Presentation is loading. Please wait.

Presentation is loading. Please wait.

Researcher ID September13 2013 Presented by Terry Smith - AAF Technical Manager.

Published byCollin Williams Modified over 8 years ago

Similar presentations

Presentation on theme: "Researcher ID September13 2013 Presented by Terry Smith - AAF Technical Manager."— Presentation transcript:

1 Researcher ID September13 2013 Presented by Terry Smith - AAF Technical Manager

2 Researcher ID The brief Creation of a test “sandbox” environment for the Researcher ID -Populate an LDAP directory -Based on Authn and Attributes from AAF or Social Authentication -Simple UI for Researchers to manage their Researcher ID (Passwords, etc) -Extend the accounts with Group membership, permissions and roles -Simple workflow that can be used by resource owners -Test against use cases provided by the RDSI Nodes Determine what it will take to run as a production system

3 Researcher ID Identity Provisioning & Account Management Researcher ID Identity Store Group Mgnt, Workflows and APIs Node Applications & Resources Web Apps Federated and/or Social Authentication + Groups Web Apps Federated and/or Social Authentication + Groups App LDAP or Oauth Authentication + Groups App LDAP or Oauth Authentication + Groups Server Access PAM-LDAP + Groups Server Access PAM-LDAP + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups RestAPI RW Master Replicas LDAP WebUi VOOT Social Authentication Account and Password Management Advanced account provisioning Advanced account provisioning IdP AAF DS IdP Federated Authentication RO Node RO Replicas RO RestAPI LDAP OAuth SAML AA WebUi VOOT SAML IdP OU=People OU=Groups DN=email-address + AAF Core Attrs + MemberOf DN=Group Name Members=…

4 Researcher ID Identity Provisioning & Account Management Researcher ID Identity Store Group Mgnt, Workflows and APIs Node Applications & Resources Web Apps Federated and/or Social Authentication + Groups Web Apps Federated and/or Social Authentication + Groups App LDAP or Oauth Authentication + Groups App LDAP or Oauth Authentication + Groups Server Access PAM-LDAP + Groups Server Access PAM-LDAP + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups RestAPI RW Master Replicas LDAP WebUi VOOT Social Authentication Account and Password Management Advanced account provisioning Advanced account provisioning IdP AAF DS IdP Federated Authentication RO Node RO Replicas RO RestAPI LDAP OAuth SAML AA WebUi VOOT SAML IdP OU=People OU=Groups DN=email-address + AAF Core Attrs + MemberOf DN=Group Name Members=…

5 Researcher ID Identity Provisioning & Account Management Researcher ID Identity Store Group Mgnt, Workflows and APIs Node Applications & Resources Web Apps Federated and/or Social Authentication + Groups Web Apps Federated and/or Social Authentication + Groups App LDAP or Oauth Authentication + Groups App LDAP or Oauth Authentication + Groups Server Access PAM-LDAP + Groups Server Access PAM-LDAP + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups RestAPI RW Master Replicas LDAP WebUi VOOT Social Authentication Account and Password Management Advanced account provisioning Advanced account provisioning IdP AAF DS IdP Federated Authentication RO Node RO Replicas RO RestAPI LDAP OAuth SAML AA WebUi VOOT SAML IdP OU=People OU=Groups DN=email-address + AAF Core Attrs + MemberOf + Password DN=Group Name Members=…

6 Researcher ID Identity Provisioning & Account Management Researcher ID Identity Store Group Mgnt, Workflows and APIs Node Applications & Resources Web Apps Federated and/or Social Authentication + Groups Web Apps Federated and/or Social Authentication + Groups App LDAP or Oauth Authentication + Groups App LDAP or Oauth Authentication + Groups Server Access PAM-LDAP + Groups Server Access PAM-LDAP + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups RestAPI RW Master Replicas LDAP WebUi VOOT Social Authentication Account and Password Management Advanced account provisioning Advanced account provisioning IdP AAF DS IdP Federated Authentication RO Node RO Replicas RO RestAPI LDAP OAuth SAML AA WebUi VOOT SAML IdP OU=People OU=Groups DN=POSIX Username + AAF Core Attrs + MemberOf + Password + Posix Attrs DN=Posix GroupName Members=… + Posix Attrs

7 Researcher ID Identity Provisioning & Account Management Researcher ID Identity Store Group Mgnt, Workflows and APIs Node Applications & Resources Web Apps Federated and/or Social Authentication + Groups Web Apps Federated and/or Social Authentication + Groups App LDAP or Oauth Authentication + Groups App LDAP or Oauth Authentication + Groups Server Access PAM-LDAP + Groups Server Access PAM-LDAP + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups RW Master Replicas LDAP WebUi VOOT Social Authentication Account and Password Management Advanced account provisioning Advanced account provisioning IdP AAF DS IdP Federated Authentication RO Node RO Replicas RO RestAPI LDAP OAuth SAML AA WebUi SAML IdP OU=People OU=Groups DN=POSIX Username + AAF Core Attrs + MemberOf + Password + Posix Attrs + Kerberos + PKI Certs DN=Posix GroupName Members=… + Posix Attrs Kerberos CA

8 Researcher ID The Use cases dictates the Schema and components that need to be included to build the Researcher ID Infrastructure. Next activity - Building an end to end pilot Researcher ID

9 Researcher ID Possible Protocols and Services supported by the Researcher ID? NFS WebDav Globus Online SSH / SCP SFPT SIF Shares Aspera Grid FTP Web http

Download ppt "Researcher ID September13 2013 Presented by Terry Smith - AAF Technical Manager."

Similar presentations

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.

Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
ARCHER’s Security Requirements within the AAF. 2 Research Repository Requirements (relevant to AAF) Identity Management provided by the Federation  Single-sign-on.

ARCHER’s Security Requirements within the AAF. 2 Research Repository Requirements (relevant to AAF) Identity Management provided by the Federation  Single-sign-on.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
3 rd SG13 Regional Workshop for Africa on “ITU-T Standardization Challenges for Developing Countries Working for a Connected Africa” (Livingstone, Zambia,

3 rd SG13 Regional Workshop for Africa on “ITU-T Standardization Challenges for Developing Countries Working for a Connected Africa” (Livingstone, Zambia,
The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.

The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.
Active Directory federation user provisioning.

Active Directory federation user provisioning.
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
TWSd Configuring Tivoli Workload Scheduler Security 1of3

TWSd Configuring Tivoli Workload Scheduler Security 1of3
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
(ITI310) SESSIONS 9-10-11-12: Active Directory By Eng. BASSEM ALSAID.

(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
ARC312. Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication.

ARC312. Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education www.netprof.us.

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education

Similar presentations

Ads by Google