J. Access Control to Video Resources TF-VVC.

Slides:



Advertisements
Similar presentations
AAA Architecture Use of a AAA Server Application Specification to Support Generic AAA Applications Across a Mesh of Interconnected AAA Servers With Policy.
Advertisements

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Service Chaining with OAuth 2.0 Bearer Tokens
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
A case for Shibboleth and grid security: are we paranoid about identity? UK e-Science All Hands Meeting, 2006 Mark Norman 19 Sept 2006.
Authz work in GGF David Chadwick
Gateway Node Security Block Diagram ESG Gateway Node Confluence Server OpenID Filter Authz Service Callout Authorization Service (SSL) F-TDS OpenID Filter.
Kerberos Authentication for Multi-organization Cross-Realm Kerberos Authentication User sent request to local Authentication Server Local AS shares cross-realm.
Virtual Directories: Attack Models and Prevention June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram laboratory.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?
X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.
Authorization architecture sketches draft-selander-core-access-control-02 draft-gerdes-core-dcaf-authorize-02 draft-seitz-ace-design-considerations-00.
A PERMIS-based Authorization Solution between Portlets and Back-end Web Services Hao Yin 1, Sofia Brenes-Barahona 2, Donald F. McMullen * 2, Marlon Pierce.
Survey of Identity Repository Security Models JSR 351, Sep 2012.
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
PAPI Points of Access to Providers of Information.
OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”
SIMDAT Authentification and Autorisation Matteo Dell’Acqua ET-CTS meeting, Toulouse, May 2008.
Shibboleth for Real Dave Kennedy
Enabling Collaborations via a Transformative Virtual Organization Platform Dr. Gordon K. Springer University of Missouri-Columbia CS Department Seminar.
1 Globus Toolkit Security Rachana Ananthakrishnan Frank Siebenlist Argonne National Laboratory.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
1 GT XACML Authorization Rachana Ananthakrishnan Argonne National Laboratory.
State of e-Authentication in Higher Education August 20, 2004.
E-Authentication in Higher Education April 23, 2007.
Access Management 2.0: UMA for the #UMAam20 for questions 20 March 2014 tinyurl.com/umawg for slides, recording, and more 1.
Connect. Communicate. Collaborate AAI scenario: How AutoBAHN system will use the eduGAIN federation for Authentication and Authorization Simon Muyal,
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.
AA aspects in some GN2 activities Maurizio Molina DANTE ( TF-EMC2 Meeting - 17th Feb 2005, Amsterdam.
Wireless and Mobile Security
Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.
1 Earth System Grid Center for Enabling Technologies ESG-CET Security January 7, 2016 Frank Siebenlist Rachana Ananthakrishnan Neill Miller ESG-CET All-Hands.
Esri UC 2014 | Demo Theater | Using ArcGIS Online App Logins in Node.js James Tedrick.
Java Web Server Presented by- Sapna Bansode-03 Nutan Mote-15 Poonam Mote-16.
E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
E2E piPEfitters Eric L. Boyd. 2 Agenda NLANR / DAST Advisor Jim Ferguson John Estabrook OWAMP Jeff Boote SONAR Prototype Deployment Eric Boyd.
Adding Distributed Trust Management to Shibboleth Srinivasan Iyer Sai Chaitanya.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
AuthZ WG Conceptual Grid Authorization Framework document Presentation of Chapter 2 GGF8 Seattle June 25th 2003 Document AID 222 draft-ggf-authz-framework pdf.
Authentication Presenter Meteor Advisory Team Member Version 1.1.
University of Murcia Gabriel López.  Network authentication in eduroam and SSO token distribution ◦ RADIUS hierarchy ◦ Token based on SAML  Network.
Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.
Security in OPC Unified Architecture (UA) Dick Oyen IndustrialSysDev, Inc.
Non Web-based Identity Federations - Moonshot Daniel Kouril, Michal Prochazka, Marcel Poul ISGC 2015.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
SAML & OAuth V2 Nov 19/09. Goals Explore (useful) combinations of SAML & Oauth Builds on 2008 proposal from Ping ID for combining SAML SSO & Oauth authz.
A National e-Authentication Service
TK1924 Program Design & Problem Solving Session 2011/2012
Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
HMA Identity Management Status
CAS and Web Single Sign-on at UConn
The New Virtual Organization Membership Service (VOMS)
AAI For Researchers Licia Florio AARC Project Coordinator GÉANT DI4R
O. Otenko PERMIS Project Salford University © 2002
GENEDI EUROPEAN COMMISSION - EUROSTAT GENERIC EDI TOOLBOX
Presentation transcript:

J. Access Control to Video Resources TF-VVC

The bad way

TF-VVC The bad way

TF-VVC

AuthZ module AuthN have a private key and AuthZ have the public key AuthZ check that the assertion is signed by AuthN The assertion contains attributes, that allow implement policies  Example User id, Group id, time to live of assertion, role, project, institution, etc

TF-VVC Implementation for DSS Will be aligned with JRA5 Improvements:  Independent authorization service The client ask to authoritation service and it return a tokenThe client ask to authoritation service and it return a token The client contact with streaming server with this token as parameterThe client contact with streaming server with this token as parameter The token (signed by authZ service) will open or not the access to video depending on small set of parameters: token timeout, resource, session code…The token (signed by authZ service) will open or not the access to video depending on small set of parameters: token timeout, resource, session code…

TF-VVC

Advantages:  Centralized authZ policies  More flexible portal to access to our video resources  We separate two domains: AuthN server- home organizationAuthN server- home organization AuthZ server+video streaming servers – resources ownerAuthZ server+video streaming servers – resources owner

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.