Presentation is loading. Please wait.

Presentation is loading. Please wait.

FEUDAL Uros Stevanovic Federated User Credential Deployment Portal SA1

Published byPoppy Blair Modified over 5 years ago

Similar presentations

Presentation on theme: "FEUDAL Uros Stevanovic Federated User Credential Deployment Portal SA1"— Presentation transcript:

1 FEUDAL Uros Stevanovic Federated User Credential Deployment Portal SA1
Karlsruhe Institute of Technology AARC AHM, Milan, Italy

2 In the beginning….

3 “Science”

4 “Cloud”

5 Remote resources

6 Remote access “AARC BPA”

7 Remote access “AARC BPA” #MAAGA

8 Remote access

9 Remote access Accounts (Credentials)

10 “User deployment” User “creation”  Account provisioning
Creating/assigning a user account on the Service side E.g. name, group, home folder Deploying a credential for a user SSH Password Tokens

11 TTS service (existing solutions) “User deployment”
User “creation”  Account provisioning Creating/assigning a user account on the Service side E.g. name, group, home folder Deploying a credential for a user SSH Password Tokens TTS service (existing solutions)

12 “User deployment” User “creation”  Account provisioning
Creating/assigning a user account on the Service side E.g. name, group, home folder Deploying a credential for a user SSH Password Tokens

13 Federated User Credential Deployment Portal
“User deployment” User “creation”  Account provisioning Creating/assigning a user account on the Service side E.g. name, group, home folder Deploying a credential for a user SSH Password Tokens Federated User Credential Deployment Portal FEUDAL

14 AARC BPA

15 AARC BPA FEUDAL

16 FEUDAL requirements Web Portal Deployment Services At the sites:
Federated user authentication Credentials: SSH public keys Fault tolerant Fast response time Services Distributed Services can be hosted at multiple sites Sites can host multiple services At the sites: Interface with all possible User Management Systems (within reason) Customisable by the local Administrator Easy integration Management of no incoming connections Secure

17 FEUDAL architecture Distributed: Central elements: Web portal
FEUDAL clients Every site hosts one or more clients The clients execute the deployments Central elements: Web portal User interface FEUDAL backend + database Sends messages to the clients Stores user information and credentials

18 Architecture

19 Architecture Interface to SP-IdP-Proxy: OpenID Connect
Backend: Django/Python Inbuilt administration frontend Simplifies usage of Database Django REST Framework Clients: Go (others supported) Static linking Webpage: Angular/Typescript

20 Messaging JSON Backend → Client: Backend ← Client: Acknowledgement
identifier action ∈ { “deploy”, “remove” } service SSH public key user info (from OpenID Connect) group memberships (from Unity) Backend ← Client: Acknowledgement

21 Messaging Publish Subscribe
Quick transmission (close to network latency) Only outgoing connections at the clients Dedicated message broker: RabbitMQ Delegated authentication of clients Inbuilt message routing

22 DEMO

23 Summary FEUDAL provides: Account provisioning Deploying credentials
Key features: Realtime deployment: Instant feedback for users Asynchronous deployment: Retransmission of information (if sites are offline) “Discovery” deployments: "new" sites/resources (in a “VO”) automatically receive info Full sites control integration: system admins provides “mechanisms/call-outs” for user management FEUDAL transmits “unmodified” user information

24

Download ppt "FEUDAL Uros Stevanovic Federated User Credential Deployment Portal SA1"

Similar presentations

RASPro is a secure high performance remote application delivery platform through a perfect combination of application hosting and application streaming.

RASPro is a secure high performance remote application delivery platform through a perfect combination of application hosting and application streaming.
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
VCT May 20, 2009 Sapna Blesson Advisor: Dr.Christopher Pollett.

VCT May 20, 2009 Sapna Blesson Advisor: Dr.Christopher Pollett.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.

.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Module 12: Designing an AD LDS Implementation. AD LDS Usage AD LDS is most commonly used as a solution to the following requirements: Providing an LDAP-based.

Module 12: Designing an AD LDS Implementation. AD LDS Usage AD LDS is most commonly used as a solution to the following requirements: Providing an LDAP-based.
Riccardo Bruno INFN.CT Sevilla, 10-14 Sep 2007 The GENIUS Grid portal.

Riccardo Bruno INFN.CT Sevilla, Sep 2007 The GENIUS Grid portal.
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education www.netprof.us.

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
Module 8 Configuring and Securing SharePoint Services and Service Applications.

Module 8 Configuring and Securing SharePoint Services and Service Applications.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.

M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
Exchange 2013. Exchange Server Role Architecture in Exchange Server 2013 Server roles in Exchange Server 2013: Client Access Server Mailbox Server Client.

Exchange Exchange Server Role Architecture in Exchange Server 2013 Server roles in Exchange Server 2013: Client Access Server Mailbox Server Client.

Similar presentations

Ads by Google