© 2006 The University of Chicago Grouper Backgrounder for Authorization WG Tom Barton, U Chicago.

Slides:



Advertisements
Similar presentations
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Advertisements

GT 4 Security Goals & Plans Sam Meder
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Data Management Expert Panel - WP2. WP2 Overview.
Wednesday Sessions. 2 Demonstrations & Discussions PASE, U Wisc, Steve Devoti & Mark Weber I2 services, Internet2, Mike LaHaye WS-Grouper, Cornell, Joy.
Managing Roles & Privileges with Grouper and Signet Middleware Nate Klingenstein (some words stolen from Tom Barton & Lynn Mcrae) Helsinki EuroCAMP, April.
Managing Authorization with Signet and Grouper Tom Barton, University of Chicago Lynn McRae, Stanford University Tom Barton, University of Chicago Lynn.
Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford.
Leveraging Campus Directories: Lightweight Authorization and Group Management Keith Hazelton University of Wisconsin-Madison.
Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.
Overview of Kuali Student Technical Architecture Kuali Days :: Chicago May 13-14, 2008.
Internet2 MACE Identity and Access Management (IAM) Projects integ-tb-kh-02.ppt Keith Hazelton, U Wisconsin With help.
Handling Groups and Permissions: Grouper and Signet and uPortal Lynn McRae, Stanford University Keith Hazelton, University of Wisconsin With thanks to.
© 2005, Cornell University. Rapid Application Development using the Kuali Architecture (Struts, Spring and OJB) A Case Study Bryan Hutchinson
Introduction to Grouper. Open source, community-driven project of the Internet2 Middleware Initiative Initial release v0.5 in December 2004 Grouper originally.
Widely Distributed Access Management Tom Barton University of Chicago.
Setting up the Grouper and Signet Databases Joy Veronneau Cornell University Identity Management November 7, 2006.
Enriching Identity Through Groups EDUCAUSE Distributed Access Management CAMP Joy Veronneau Cornell University, Identity Management November 8, 2006.
Curation Tool June 11, Curation Tool Overview Architecture Implementation Dependencies Futures 2.
Introduction to Group Management Tom Barton, Blair Christensen University of Chicago.
Signet and Grouper for Distributed Attribute Administration
Managing Roles & Privileges with Grouper and Signet Middleware Tom Barton, University of Chicago Lynn McRae, Stanford University Tom Barton, University.
AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.
Cancer Bioinformatics Grid (caBIG) CANS 2006 Chicago, Illinois Shannon Hastings Department of Biomedical Informatics Ohio State University.
Cornell University Replacing a System that (sorta) Works Tom Parker Joy Veronneau Identity Management Team OIT/CIT Security Office Central Authorization.
Access Management with Grouper Tom Barton University of Chicago.
Intro to Grouper There’s nothing fishy about Identity Management with Grouper.
Signet and Grouper A Use Case Study for Central Authorization at Cornell University March 2006.
Middleware Support for Virtual Organizations Internet 2 Fall 2006 Member Meeting Chicago, Illinois Stephen Langella Department of.
Directories Keith Hazelton, University of Wisconsin Brendan Bellina, University of Notre Dame Tom Barton, University of Chicago.
SAML support in VOMS Valerio Venturi EGEE JRA1 AH Meeting, Amsterdam 20/23 February 2008.
Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Using Grouper and Signet for Access Management Kathryn Huxtable GPN Annual Meeting 30 May 2008
Using Signet and Grouper for Access Management Using Signet and Grouper for Access Management Tom Barton, University of Chicago Lynn McRae, Stanford University.
Grid Trust Service (GTS). Problem How does the grid clients/services know which CA certificates to trust? Should I trust this CA?
Access Information Management Tom Barton University of Chicago.
Practical Tools for Implementing Authentication and Managing Authorization Educause SWR 2007 Barry Ribbeck Director of Systems, Architecture and Infrastructure.
Grouper Tom Barton University of Chicago. I2MM Spring Outline  Grouper’s place in the world  Some Grouper guts  Deployment scenarios.
DGC Paris WP2 Summary of Discussions and Plans Peter Z. Kunszt And the WP2 team.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Running List: Comanage Stuff Framework – Services - Appliance.
DSpace System Architecture 11 July 2002 DSpace System Architecture.
Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.
Grouper: A Toolkit for Managing Groups Tom Barton blair christensen University of Chicago.
Grouper Training Developers and Architects How to Design Groups Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
What’s new with Grouper 26-April-2010, Spring Member Meeting Chris Hyzer, Grouper developer.
CaGrid 1.0 Security Infrastructure Stephen Langella, Scott Oster, Shannon Hastings, David Ervin, Joshua Phillips, Vinay Kumar, Tahsin Kurc, Joel Saltz.
Grouper attributes and privileges FUTURE features in Internet2 MACE Grouper June 2009 Chris Hyzer University of Pennsylvania Internet2.
Networks ∙ Services ∙ People Mandeep Saini TNC15, Porto, Portugal Virtual organisation Authorisation Management Practices in Research and.
Networks ∙ Services ∙ People Andrea Biancini #TNC15, Porto, Portugal Implementing Grouper to federate user authorization Federated Authorization.
Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.
Cancer Bioinformatics Grid (caBIG) CANS 2006 Chicago, Illinois
eduTEAMS platform for collaboration Niels Van Dijk
I2/NMI Update: Signet, Grouper, & GridShib
Moving Beyond Implementation: Authorization
Chris Hyzer, University of Pennsylvania
Provisioning Groups, Memberships, and Permissions to LDAP
Technical Topics in Privilege Management
Guests and Collaborators
Grouper: A Toolkit for Managing Groups
PDI: Intro to Grouper Jeff Ruch Jeff Ruch ACNS Middleware
Signet & Privilege Management
9/8/ :03 PM © 2006 Microsoft Corporation. All rights reserved.
Managing Roles & Privileges with Grouper and Signet Middleware
Presentation transcript:

© 2006 The University of Chicago Grouper Backgrounder for Authorization WG Tom Barton, U Chicago

caBIG AuthZ WG17 July Functional Highlights  Group management capabilities  Basic group & membership management  Subgroups  Composite groups (union, intersection, complement)  Distributed authorities  Delegation of authority  Custom group types & attributes  Indirect membership traceback  Grouper is a management tool  Maintains group data & metadata in an RDBMS  Can manage any object presented to it as a “subject”

caBIG AuthZ WG17 July Components & Requisites  Components  Java API  Java UI (extremely mutable)  XML import/export tool  Command line shell  Infrastructure requisites  Hibernate for object persistence (supports most RDBMS’s)  Subject API for integration with identity sources  UI: Servlet API v2.3 REMOTE_USER or internal authN hook  Tarballs  API  UI  QuickStart package includes tomcat, database, identity source, etc

caBIG AuthZ WG17 July Privilege Model & Attribute Management  Per-group privileges  ADMIN, UPDATE, READ, VIEW, OPTIN, OPTOUT  Groups ↔ Attributes duality  Groups are lists of members  Members belong to a list of groups  Group names are attribute values of member objects  Grouper also manages Naming Stems  URN names and delegation of naming authority  Groups are named within a URN prefix = “naming stem”  Per-naming stem privileges  CREATE – can create groups with this naming stem  STEM – Create subordinate stems, assign CREATE priv  Privilegees are lists of “subjects”  So, group management capabilities apply to managing privileges

caBIG AuthZ WG17 July Subject API

caBIG AuthZ WG17 July Generic Integration Architecture

caBIG AuthZ WG17 July Status, Links  Grouper v1.0 RC1 released July 12  Grouper v1.0 to be released July  Grouper Wiki Grouper Wiki  Docs  Code  Product, project, & community support  Almost a complete solution. Lacking:  Near-real-time provisioning U Chicago, others will have JNDI provisioner “real soon now”  WS or other run-time query interfaces Cornell AXIS-based prototype  Roadmap  Aging of groups & memberships (v1.1)  Change notification (v1.1+)

caBIG AuthZ WG17 July Possible Q&A Areas  Run-time group query service  Systems integration  Federations, VOs, widely distributed authorities  Proxy IdPs, Service Centers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.