Presentation is loading. Please wait.

Presentation is loading. Please wait.

Beispielbild Community Single Sign-on 15 September 2009 Berlin, ISTC meeting Lutz Suhrbier ‏ Networked Information Systems.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Beispielbild Community Single Sign-on 15 September 2009 Berlin, ISTC meeting Lutz Suhrbier ‏ Networked Information Systems."— Presentation transcript:

1 Beispielbild Community Single Sign-on 15 September 2009 Berlin, ISTC meeting Lutz Suhrbier (suhrbier@inf.fu-berlin.de) ‏ Networked Information Systems (http://www.ag-nbi.de) ‏http://www.ag-nbi.de Department of Computer Science, Freie Universität Berlin

2 2 15 September 2009, ISTC meeting, Berlin Why Community Single Sign-On ? EDIT Platform multitude of web-based taxonomic applications and services highly distributed, cross-national service infrastructure Problem of identity management admins must maintain individual user and access control lists users must remember several login/password combinations Need for a comfortable single sign-on (SSO) solution reflecting the specifics of biodiversity infrastructures

3 3 15 September 2009, ISTC meeting, Berlin Single Sign-On Infrastructure

4 4 15 September 2009, ISTC meeting, Berlin Animating the EDIT federation Starting point: Proof-of-concept platform local EDIT federation (1 IdP, 1 SP hosting ExpertsDB/DevTools) ‏ self-signed PKI issuing web server certificates for IdP and SP Current state: Initial platform components in productional use infrastructure upgraded to SAML V2.0 -> single logout (SLO) ‏ initial EDIT federation (1 IdP, 1 SP hosting DevTools) ‏ more than 50 users (EDIT Developers) ‏ Ready for production: Drupal based platform components CDM Dataportals (cichorieae, diptera, palmae) ‏ ExpertsDB, WP5Blog,...

5 5 15 September 2009, ISTC meeting, Berlin Next steps Evaluating interoperability of multiple IdP/SP setup scenarios Shibboleth (integrates standard identity management interfaces) ‏ OpenSSO (also provides simple identity management GUI) ‏ SimpleSAMLphp (PHP-based solution for hosted web spaces) Integration of Spring based components CATE, Taxonomic Editor,... Spring Security SAML module successfully checked out Opening the federation ATBI-Sites (Naturkundemuseum, Drupal, hosted web space) ‏ CATE (Kew, Spring) ‏... (you are welcome to join as IdP or SP) ‏

6 6 15 September 2009, ISTC meeting, Berlin The "Invalid Security Certificate Problem" Cause: server certificates issued by self-signed PKI unexperienced users may be scared off Current solution: install EDIT PKI certificates in web browser needs active user interaction user's guide provided in EDIT Developer Wiki

7 7 15 September 2009, ISTC meeting, Berlin Prospected PKI solution DFN-PKI is certified by Telekom RootCA pre-installed in most common web browsers no additional costs (e.g. Thawte ~ 250€ per year) ‏ EDIT(BGBM) may become DFN-PKI sub registration authority (RA) ‏ enables issuance of accepted server certificates, but requires declarations of consent from domain holder certified servers must be „under the control of BGBM“ dedicated person also responsible for server maintenance DFN-PKI suitable solution for EDIT components at BGBM (e.g. IdP) SPs must look for similar solution or ask their server admin or must accept the constraints of our self-signed EDIT PKI

8 8 15 September 2009, ISTC meeting, Berlin Thanks for your attention ! The End

Download ppt "Beispielbild Community Single Sign-on 15 September 2009 Berlin, ISTC meeting Lutz Suhrbier ‏ Networked Information Systems."

Similar presentations

EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
CLARIN AAI, Web Services Security Requirements

CLARIN AAI, Web Services Security Requirements
Beispielbild The EDIT Platform for Cybertaxonomy Anton Güntsch Freie Universität Berlin Botanic Garden and Botanical Museum Berlin-Dahlem.

Beispielbild The EDIT Platform for Cybertaxonomy Anton Güntsch Freie Universität Berlin Botanic Garden and Botanical Museum Berlin-Dahlem.
EDIT General Meeting Carvoeiro, 23-25 January 2008.

EDIT General Meeting Carvoeiro, January 2008.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Implementing and Administering AD FS

Implementing and Administering AD FS
©Centre for Development of Advanced Computing 1 State e-governance Service Delivery Gateway (SSDG)‏ A Messaging Middleware for.

©Centre for Development of Advanced Computing 1 State e-governance Service Delivery Gateway (SSDG)‏ A Messaging Middleware for.
Public Key Infrastructure Ben Sangster February 23, 2006.

Public Key Infrastructure Ben Sangster February 23, 2006.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
EDIT needs biodiversity information standards The BGBM Berlin-Dahlem EDIT Team.

EDIT needs biodiversity information standards The BGBM Berlin-Dahlem EDIT Team.
Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.

Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
AAI with simpleSAMLphp

AAI with simpleSAMLphp

Similar presentations

Ads by Google