AAF Middleware update February16 2012 Presented by Terry Smith Technical Manager and Heath Marks Manager.

Slides:

Advertisements

Similar presentations

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Advertisements

Tom Lewis Director, Academic & Collaborative Applications University of Washington.

Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity.

Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Data Warehouse success depends on metadata

Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo

Accounts Payables Invoice Automation for SharePoint.

System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

SWITCHaai Team Federated Identity Management.

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Geoff Payne ARROW Project Manager 1 April Genesis Monash University information management perspective Desire to integrate initiatives such as electronic.

CGW 2003 Institute of Computer Science AGH Proposal of Adaptation of Legacy C/C++ Software to Grid Services Bartosz Baliś, Marian Bubak, Michał Węgiel,

I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.

Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.

Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

1 NCHELP Update Common Record for FFELP & Alternative Loans Meteor The High Performance Channel.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Mellon Year 1 Review Michael J. Halm Alex Valentine.

The I-Trust Federation: Federating the University of Illinois Keith Wessel Identity Management Service Manager University of Illinois at Urbana-Champaign.

Middleware Support for Virtual Organizations Internet 2 Fall 2006 Member Meeting Chicago, Illinois Stephen Langella Department of.

Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.

Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.

Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies cru.fr 7th.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

State of e-Authentication in Higher Education August 20, 2004.

E-Authentication in Higher Education April 23, 2007.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Services Information University Project Sentinel Middleware & Identity Management for the Health Sciences Chad La Joie Georgetown University.

1 Registry Services Overview J. Steven Hughes (Deputy Chair) Principal Computer Scientist NASA/JPL 17 December 2015.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

The UK Access Management Federation John Chapman Project Adviser – Becta.

TACTIC | Workflow: Project Management OSS on Microsoft Azure Helps Enterprises to Create Streamline, Manage, and Track Digital Content MICROSOFT AZURE.

Service Manager & Orchestrator = IT Automation Gavin Kemp & Ellis Paul Microsoft UK Gavin Kemp & Ellis Paul Microsoft UK.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

E-Authentication & Authorization Presentation to the EA2 Task Force March 6, 2007.

AUSTRALIAN ACCESS FEDERATION. Who we are Shared service for R&E Provide the trusted authentication framework for:  Universities  Education  Research.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

State of Georgia Release Management Training

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.

Nigel Cain Senior Program Manager Microsoft SCVMM, SCO and SCSM Integration IT Service Management for the Private Cloud Greg.

Why a Commercial Provider should Join the Academic Cloud Federation David Blundell Managing Director 100 Percent IT Ltd Simple, Flexible, Reliable.

Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,

Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.

Accurate  Consistent  Compliant Contact: i4i the structured content company the structured content company.

Tutorial on Science Gateways, Roma, Catania Science Gateway Framework Motivations, architecture, features Riccardo Rotondo.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI-InSPIRE PY5 new activities Peter Solagna – EGI.eu.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Services for Distributed e-Infrastructure Access Tiziana Ferrari on behalf.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

How Sage ERP X3 Systems Can Benefit Businesses.  Sage X3 is an affordable and flexible ERP solution designed to help mid-sized companies manage business.

Web SSO with Cloud Resources using AD Federation Services

LIGO Identity and Access Management

Shibboleth Roadmap

Use case: Federated Identity for Education (Feide)

eduTEAMS platform for collaboration Niels Van Dijk

Joseph JaJa, Mike Smorul, and Sangchul Song

Neil Witheridge’s slides

BrightSign Network Secure, scalable and affordable cloud-based digital sign network service.

ESA Single Sign On (SSO) and Federated Identity Management

Certificate Service Survey Summary

EUDAT Site and Service Registry

NCHELP Update Common Record for FFELP & Alternative Loans Meteor

Presentation transcript:

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager

Overview The AAF Federation Registry N ational Entitlements Service Other initiatives

Federation Registry Requirement Manages the federations metadata Support the AAF business model Introduces the Organisation 0..n IdPs and 0..n SPs Admins and Contacts Involved in workflow Builds on concepts from SWITCHaai Resource Registry an extensible, open source web application that provides a central point of registration, management and reporting for identity and service providers participating in a standards compliant SAML 2 identity federation.

Federation Registry Features Dashboard Access control Reporting / Compliance Workflow Integration Federated application Registration wizards Data validation Help bubbles Integrated with the AAF Support tool SAML 2

Federation Registry Behind the scenes 1 man year development effort 2 major code releases to date Groovy / Grails (Java) platform Extensible design Agile development Continuous integration testing and quality control Next release in Q2 2012

Federation Registry Utilization Reporting ARCS Data Fabric – January 2012 Utilisation Data recorded by AAF WAYFs and reported by the Federation Registry

Federation Registry Federation Integration engine The Federation Registry is the integration engine for AAF components, Identity providers and Service providers. It is central to the successful on-going operation of the Australian Access Federation.

Federation Registry AAF Wiki Try it, AAF Test Federation Registry Source code, Issues tracking More Information

N ational Entitlements Service Provides attributes that are beyond the scope of individual organisations to manage and maintain as part of Authn. – A central source for entitlements – Delegation and assignment of entitlements; – Self assignment of entitlements – A web portal – A technical interface. The Solution must be cost effective have delivery aligned to Super Science initiatives

N ational Entitlements Service Why NES In support of Australian Super Science initiatives such as – Research Data Storage Infrastructure (RDSI) – National eResearch Collaboration Tools and Resources (NeCTAR) Improved Authz User’s home institution can not easily provide information – Not authoritative – Do not want the additional overhead

N ational Entitlements Service The Feasibility Study – in peer review Define the problem Analyse existing open source and commercial offerings Review international federation (SAML) practices Identify options to move forward, What interest is there in making the study public?

N ational Entitlements Service The options Do nothing Purchase and integration of vendor or open source solution Development of a custom solution by a software development partner Development of a custom solution by the AAF

N ational Entitlements Service What it will look like... A nationally operated attribute authority with a group management component and user interface providing delegated access approvals work flows user registration Extension to the Federation Registry

N ational Entitlements Service Timeframes Deliver in 2012 aligning with Super Science initiatives Rolled out progressively, 3 or 4 releases Agile development, collaborating with users

Other initiatives A number of other initiatives are on the AAF drawing board Cloud IdP, a fully managed service for our subscribers Automated monitoring service Improved data collection and reporting of utilisation New discovery service

Other initiatives A fully managed Identity provider service for our subscribers 1.New AAF VHO 2.Partially hosted, for organisations with an Identity store 3.Fully hosted Not currently resourced Cloud IdP

Other initiatives ICINGA open source monitoring (NAGIOS variant) Federated authentication Simple dashboard showing the overall health of the federation Reporting and alerting to subscribers Basic Monitors (March 2012) Ping Time Synchronisation SSL Certificate expiry Shibboleth Status Basic and Advanced Basic port security check Advanced Monitor (June 2012) End-to-end (RedIRIS monitoring tool) Automated monitoring service Integrated with the Federation Registry Hosts and Services to monitor Hosts and services groups Contacts, people involved in the notification process

Other initiatives Currently usage data collected from WAYFs Leads to some data loss Does not distinguish between successful and failed access Investigate improvements thru capturing sanitized logs from IdPs See all the traffic that by-passes the WAYF Identify hidden services – bi lateral agreements become obvious Can count successfully authentications Can assist in identifying brut force attacks Improved data collection and reporting of utilization

Other initiatives Currently utilizing the SWITCHaai WAYF Federation Registry Extend to populate MDUI elements into the metadata Investigate what options are available for the Discovery Service Multi-tiered Discovery Service – General access – Higher LOA New discovery service

Michel De La Villefromoy - Manager, University of Technology, Sydney “We see the AAF as an enabler for sharing all manner of fragile, dangerous, rare and geographically remote equipment between research organisations.”