Presentation is loading. Please wait.

Presentation is loading. Please wait.

CLARIN Federated Identity Vision

Published bySydney Logan Modified over 5 years ago

Similar presentations

Presentation on theme: "CLARIN Federated Identity Vision"— Presentation transcript:

1 CLARIN Federated Identity Vision
Dieter van Uytvanck, Daan Broeder Federated Identity Workshop at RAL on 2-3 November 2011

2 CLARIN Fed Id Vision A set of well defined semantically harmonized user attributes is released by all IdPs in the inter-federation Perhaps by user consent … not by IdP consent, which scales badly In an inter-federation all agreed attributes may pass national borders Metadata exchange by eduGain Library walk-ins distinguished by attributes LoA for credentials distinguished by attributes Specific community required attributes are stored in ‘external’ community specific attribute store; VO-Platform Non-browser based resource access still enabled by federated identity: SLICS, OAUTH2,…

3 Dieter van Uytvanck, Daan Broeder
CLARIN Use Case Dieter van Uytvanck, Daan Broeder Federated Identity Workshop at RAL on 2-3 November 2011

4 CLARIN “Holy Grail” User Scenario
A researcher authenticates at his own organization and creates a “virtual” collection of resources from different repositories. He does this on the basis of browsing a catalogue, searching through metadata, or searching in resource content. To be granted access to this distributed dataset he signs the appropriate licenses He is then able to use a workflow specification tool and process this virtual collection using LT tools in the form of reliable distributed web services which he is authorized to use. (Intermediate) results are stored in a user specific workspace After evaluation, the resulting data (including metadata) can be added to a repository and the “virtual” collection specification can be stored for future reference using PIDs. What CLARIN wants to achieve is perhaps best illustrated with an use case where may aspects of the infrastructure come into play Virtual collection is “virtual” because it is kind of accidental in the sense that it is defined by the user rather than the producer. With respect to infrastructure CLARIN wants to solve: (1) authentication & identity issues for a user wanting to access resources distributed over several archives (2) Finding resources in the joint domain of interoperable metadata (3) Process resources using tools and services that are also distributed and store the result. Metadata is essential without it you cannot locate the resources you need. For our domain this is ambitious and challenging, but even a partial realization is worthwhile

5 Use case: creating & using Virtual Collections
user selects suitable resources at center A using a specific app at center A after logging in via his organizational account user selects suitable resources at center B using a center specific app making use of SSO references are added to a Virtual Collection registry via a VC registry app for future reference and use The VC is processed by a workflow of LT Web services The identity of the user is delegated to shielded WSs that can use it to access resources. Center A Center B 2 1 IdP VC Registry 3 (5) Is perhaps not directly connected to Federated Identity but the connection between FedId and WS security must be made. 4 WorkFlow manager 5 WS 1 WS 2 WS 2

6 Obstacles How do we get the user’s IdP in the national federation and make the IdP release the right attribute(s) to all the CLARIN SPs? Difficult to choose an always available attribute uniquely identifying the user for autz. Some use ePPN others … ePTID Our IdPs and SPs are distributed over Europe, any assumptions about available attributes are necessarily EU wide. CLARIN (CLARIN SPF) itself distributes the CLARIN SP metadata, every national IDF has its own requirements for this. We need a way to delegate a users identity to (REST) web services which are widely used in CLARIN. Test setup is being build with BiG-Grid based on OAUTH2

Download ppt "CLARIN Federated Identity Vision"

Similar presentations

EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
CLARIN AAI, Web Services Security Requirements

CLARIN AAI, Web Services Security Requirements
User Attributes; who, where, how many? Daan Broeder TLA – MPI for Psycholinguistics.

User Attributes; who, where, how many? Daan Broeder TLA – MPI for Psycholinguistics.
Advanced Metadata Usage Daan Broeder TLA - MPI for Psycholinguistics / CLARIN Metadata in Context, APA/CLARIN Workshop, September 2010 Nijmegen.

Advanced Metadata Usage Daan Broeder TLA - MPI for Psycholinguistics / CLARIN Metadata in Context, APA/CLARIN Workshop, September 2010 Nijmegen.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
EMI INFSO-RI-261611 Session Summary AAI Needs for DCIs John White, HIP Christoph Witzig, SWITCH

EMI INFSO-RI Session Summary AAI Needs for DCIs John White, HIP Christoph Witzig, SWITCH
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
Federated A(A(A))I Jens Jensen hepsysman, RAL, 20110701.

Federated A(A(A))I Jens Jensen hepsysman, RAL,
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
EduGAIN Code of Conduct Workshop, 2012-02-09, Brussels GEANT eduGAIN Data Protection Code of Conduct Workshop Dieter Van Uytvanck

EduGAIN Code of Conduct Workshop, , Brussels GEANT eduGAIN Data Protection "Code of Conduct" Workshop Dieter Van Uytvanck
CLARIN Common Language Resources and Technology Infrastructure Daan Broeder & Dieter van Uytvanck Max-Planck Institute for Psycholinguistics TF-EMC2 Meeting,

CLARIN Common Language Resources and Technology Infrastructure Daan Broeder & Dieter van Uytvanck Max-Planck Institute for Psycholinguistics TF-EMC2 Meeting,
CLARIN and the Humanities Daan Broeder The Language Archive – MPI for Psycholinguistics CLARIN EU/NL Workshop on Federated Identity Management CERN, June.

CLARIN and the Humanities Daan Broeder The Language Archive – MPI for Psycholinguistics CLARIN EU/NL Workshop on Federated Identity Management CERN, June.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
CLARIN Infrastructure Vision (and some real needs) Daan Broeder CLARIN EU/NL Max-Planck Institute for Psycholinguistics.

CLARIN Infrastructure Vision (and some real needs) Daan Broeder CLARIN EU/NL Max-Planck Institute for Psycholinguistics.
CLARIN Metadata Infrastructure Component Metadata and intermediate solutions Daan Broeder Claus Zinn Dieter van Uytvanck - Max-Planck Institute for Psycholinguistics.

CLARIN Metadata Infrastructure Component Metadata and intermediate solutions Daan Broeder Claus Zinn Dieter van Uytvanck - Max-Planck Institute for Psycholinguistics.
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.

SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
FIM, 2012-06-22, Nijmegen CLARIN: status of FIM Dieter Van Uytvanck 1.

FIM, , Nijmegen CLARIN: status of FIM Dieter Van Uytvanck 1.

Similar presentations

Ads by Google