Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies cru.fr 7th.

Slides:

Advertisements

Similar presentations

eduroam Delegate Authentication System with Shibboleth SSO

Advertisements

Lousy Introduction into SWITCHaai

Open-source Single Sign-On with CAS (Central Authentication Service)

Copyright © 2006 ESUP-Portail consortium The ESUP-Portail project (in a few words) Pascal Aubry Consortium ESUP-Portail / University.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

MyProxy: A Multi-Purpose Grid Authentication Service

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.

EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Alex Reid, AARNet Australia Middleware Update; 16-Oct-06 Middleware in Australia - Update TF-ECM2 Malaga 16-Oct-06 Alex Reid Director, eResearch/Middleware.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.

Shibboleth and InCommon Copyright Texas A&M University This work is the intellectual property of the author. Permission is granted for this material.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

Public Key Infrastructure from the Most Trusted Name in e-Security.

Athens Building Communities Ed Zedlewski & Lyn Norris UKSG, Warwick, April 2002.

F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education.

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.

(From Radius Hierarchy to AAI) Miroslav Milinović University Computing Centre - Srce EuroCAMP Ljubljana, March 2006.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.

Education roaming Secure Wireless Service for Research and Education.

Supporting further and higher education UK Middleware Update TF-EMC2 Meeting, 4 November 2004 Alan Robiette, JISC Development Group.

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

Michal Procházka, Jan Oppolzer CESNET.

Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

High-quality Internet for higher education and research do you like to puzzle, build an AAI ! xxx AA systems 2nd EuroCAMP - Porto November 8, 2005

HAKA project HAKA User administration inside Finnish Higher Education Institutes results from the KATO project Barbro Sjöblom EDS 2003 Uppsala.

GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.

Michael Ghens Information Systems Specialist Santa Barbara City College.

High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

EMI INFSO-RI AAI in EEF Projects John White (Helsinki University) EMI Security Area Leader.

Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.

Dartmouth PKI Update Robert Brentrup Internet2 Member Meeting April 21, 2004.

Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)

Shibboleth at Columbia Update David Millman R&D July ’05

US of A and A Activities Ken Klingenstein, Director Internet2 Middleware Initiative.

Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.

ESnet RAF and eduroam ™ Tony J. Genovese ATF Team ESnet/Lawrence Berkeley National Laboratory.

Athens – integrated AMS services Ed Zedlewski JISC/CNI Conference Edinburgh, June 2002.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.

CARSI: Federated Identity and Resource Sharing over CERNET Dr. PING CHEN Peking University( 北京大学 ) Jan, 24 th, 2008.

The UK Access Management Federation John Chapman Project Adviser – Becta.

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

Diego R. Lopez, RedIRIS TF-EMC2, Umea SIR, FedSSH and more to come…

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Programme ›TERENA ›Overview of the middleware initiatives in the European Higher Education ›What is eduroam: the technology and how to set up eduroam ›eduroam-in-a-box:

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

Diego R. Lopez RedIRIS update Middleware activities at the South-western Border.

Tutorial on Science Gateways, Roma, Riccardo Rotondo Introduction on Science Gateway Understanding access and functionalities.

Illinois Health Network The 14th Global Grid Forum Chicago, Illinois June 27, 2005.

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Fall 2009 Internet2 Member Meeting - 8, October Using Sympa as a VO manager Serge Aumont, David Verdin - CRU Fall 2009 Internet2 Member Meeting -

eduroam Managed IdP - Roadmap

ESA Single Sign On (SSO) and Federated Identity Management

NAAS 2.0 Features and Enhancements

The French federation Eurocamp 2007 Helsinki

Some data about the CBIC Federation

Certificate Service Survey Summary

Presentation transcript:

Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies cru.fr 7th TF-EMC2 Meeting, October

Comité Réseau des Universités French Research & High Ed landscape RENATER French Research and Education Network layers CRU Universities (80) and other high ed schools (~120) UREC Research Middleware and other activities

Comité Réseau des Universités CRU federation We hear about Shibboleth, PAPI, A-Select… Federations in productions Test federation CRU: comparison of Shib & LA uPortal-based portals: directory and CAS SSO deployment Pilot federation CRU federation Government funding for universities cooperation on a regional level Government funding for national-level services for students

Comité Réseau des Universités CRU federation Based on Shibboleth without centralized WAYF One single federation targeted at the ~200 French high ed institutions (IdPs) SPs: High Ed community, public & private sectors Currently 11 IdPs (~10 coming soon) and 5 SPs

Comité Réseau des Universités CRU federation: current usage Library resources (Elsevier, ABES) On-line courses (on national and regional levels) Wi-Fi access for roaming users (regional level, in cohabitation with eduroam) Software distribution (3 coming SPs)

Comité Réseau des Universités CRU federation: next tasks Operating a “virtual IdP” with basic group management for “exception” people and people whose institution does not belong to CRU federation yet Better integration with the institution portals (how to bypass the WAYF) Use of ShARPE and Autograph? Which economic model?

Comité Réseau des Universités eduroam CRU operates the eduroam service for RENATER community Started in April 2006 Currently 14 institutions Main difficulty is administrative: make an university president sign the updated RENATER agreement

Comité Réseau des Universités eduroam: main tasks Monitoring: quite close to the real use case –802.1X & EAP, not only RADIUS level check –to check the availability of the service and if the institution authentication method works – Coming tasks –accounting (stats & traceability) –administrator training

Comité Réseau des Universités PKI A PKI running since June 2003 End-users certificates (~800) for web authentication –We are thinking about moving from X.509 end- users certificates authentication to federation/portal based authentication Server certificates (~1400) more and more used: web servers, LDAPS, POPS, IMAPS, Shibboleth, Radius…

Comité Réseau des Universités SCS Service opened in May 2006 One difficulty: updating WHOIS records (and debugging institution naming issues!) 50 institutions have subscribed to the service (proxy letter) and more are coming ~260 certificates issued, institutions are very satisfied One centralized RA (4 operators) with tools to ease the validation of the requests

Comité Réseau des Universités SCS tool for RA operators MIIBhzCB8QIBADBIMQswCQYDVQQGEwJGUjEcMBoGA1UEChMTVW5pdmVyc2l0ZSBk J0FuZ2VyczEbMBkGA1UEAxMScnB2LnVuaXYtYW5nZXJzLmZyMIGfMA0GCSqGSIb3 DQEBAQUAA4GNADCBiQKBgQC1JPNqbFuV2IxD5CRYm1yodSKFt/2jI9OBjOePqa1e B/HynCP41ppdt0n00uiLmps6RIE0lqsfZOrqBMydLc6AMh6wqe6+YiYqAXDVjMbn A8SrzR2p/oxNK+RFhgBprFYgJMow88m3C8RCTGg6sLUNV311Og5KIjfzVMatakNx sQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAhyxOZZZ5dLDlKR5FQZn3Xl4ZgxUl FxBoci/PInT5hwcoqOeENPgDIkcuEqh6Iz7oZrCRap0FMrAIq9mSfysSo/XJn+gP Vo4PhH02aluvOv/y76i4VhNGieZbe2VqSjDmg0NagRZnyIfd1b9pFsBW2f8FaG6a J7TEzcHYmWcZvl0=

Comité Réseau des Universités Latest news for Sympa mailing list software Accessibility of the GUI for disabled people SOAP interface extended AuthN+AuthZ module for DokuWiki New translations (Norwegian, Swedish) + English fixed Sympa presentation at the "Jornadas Técnicas de RedIRIS JT06", 15th November Grenade, Spain

Comité Réseau des Universités Security policies Strong need for well formed and practical security policies in French high ed institutions CRU starts to help institutions to set up formal security policies Currently in pilot phase with some universities, using EBIOS method