Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.

Slides:

Advertisements

Similar presentations

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.

Advertisements

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…

Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.

WSO2 Identity Server Road Map

Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.

A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.

Widely Distributed Access Management Tom Barton University of Chicago.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

Enterprise SharePoint Service (ESPS) 17 August 2011 A Combat Support Agency Defense Information Systems Agency.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Federated A(A(A))I Jens Jensen hepsysman, RAL,

Claims Based Authentication

Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.

Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

Updates on Internet Identity. Topics Consumer marketplace update The big consumer players – OIX - and the other big consumer players.

BfB: Supporting Collaboration with Infrastructure.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

11-July-2011, SURFnet Heather Flanagan, COmanage Project Coordinator Benn Oshrin, COmanage Developer Scott Koranda, U. Wisconsin – Milwaukee and LIGO.

Gee, I could have had a VO: Cloud- based COmanage Chris Hubing and Jim Leous.

VO Identity, Attributes, and Infrastructure: Some Basics.

Identity Ecosystem for Scientific Collaboration and some related thoughts Michael Helm on behalf of Jim Basney, Greg Bell, Irwin Gaines, Dhiva Muruganantham,

Federated Identity and the International Research Community Dr Ken Klingenstein Director, Internet2 Middleware and Security.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity: What It Brings to Open Government Dr Ken Klingenstein Director, Internet2 Middleware and Security.

VO and Internet2 Middleware. Presenter’s Name Topics Motivations for Internet2 Middleware work Federated identity and InCommon Other IdM Groups, privileges,

SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.

The I-Trust Federation: Federating the University of Illinois Keith Wessel Identity Management Service Manager University of Illinois at Urbana-Champaign.

Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.

Running List of Comanage Framework Stuff. Parked issues Discussion of how to share the work of domesticating apps - real important to do soon, but the.

Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

A Role for Libraries in Helping Users Manage Collaboration.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

SURFfederatie & SURFconext Federated identity system for scientific collaborations 9-10 June 2011 CERN Remco Poortinga – van Wijnen*, SURFnet

Virtual organizations: Team Science, Team Shakespeare.

Taking Care of Our Core Business: Managing Collaborations Dr. Ken Klingenstein, Senior Director, Internet2 Middleware and Security.

Scared Straight… if you want to go outside… Authenticate Locally, Act Globally.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Afresco Overview Document management and share

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Running List: Comanage Stuff Framework – Services - Appliance.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

~60 staff 1.Collaborators around the world 2.Supports communities of collaborators external to Internet2 3.Community uses wiki, mailing lists, instant.

Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,

WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.

SMXL: Tailoring Technology to Collaboration. SMXL FAQ Is SMXL a new web scripting language? No, it is the art of tailoring IdM and access.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.

1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney

Networks ∙ Services ∙ People Marina Adomeit TNC16 Conference, Prague Towards a platform for supporting collaboration GÉANT VOPaaS

Collaboration and Federated Identity Two powerful forces being leveraged – the rise of federated identity – the bloom in collaboration tools, most particularly.

COmanage: Vision & Strategy July 2010, COmanage Dev Call.

Web SSO with Cloud Resources using AD Federation Services

Secure Connected Infrastructure

LIGO Identity and Access Management

Introducing Access Management

An authorization service for Virtual Organizations (VO)

Federated IdM Across Heterogeneous Clouding Environment

Business Connectivity Services in SharePoint 2010 and Office 2010

Solutions for federated services management EGI

ESA Single Sign On (SSO) and Federated Identity Management

The Future of Indoor Plumbing

Overview and Development Plans

Observations The phases of Internet-scale invention and the role of market-makers Skill sets for the new world order and nurturing its seed corn in common.

Community AAI with Check-In

The Attribute and the ecosystem

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

Collaborative Platforms

Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications and user communities Virtual organizations represent critical communities of researchers sharing domain resources and applications as well as general collaboration tools. Providing a unified identity management platform for collaboration is essential in a multi-domain, multi-tool world. Lots of activities in domesticating applications to work in a federated world, moving from tool-based identity to collaboration-centric identity.

Collaboration Platform Integrated set of collaboration apps (wikis, listprocs, CVS, file share, calendaring, etc) Integration of at least identity and access control via group memberships Integration of content and meta-data is harder Repackages successful approaches for a collaborative/project/VO setting Federated identity, group management, directories, and security token services (aka credential convertors)

Examples of Collaborative Platforms COmanage %20(Report%20Collaboration%20Infrastructure).pd f Commercial offerings – Sharepoint, Adobe Connect, Google Sites, Google Wave, Google Apps Repurposed LMS –Sakai, Croquet

Collaboration Infrastructure (COIN) Dutch National Collaboration Infrastructure Domesticated tools -Adobe Connect; Alfresco; Foodle; Filesender; Confluence; WSO2 mashup server; OpenFire; Drupal; KnowledgeTree, Sympa and Limesurvey Domesticated services -Google Apps; MyExperiment.org; Twitter; PubMed Integration across VO, institution and third-party domains Workflow Grid integration

Domestication of applications The work of re-factoring applications to use the emergent identity services infrastructure Begins with federated identity and authentication, use of directories; gains a lot from group management for access control, etc Needs a fine grain set of authorization tools down the road Domesticated apps can receive IdM attributes via LDAP, SAML, X.509, SQL, Kerberos PAC, and maybe all of the above

Typical activities in collaboration management Add or remove people from groups Create new subgroups, identify overlapping memberships, etc. Permit or deny access control to wiki pages, calendars, computing resources, version control systems, etc Add people to mailing lists, wikis, etc Create and delete/archive users, accounts, keys Identify group membership on a given date

COManage Elements Dashboard Shib SP GrouperSTS Shib IdP LdapPC Including provisioning Applications Data Store

What’s in a COmanage data store Enterprise AttributesProject/VO attributes Federated IdPI groups Enrolled classesWiki editing permissions Display nameInstrument permissions CitizenshipVO certificates Enterprise affiliation…

Grouper A general purpose, extensible, open-source group management tool In production at many institutions in the US and overseas Core national infrastructure service in several countries Manages groups of things – people, devices, processes Has GUI, people picker, group math, inheritance, delegation, provisioning and deprovisioning, etc. Stores values in LDAP directory Aimed at spectrum from power user to collabmin, sysadmin and enterprise IdM.

Security Token Service Converts the form of an existing credential or packs a set of attributes into a new credential Presents external security information to an application or service in the lingua of the app/service Conversions – SAML into X.509, SAML into Kerberos, SAML to LDAP, etc. Mythical in a single comprehensive package; legion in individual instances

What forms does COmanage take? Usually as an assembled set of services A dashboard, directory product, Shibboleth IdP and SP, Grouper, and a set of applications provisioned on other servers On an enterprise level to serve its collaborations and VO’s, within a large VO, or at a federation level to serve a national community Can also be a VM, a VM in the cloud, or a service with the applications in the cloud. Can be embedded in a science portal or gateway

Some key issues Extent of application domestication Waiting for other technologies to happen – interfederation, discovery, metadata tagging, etc. GUI approach Domain application/science portal integration

Roles, schema and attributes Research communities have their own cultures, vocabularies, needs Building community-wide consistency on roles, privileges, groups provides tremendous leverage for collaborations Keeping it simple is critical and difficult

Needs of Big Science Researchers Access to collaboration tools Basic group management and access control Command line tools Integration of web and command line IdM and access control No modifications to existing domain science apps International capabilities Multiple levels of assurance Roles, attributes, metadata and ontologies

Flows of attributes - 1 Enterprise Data Store Project comanage RelyingParty Enterprise

Flows of attributes – 2 – PDP extra pass Enterprise Data Store Project comanage RelyingParty Enterprise

Flows of attributes – 3 – IdP to RP Enterprise Data Store Project comanage RelyingParty Enterprise