Presentation is loading. Please wait.

Presentation is loading. Please wait.

Extending Authentication to Members of Social Networks

Published byMelinda Thornton Modified over 5 years ago

Similar presentations

Presentation on theme: "Extending Authentication to Members of Social Networks"— Presentation transcript:

1 Extending Authentication to Members of Social Networks
The Grid Goes “Social” Extending Authentication to Members of Social Networks Dr. Marco Fargetta(1), Mr. Riccardo Rotondo(2,*), Prof. Roberto Barbera(3,4) (1) Consorzio COMETA, Catania, Italy (2) Consortium GARR, Rome, Italy (3) Department of Physics and Astronomy of the University of Catania, Italy (4) INFN – National Institute of Nuclear Physics, Division of Catania, Italy (*)

2 Outline Identity Federation (IF) Why Social Federation
Grid enabled IF Why Social Federation Social Grid Authentication Authorisation Conclusions & Outlook EGICF 2012, Munich

3 Identity Federation (IF)
In the web technology arena many approaches are available to federate authentication A standard provided by OASIS defines the Security Assertion Markup Language (SAML) Several tools are available, e.g.: Shibboleth SimpleSAMLphp Organisations can rely on traditional tools to manage users: LDAP, CAS, plain text, etc. Free and Open Source EGICF 2012, Munich

4 Identity Federations in the world (https://refeds.org)
EGICF 2012, Munich

5 Enabling Grid to Federations
Grid services are starting to be integrated in community-dedicated web portals; Referred to as Science Gateways The distributed/cross-domain nature of Grid requires strong security mechanisms Users struggle to comply with complex security rules: Get & manage digital certificates, create proxy, update credentials and so on Some institutions want to maintain the control of their own users’ authentication EGICF 2012, Munich

6 Federated Grid User ? Science Gateway EGICF 2012, Munich

7 Identity provided federated
{ idp1, idp2, … idPN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } { idp1, idp2, … idpN } EGICF 2012, Munich

8 Federated Grid User Science Gateway EGICF 2012, Munich

9 Number of users in … EGICF 2012, Munich

10 Why Social Federation Federated identities are only a subset of potential users Users can work in non-federated institutions IDP can be not included in supported federations Mash-up Grid and social tools could be useful for many users and special applications Outreach of science organizations to broader communities “Citizen scientist” to government services Freely accessible repositories (e.g. of cultural heritage) where one wants to profile visitors E-collaboration using social facilities/tools in the same page user performs e-research Grid-based activities EGICF 2012, Munich

11 Social Grid Authentication
Social services are grouped in a special IdP Included in our “catch-all” federation GrIDP Users have the same account even they access with different credentials, either social or federated Each account can register a list of user s and these are used for identification EGICF 2012, Munich

12 Federated Grid User Science Gateway EGICF 2012, Munich

13 For more information watch the video
The Social Networks’ Bridge Identity Provider ( For more information watch the video EGICF 2012, Munich

14 Authorisation (1/2) Technically a social IDP has same security mechanisms of other IDP but user identity are not generally verified Social user requires a stronger control on the authorisation A preliminary identity control is requested Users from Social Networks can not automatically access resources An authorisation request is mandatory The authorisations process does not use SAML A central server maintains authorisation assertions An OpenLDAP server is used EGICF 2012, Munich

15 Authorisation (2/2) To be authorised, users have to provide verifiable information E.g., an address of an official organisation Name and available in institutional pages Users registered in a federation don’t need to specify an official mail. Users can own both federated and social credentials enabled for authorisation. Information is verified by the portal administrators who decide to accept/reject the request EGICF 2012, Munich

16 Conclusions Support of both federated and social users enables the access to Science Gateways to a very large audience AuthN/AuthZ complies with Grid strict control on users Outlook Other social services to be integrated E.g., Twitter, LinkedIn, etc. A test case for the SG integration within a social service is under development Provide a mechanism helping SPs to identify trusted users A trusted user is one who has been already verified. Users should be filtered from the IDP or the SP using additional SAML attributes EGICF 2012, Munich

17 Thank you for your kind attention
EGICF 2012, Munich

Download ppt "Extending Authentication to Members of Social Networks"

Similar presentations

Enabling Grids for E-sciencE A new framework to build Science Gateways based on EnginFrame and Liferay.

Enabling Grids for E-sciencE A new framework to build Science Gateways based on EnginFrame and Liferay.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Federated access to e-Infrastructures worldwide

Federated access to e-Infrastructures worldwide
Introduction on Science Gateway Understanding access and functionalities Catania, 09/06/2014Riccardo Rotondo

Introduction on Science Gateway Understanding access and functionalities Catania, 09/06/2014Riccardo Rotondo
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo

Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo
AAI with simpleSAMLphp

AAI with simpleSAMLphp
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Similar presentations

Ads by Google