Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fernando M Silva The role of authentication and eID interoperability in the access to scientific databases Fernando M. Silva Instituto Superior Técnico.

Published byMeredith Bostick Modified over 9 years ago

Similar presentations

Presentation on theme: "Fernando M Silva The role of authentication and eID interoperability in the access to scientific databases Fernando M. Silva Instituto Superior Técnico."— Presentation transcript:

1 Fernando M Silva The role of authentication and eID interoperability in the access to scientific databases Fernando M. Silva Instituto Superior Técnico Lisboa, Portugal 13-14 November 2013, UP

2 euroCRIS, November 2013, Porto Outline About Técnico Lisboa Access to scientific resources Authentication and eID eID interoperability –ID Federations –National eID –European developments on eID interoperability –Academic and research eID interoperability Authentication infrastructure at Técnico Lisboa Future trends and challenges Fernando M Silva2

3 About Técnico Lisboa

4 euroCRIS, November 2013, Porto Facts & Figures Fernando M Silva4

5 euroCRIS, November 2013, Porto Fernando M Silva5 Research & education areas

6 euroCRIS, November 2013, Porto Graduate programmes Fernando M Silva6  Aerospace Engineering  Architecture  Biological Engineering  Biomedical Engineering  Biomedical Technologies  Chemical Engineering  Civil Engineering  Electrical and Computer Engineering  Engineering and Water Management  Environmental Engineering  Mechanical Engineering  Petroleum Engineering  Technological Physics Engineering Bioengineering and Nanosystems Biotechnology Chemistry Complex Transport Infrastructure Systems (w/ MIT) Computer Science and Engineering Construction and Rehabilitation Information Systems and Computer Engineering Materials Engineering Mathematics and Applications Mining and Geological Engineering Naval Architecture and Marine Engineering Pharmaceutical Engineering Structural Engineering Territorial Engineering Transport Infrastructure Engineering Transport Planning and Operation Urban Studies and Territorial Management Communication Networks Engineering Electronics Engineering Engineering and Industrial Management Information Systems and Computer Engineering

7 euroCRIS, November 2013, Porto Fernando M Silva  Leaders for the Technical Industries  Materials Engineering  Mathematics  Mechanical Engineering  Naval Architecture and Marine Engineering  Physics  Refining, Petrochemical and Chemical Engineering  River Restoration and Management  Statistics and Stochastic Processes  Sustainable Energy Systems  Technological Change and Entrepreneurship  Technological Physics Engineering  Territorial Engineering  Transportation  Aerospace Engineering  Architecture  Bioengineering  Biomedical Engineering  Biotechnology  Chemical Engineering  Chemistry  Civil Engineering  Climate Changes and Sustainable Development Policy  Computational Engineering  Computer Science and Engineering  Electrical and Computer Engineering  Engineering and Management  Engineering and Public Policy  Environmental Engineering  Geo-Resources  Information Security  Information Systems and Computer Engineering Graduate PhD Lifelong Doctoral programmes

8 euroCRIS, November 2013, Porto Open data is a standard approach for delivering and publishing scientific data –Open data + –Open source + –Open access Access to scientific resources Fernando M Silva8 Open knowledge

9 euroCRIS, November 2013, Porto Authenticated access User authentication is still required in the access to scientific resources in many real case scenarios –Legal constraints –Authorization constraints –Access auditing and monitoring –Other practical or functional reasons Mandatory registration … Fernando M Silva9

10 euroCRIS, November 2013, Porto When registration / authentication is required Internal/institutional users –Internal users may usually provide a fairly strong authentication by providing local access credentials External users –In many real cases scenarios, a simple user registration is required in order to increase the confidence and user id reliability on data access –User registration is often performed adopting a simple e-mail authentication –Of course, e-mail authentication provides a quite “weak” user authentication for auditing and legal purposes. Fernando M Silva10

11 euroCRIS, November 2013, Porto Federated identity management Solution for providing user authentication and access across organizations Common practice in academic and scientific organizations –Infrastructures mostly built around SAML and associated technologies Further to provide cross organization authentication, identity federation are an excellent solution for providing authenticated services to userless organizations –NREN services –Portugal: RCTSaai identity federation Fernando M Silva11

12 euroCRIS, November 2013, Porto Research and education ID federations Fernando M Silva12 Source: refeds.org

13 euroCRIS, November 2013, Porto Research and education ID federations in Europe Fernando M Silva13 Source: refeds.org

14 euroCRIS, November 2013, Porto Shibboleth authentication and authorization model Fernando M Silva14

15 euroCRIS, November 2013, Porto eID authentication: going national In the last few years, many countries started the integration of eID in national identity ID cards –National eID systems may be a convenient source of user authentication and authorization in several scenarios Reliable underlying user authentication process Strong authentication through physical security tokens Support of broader authentication scenarios –Conventional eID federations (e. g., academic) are domain specific Fernando M Silva15

16 euroCRIS, November 2013, Porto National eID interoperability Fernando M Silva16 eID interoperability is a major pre-condition for the delivery of cross borders e-services The EU has been promoting eID interoperability in several LSP projects addressing authentication and cross border services

17 euroCRIS, November 2013, Porto EU LSPs for promoting cross border services Fernando M Silva17 Cross-Border procedures e-health e-justice e-procurement eID Authentication, mandates & representation

18 euroCRIS, November 2013, Porto Generic view of coupling of eID and LSPs Fernando M Silva18

19 euroCRIS, November 2013, Porto Fernando M Silva19 Academic and research area in last LSP... is missing Identity, Security and Trust e-Delivery and e-Interaction Semantics, Processes and Documents Academic & Research/ CERIF should be here...

20 euroCRIS, November 2013, Porto Stork 2.0 authentication model Fernando M Silva20 eID integration and interoperability Implementation of a proxy service (PEPS) in each member state Optional support of a V- IdP for distributed solutions Stork project

21 euroCRIS, November 2013, Porto Authentication model at Técnico Lisboa Fernando M Silva21 Single IdP infrastructure for all ICT services: Academic information services Mail VoIP ERP systems Procurement services WiFi (eduroam) access CPU resources Storage resources Web services Desktop access …

22 euroCRIS, November 2013, Porto eID building blocks Fernando M Silva22 Local authentication infrastructure LDAP (OpenLDAP) Authentication backend: Kerberos RADIUS (FreeRadius) Single Sign-On (SSO) support Central Authentication Service (Yale University) ID federation support Shibollet, OpenSAML - National Academic federation RCTSaai, FCCN RADIUS – Eduroam access (FCCN / TERENA) National eID suport (cartão de cidadão) Support of eID interoperability platform STORK, Stork 2.0 eSENS

23 euroCRIS, November 2013, Porto SSO login Fernando M Silva23

24 euroCRIS, November 2013, Porto SSO: CAS model Fernando M Silva24 LDAPKerberos Authentication server Web Browser Service 1 2 3 4 Ticket 5 6 Ticket validation

25 euroCRIS, November 2013, Porto Client implementation: authentication request Fernando M Silva25 Case 1: PHP code <?php include_once('CAS/CAS.php'); phpCAS::client(CAS_VERSION_2_0,'id.ist.utl.pt',443,'/cas'); phpCAS::forceAuthentication(); // Force authentication: browser redirected to IdP IF not authenticated // If the code reaches this step, the user has already been authenticated bythe CAS server $user = phpCas::getUser(); // [Specific server processing] phpCAS::logout(); // Logout ?> Case 2: mod_auth_cas installed on apache server Fill the.htaccess in selected directories AuthType CAS AuthName "IST Network Services" require user

26 euroCRIS, November 2013, Porto Conclusions Authenticated access to scientific resources by external users can be easily provided by eID federations –Complexity is often hidden to the client process; –National eID systems offer a general purpose powerful authentication infrastructure –European eID authentication is already made possible by existing tools and infrastructures. Extension of cross border services in European LSPs must be extended to research & academic domains. –Active promotion required… Fernando M Silva26

27 euroCRIS, November 2013, Porto Thank you for your attention Fernando M Silva27

Download ppt "Fernando M Silva The role of authentication and eID interoperability in the access to scientific databases Fernando M. Silva Instituto Superior Técnico."

Similar presentations

ICT research priorities and recommendations for strategy development in the WBC Ulrike Kunze / PT-DLR, Germany Consultation session on recommendations.

ICT research priorities and recommendations for strategy development in the WBC Ulrike Kunze / PT-DLR, Germany Consultation session on recommendations.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.

Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.
e-TrustEx e-PRIOR CIPA e-Delivery

e-TrustEx e-PRIOR CIPA e-Delivery
How eID and eSignatures work in a cross-border setting Wendy Carrara SPOCS Deputy Programme Director eID workshop Reaping the benefits of eID in different.

How eID and eSignatures work in a cross-border setting Wendy Carrara SPOCS Deputy Programme Director eID workshop Reaping the benefits of eID in different.
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
School of Health Science AND Human Services Health Science Cluster Biotechnology Research and Development Diagnostic Services CAS — Public Health and Advanced.

School of Health Science AND Human Services Health Science Cluster Biotechnology Research and Development Diagnostic Services CAS — Public Health and Advanced.
The European Activities of BR Communication e-CODEX e-Justice Communication via Online Data Exchange Bucharest, June 14 th 2013.

The European Activities of BR Communication e-CODEX e-Justice Communication via Online Data Exchange Bucharest, June 14 th 2013.
Stork is an EU co-funded project INFSO-ICT-PSP-224993 www.brz.gv.at STORK PRESENTATION STORK eGov Symposium Bern 09.Nov.2010 Dipl.-Ing. (FH) Klaus J. John.

Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION STORK eGov Symposium Bern 09.Nov.2010 Dipl.-Ing. (FH) Klaus J. John.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Stork is an EU co-funded project INFSO-ICT-PSP-224993 Secure Identity Across Borders Linked Secure Electronic Identity Across Europe! STORK – 4 TH I NDUSTRY.

Stork is an EU co-funded project INFSO-ICT-PSP Secure Identity Across Borders Linked Secure Electronic Identity Across Europe! STORK – 4 TH I NDUSTRY.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)

2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)
E-SENS Electronic Simple European Networked Services Moving services forward Dr. Cagatay KARABAT National Coordinator of e-SENS.

E-SENS Electronic Simple European Networked Services Moving services forward Dr. Cagatay KARABAT National Coordinator of e-SENS.
Stork is an EU co-funded project INFSO-ICT-PSP-224993 STORK PRESENTATION STORK Presentation Lithuania March 2010.

Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION STORK Presentation Lithuania March 2010.
Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo

Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo

Similar presentations

Ads by Google