Beispielbild Community Single Sign-on 15 September 2009 Berlin, ISTC meeting Lutz Suhrbier ‏ Networked Information Systems.

Slides:



Advertisements
Similar presentations
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Advertisements

CLARIN AAI, Web Services Security Requirements
Beispielbild The EDIT Platform for Cybertaxonomy Anton Güntsch Freie Universität Berlin Botanic Garden and Botanical Museum Berlin-Dahlem.
EDIT General Meeting Carvoeiro, January 2008.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Implementing and Administering AD FS
©Centre for Development of Advanced Computing 1 State e-governance Service Delivery Gateway (SSDG)‏ A Messaging Middleware for.
Public Key Infrastructure Ben Sangster February 23, 2006.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
EDIT needs biodiversity information standards The BGBM Berlin-Dahlem EDIT Team.
Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.
Widely Distributed Access Management Tom Barton University of Chicago.
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
AAI with simpleSAMLphp
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
SWITCHaai Team Introduction to Shibboleth.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
The I-Trust Federation: Federating the University of Illinois Keith Wessel Identity Management Service Manager University of Illinois at Urbana-Champaign.
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.
TDWG EDIT Platform for Cybertaxonomy – An Overview Andreas Müller, Andreas Kohlbecker, Pepe Ciardelli, Julius Welby, Pere Roca, Niels Hoffmann, Patricia.
Shibboleth at the U of M Christopher A. Bongaarts code-people June 2, 2011.
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Kerberos and Identity Federations Daniel Kouřil, Luděk Matyska, Michal Procházka, Tomáš Kubina AFS & Kerberos Best Practices Worshop 2008.
Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.
Shibboleth: An Introduction
Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie.
Web-Protégé Jelena Vukovic, 53/07
Shibboleth at the U of M Christopher A. Bongaarts net-people March 10, 2011.
Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Connect. Communicate. Collaborate AAI scenario: How AutoBAHN system will use the eduGAIN federation for Authentication and Authorization Simon Muyal,
Authentication and Authorisation for Research and Collaboration Niels van Dijk AARC General Meeting Authentication and Authorisation.
SAML to LDAP bridging developments Marcus Hardt Marcus kit.eduSteinbuch Centre for Computing (SCC) Motivation Allow linux logins,
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
AAI needs of the Distributed Computing Infrastructures - CLARIN Dieter Van Uytvanck Max Planck Institute for Psycholinguistics
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
OIS Progress on Drupal pilot service ENTICE meeting, 30 th September 2010 Jarosław (Jarek) Polok IT-OIS Operating systems and Internet services.
Access Policy - Federation March 23, 2016
Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
Federation Systems, ADFS, & Shibboleth 2.0
INDUSTRY WORKSHOP STORK OVERVIEW 2nd Industry Group – 26 June, 2009
Extending Authentication to Members of Social Networks
HMA Identity Management Status
Identity Federations - Installation and operation
ESA Single Sign On (SSO) and Federated Identity Management
Community AAI with Check-In
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Microsoft Virtual Academy
Presentation transcript:

Beispielbild Community Single Sign-on 15 September 2009 Berlin, ISTC meeting Lutz Suhrbier ‏ Networked Information Systems ( ‏ Department of Computer Science, Freie Universität Berlin

2 15 September 2009, ISTC meeting, Berlin Why Community Single Sign-On ? EDIT Platform multitude of web-based taxonomic applications and services highly distributed, cross-national service infrastructure Problem of identity management admins must maintain individual user and access control lists users must remember several login/password combinations Need for a comfortable single sign-on (SSO) solution reflecting the specifics of biodiversity infrastructures

3 15 September 2009, ISTC meeting, Berlin Single Sign-On Infrastructure

4 15 September 2009, ISTC meeting, Berlin Animating the EDIT federation Starting point: Proof-of-concept platform local EDIT federation (1 IdP, 1 SP hosting ExpertsDB/DevTools) ‏ self-signed PKI issuing web server certificates for IdP and SP Current state: Initial platform components in productional use infrastructure upgraded to SAML V2.0 -> single logout (SLO) ‏ initial EDIT federation (1 IdP, 1 SP hosting DevTools) ‏ more than 50 users (EDIT Developers) ‏ Ready for production: Drupal based platform components CDM Dataportals (cichorieae, diptera, palmae) ‏ ExpertsDB, WP5Blog,...

5 15 September 2009, ISTC meeting, Berlin Next steps Evaluating interoperability of multiple IdP/SP setup scenarios Shibboleth (integrates standard identity management interfaces) ‏ OpenSSO (also provides simple identity management GUI) ‏ SimpleSAMLphp (PHP-based solution for hosted web spaces) Integration of Spring based components CATE, Taxonomic Editor,... Spring Security SAML module successfully checked out Opening the federation ATBI-Sites (Naturkundemuseum, Drupal, hosted web space) ‏ CATE (Kew, Spring) ‏... (you are welcome to join as IdP or SP) ‏

6 15 September 2009, ISTC meeting, Berlin The "Invalid Security Certificate Problem" Cause: server certificates issued by self-signed PKI unexperienced users may be scared off Current solution: install EDIT PKI certificates in web browser needs active user interaction user's guide provided in EDIT Developer Wiki

7 15 September 2009, ISTC meeting, Berlin Prospected PKI solution DFN-PKI is certified by Telekom RootCA pre-installed in most common web browsers no additional costs (e.g. Thawte ~ 250€ per year) ‏ EDIT(BGBM) may become DFN-PKI sub registration authority (RA) ‏ enables issuance of accepted server certificates, but requires declarations of consent from domain holder certified servers must be „under the control of BGBM“ dedicated person also responsible for server maintenance DFN-PKI suitable solution for EDIT components at BGBM (e.g. IdP) SPs must look for similar solution or ask their server admin or must accept the constraints of our self-signed EDIT PKI

8 15 September 2009, ISTC meeting, Berlin Thanks for your attention ! The End

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.