoperability –Academic and research eID interoperability Authentication infrastructure at Técnico Lisboa Future trends and challenges Fernando M Silva2

About Técnico Lisboa

euroCRIS, November 2013, Porto Facts & Figures Fernando M Silva4

euroCRIS, November 2013, Porto Fernando M Silva5 Research & education areas

euroCRIS, November 2013, Porto Graduate programmes Fernando M Silva6  Aerospace Engineering  Architecture  Biological Engineering  Biomedical Engineering  Biomedical Technologies  Chemical Engineering  Civil Engineering  Electrical and Computer Engineering  Engineering and Water Management  Environmental Engineering  Mechanical Engineering  Petroleum Engineering  Technological Physics Engineering Bioengineering and Nanosystems Biotechnology Chemistry Complex Transport Infrastructure Systems (w/ MIT) Computer Science and Engineering Construction and Rehabilitation Information Systems and Computer Engineering Materials Engineering Mathematics and Applications Mining and Geological Engineering Naval Architecture and Marine Engineering Pharmaceutical Engineering Structural Engineering Territorial Engineering Transport Infrastructure Engineering Transport Planning and Operation Urban Studies and Territorial Management Communication Networks Engineering Electronics Engineering Engineering and Industrial Management Information Systems and Computer Engineering

euroCRIS, November 2013, Porto Fernando M Silva  Leaders for the Technical Industries  Materials Engineering  Mathematics  Mechanical Engineering  Naval Architecture and Marine Engineering  Physics  Refining, Petrochemical and Chemical Engineering  River Restoration and Management  Statistics and Stochastic Processes  Sustainable Energy Systems  Technological Change and Entrepreneurship  Technological Physics Engineering  Territorial Engineering  Transportation  Aerospace Engineering  Architecture  Bioengineering  Biomedical Engineering  Biotechnology  Chemical Engineering  Chemistry  Civil Engineering  Climate Changes and Sustainable Development Policy  Computational Engineering  Computer Science and Engineering  Electrical and Computer Engineering  Engineering and Management  Engineering and Public Policy  Environmental Engineering  Geo-Resources  Information Security  Information Systems and Computer Engineering Graduate PhD Lifelong Doctoral programmes

euroCRIS, November 2013, Porto Open data is a standard approach for delivering and publishing scientific data –Open data + –Open source + –Open access Access to scientific resources Fernando M Silva8 Open knowledge

euroCRIS, November 2013, Porto Authenticated access User authentication is still required in the access to scientific resources in many real case scenarios –Legal constraints –Authorization constraints –Access auditing and monitoring –Other practical or functional reasons Mandatory registration … Fernando M Silva9

euroCRIS, November 2013, Porto When registration / authentication is required Internal/institutional users –Internal users may usually provide a fairly strong authentication by providing local access credentials External users –In many real cases scenarios, a simple user registration is required in order to increase the confidence and user id reliability on data access –User registration is often performed adopting a simple authentication –Of course, authentication provides a quite “weak” user authentication for auditing and legal purposes. Fernando M Silva10

euroCRIS, November 2013, Porto Federated identity management Solution for providing user authentication and access across organizations Common practice in academic and scientific organizations –Infrastructures mostly built around SAML and associated technologies Further to provide cross organization authentication, identity federation are an excellent solution for providing authenticated services to userless organizations –NREN services –Portugal: RCTSaai identity federation Fernando M Silva11

euroCRIS, November 2013, Porto Research and education ID federations Fernando M Silva12 Source: refeds.org

euroCRIS, November 2013, Porto Research and education ID federations in Europe Fernando M Silva13 Source: refeds.org

euroCRIS, November 2013, Porto Shibboleth authentication and authorization model Fernando M Silva14

euroCRIS, November 2013, Porto eID authentication: going national In the last few years, many countries started the integration of eID in national identity ID cards –National eID systems may be a convenient source of user authentication and authorization in several scenarios Reliable underlying user authentication process Strong authentication through physical security tokens Support of broader authentication scenarios –Conventional eID federations (e. g., academic) are domain specific Fernando M Silva15

euroCRIS, November 2013, Porto National eID interoperability Fernando M Silva16 eID interoperability is a major pre-condition for the delivery of cross borders e-services The EU has been promoting eID interoperability in several LSP projects addressing authentication and cross border services

euroCRIS, November 2013, Porto EU LSPs for promoting cross border services Fernando M Silva17 Cross-Border procedures e-health e-justice e-procurement eID Authentication, mandates & representation

euroCRIS, November 2013, Porto Generic view of coupling of eID and LSPs Fernando M Silva18

euroCRIS, November 2013, Porto Fernando M Silva19 Academic and research area in last LSP... is missing Identity, Security and Trust e-Delivery and e-Interaction Semantics, Processes and Documents Academic & Research/ CERIF should be here...

euroCRIS, November 2013, Porto Stork 2.0 authentication model Fernando M Silva20 eID integration and interoperability Implementation of a proxy service (PEPS) in each member state Optional support of a V- IdP for distributed solutions Stork project

euroCRIS, November 2013, Porto Authentication model at Técnico Lisboa Fernando M Silva21 Single IdP infrastructure for all ICT services: Academic information services Mail VoIP ERP systems Procurement services WiFi (eduroam) access CPU resources Storage resources Web services Desktop access …

euroCRIS, November 2013, Porto eID building blocks Fernando M Silva22 Local authentication infrastructure LDAP (OpenLDAP) Authentication backend: Kerberos RADIUS (FreeRadius) Single Sign-On (SSO) support Central Authentication Service (Yale University) ID federation support Shibollet, OpenSAML - National Academic federation RCTSaai, FCCN RADIUS – Eduroam access (FCCN / TERENA) National eID suport (cartão de cidadão) Support of eID interoperability platform STORK, Stork 2.0 eSENS

euroCRIS, November 2013, Porto SSO login Fernando M Silva23

euroCRIS, November 2013, Porto SSO: CAS model Fernando M Silva24 LDAPKerberos Authentication server Web Browser Service Ticket 5 6 Ticket validation

euroCRIS, November 2013, Porto Client implementation: authentication request Fernando M Silva25 Case 1: PHP code <?php include_once('CAS/CAS.php'); phpCAS::client(CAS_VERSION_2_0,'id.ist.utl.pt',443,'/cas'); phpCAS::forceAuthentication(); // Force authentication: browser redirected to IdP IF not authenticated // If the code reaches this step, the user has already been authenticated bythe CAS server $user = phpCas::getUser(); // [Specific server processing] phpCAS::logout(); // Logout ?> Case 2: mod_auth_cas installed on apache server Fill the.htaccess in selected directories AuthType CAS AuthName "IST Network Services" require user

euroCRIS, November 2013, Porto Conclusions Authenticated access to scientific resources by external users can be easily provided by eID federations –Complexity is often hidden to the client process; –National eID systems offer a general purpose powerful authentication infrastructure –European eID authentication is already made possible by existing tools and infrastructures. Extension of cross border services in European LSPs must be extended to research & academic domains. –Active promotion required… Fernando M Silva26

euroCRIS, November 2013, Porto Thank you for your attention Fernando M Silva27

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.