SURFfederatie & SURFconext Federated identity system for scientific collaborations 9-10 June 2011 CERN Remco Poortinga – van Wijnen*, SURFnet

Slides:

Advertisements

Similar presentations

Federated Identity for Grid Architects Tom Scavo NCSA

Advertisements

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

SURFfederatie - eduGAIN Opt-in Metadata Management for a Hub & Spoke Federation.

An OpenSocial Based Collaboration Infrastructure Paul van Dijk Product Manager SURFnet.

Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.

AARNet Copyright 2013 Network Operations OpenConext Workshop Down-Under Enabling Federated Team Management, Group-Aware SPs, and SP Shop-Fronts Neil Witheridge,

Update SURFnet Bart Kerver TF-EMC2-meeting, Utrecht, 17 Oktober 2006.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Eric Meeks (UCSF) Leslie Yuan (UCSF) OpenSocial Gadget Update from UCSF June 17, 2011 – Harvard Profiles User Group Meeting.

WebFTS as a first WLCG/HEP FIM pilot

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

FIM, , Nijmegen CLARIN: status of FIM Dieter Van Uytvanck 1.

Supporting Are we ready? REFEDS, Oct 2013 Ann Harding

Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.

Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

SURFnet. We make innovation work0. 1 State-of-the-art Network IT InnovationLicensing.

Géant-TrustBroker project overview Slides assembled by the Géant-TrustBroker team at Leibniz Supercomputing Centre, Germany for a short presentation by.

WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.

Cloud federation Are we there yet? Marek Denis CERN openlab Major Review Geneva, Switzerland › October

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.

Géant-TrustBroker Project Overview Daniela Pöhn 7 th FIM4R meeting Frascati, Italy April 24 th, 2014.

Authorization and Authentication Infrastructure Daan Broeder & Dieter Van Uytvanck Max Planck Institute for Psycholinguistics

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

4 december 2008 SURFfederatie status Jaap Kuipers.

June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,

Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.

Facing the challenge of relevance Erwin Bleumink 4 June 2013 TNC13.

European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

SURFconext, a New Collaboration Paradigm Paul van Dijk, Product Manager SURFnet.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI-InSPIRE PY5 new activities Peter Solagna – EGI.eu.

TNC2014 Service Delivery NREN style: Using OpenConext to build service delivery platforms Neil Witheridge AARnet Carl Vincent Jisc Netskills 20 May 2014TNC.

Open Collaboration Exchange Alexander Blanc, Niels van Dijk, Jocelyn Manderveld, Remco Poortinga - van Wijnen VAMP 2013, Espoo.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Authentication and Authorisation for Research and Collaboration Peter Solagna, Davide Vaghetti, et al. Topics for PY2 activities.

Networks ∙ Services ∙ People Marina Adomeit TNC16 Conference, Prague Towards a platform for supporting collaboration GÉANT VOPaaS

How eduGAIN can help education: a real life story Sabita Behari Product Manager TNC14.

Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.

Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.

Networks ∙ Services ∙ People Ann Harding Networkshop 44, Manchester Thinking globally, acting locally Trust and Identity in the GÉANT project.

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

Géant-TrustBroker Dynamic inter-federation identity management Daniela Pöhn TNC2014 Dublin, Ireland May 19 th, 2014.

Web SSO with Cloud Resources using AD Federation Services

Access Policy - Federation March 23, 2016

Sakai ID & Access Management

Cross-sector and user-centric AAI

LIGO Identity and Access Management

Mechanisms of Interfederation

EGI Updates Check-in Matthew Viljoen – EGI Foundation

eduTEAMS – Current status & Future Plans

Géant-TrustBroker Dynamic inter-federation identity management

Federated Identity Management for Researchers (FIM4R)

Scalability of trust and metadata exchange across federations

CLARIN Federated Identity Vision

Neil Witheridge’s slides

GÉANT International Networking and Collaboration

Identity Federations - Installation and operation

Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)

AAI Architectures – current and future

ATIS’ Service Oriented Networks (SON) Activity

Community AAI with Check-In

eIDAS-enabled Student Mobility

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

SURFfederatie & SURFconext Federated identity system for scientific collaborations 9-10 June 2011 CERN Remco Poortinga – van Wijnen*, SURFnet *with input from a lot of others

SURFnet. We make innovation work1 Overview -SURFfederatie -In 3 slides -SURFconext -Background -Features -Architecture -Services -TBD/Future development

SURFnet. We make innovation work2 Federation Models Business: SAML 1.x -de-facto -NxN (‘distributed’) -Shared trust, pt2pt -Education VS/Europe -Shibboleth -2xN (‘hub-and-spoke’) -Central gateway (CFC) -Protocol translation -Attribute filtering & enrichment -Easier configuration for IdPs IDPSP IDPSP IDPSP IDPSP IDPSP IDPSP IDPSP CFC

SURFnet. We make innovation work3 SURFfederatie Functional View Central Federation Components A-Select Cross Shibboleth SAML 2.0 WS-Fed / ADFS SAML 2.0 WS-Fed / ADFS Identity ProvidersService ProvidersSURFfederatie CORE Applications Credentials

Some numbers -IdPs (79) -36 SAML (30*) WS-Federation (ADFS) -(* 8 proxied) -13 A-Select -SPs (55+) -Google apps, foodle, CLARIN (7), several publishers, libraries, webshops, SURFconext, … -≈ 700k users -(Technically) connected to eduGAIN SURFnet. We make innovation work4

SURFconext some background -Goal of SURFnet is to enable collaboration -Across (institutional) borders -Used to be done by SURFgroepen service -Sharepoint -User defined groups/spaces -But: -Monolithic -No domestication (then) -Single (specific) service  no choice -No way to extend groups to other services -(exception: AdobeConnect) SURFnet. We make innovation work5

SURFconext -Allow users from different institutions to work together using their own preferred combination of tools -Using groups across services -Using SURFfederatie (trust, identities, attributes) SURFnet. We make innovation work6

SURFconext platform features -IdP and SP (SAML 2.0) proxy -Group Relation Provider(s) -IdP and SP and oAuth registry -OpenSocial ‘Gadgets’ for GUI handling -OpenSocial ‘Social Data’ API -VO Registry  VO IdP -Uses OSS components where possible -Apache Shindig – OpenSocial Container -Apache Rave (incubator) – OpenSocial Portal -Corto – Idp/SP proxy -Janus – (SP/IdP Metadata) registry -Is Open Source itself – SURFnet. We make innovation work7

SURFconext architecture SURFnet. We make innovation work8

SURFconext services -Confluence -Alfresco -Liferay -WebEx -BigBlueButton -Sympa -Lobber -… SURFnet. We make innovation work9

What’s missing/TBD? -Group Management across boundaries -NREN and/or VO-platform boundary -On the agenda of GN3-JRA3-T2 -Production ready VO support -Group Management in context of a VO -virtualIDP for services supporting only single IdP endpoint (Google apps etc) -Roles and Rights -Roles group management ≠ roles services -Service usage (licenses for guest users) SURFnet - We make innovation work10

Questions? SURFnet. We make innovation work11

Backup slides SURFnet. We make innovation work12

OpenSocial - overview App’s Virtual Organization Consumers ‘Social Network’ ‘Social Network’

→ → → → (SURFteams) →

SURFconext & eduGAIN SURFnet - We make innovation work16 SURFconext /Corto VOs Groups Service IDP SP Guest IDP eduGAIN SURF- federatie IDP SP IDP SP IDP SP Service

17

18

19