Presentation is loading. Please wait.

Presentation is loading. Please wait.

SURFfederatie & SURFconext Federated identity system for scientific collaborations 9-10 June 2011 CERN Remco Poortinga – van Wijnen*, SURFnet

Published byShawn Shields Modified over 8 years ago

Similar presentations

Presentation on theme: "SURFfederatie & SURFconext Federated identity system for scientific collaborations 9-10 June 2011 CERN Remco Poortinga – van Wijnen*, SURFnet"— Presentation transcript:

1 SURFfederatie & SURFconext Federated identity system for scientific collaborations 9-10 June 2011 CERN Remco Poortinga – van Wijnen*, SURFnet remco.poortinga@surfnet.nl *with input from a lot of others

2 SURFnet. We make innovation work1 Overview -SURFfederatie -In 3 slides -SURFconext -Background -Features -Architecture -Services -TBD/Future development

3 SURFnet. We make innovation work2 Federation Models -1-1 -Business: SAML 1.x -de-facto -NxN (‘distributed’) -Shared trust, pt2pt -Education VS/Europe -Shibboleth -2xN (‘hub-and-spoke’) -Central gateway (CFC) -Protocol translation -Attribute filtering & enrichment -Easier configuration for IdPs IDPSP IDPSP IDPSP IDPSP IDPSP IDPSP IDPSP CFC

4 SURFnet. We make innovation work3 SURFfederatie Functional View Central Federation Components A-Select Cross Shibboleth SAML 2.0 WS-Fed / ADFS SAML 2.0 WS-Fed / ADFS Identity ProvidersService ProvidersSURFfederatie CORE Applications Credentials

5 Some numbers -IdPs (79) -36 SAML 2.0 -22 (30*) WS-Federation (ADFS) -(* 8 proxied) -13 A-Select -SPs (55+) -Google apps, foodle, live@edu, CLARIN (7), several publishers, libraries, webshops, SURFconext, … -≈ 700k users -(Technically) connected to eduGAIN SURFnet. We make innovation work4

6 SURFconext some background -Goal of SURFnet is to enable collaboration -Across (institutional) borders -Used to be done by SURFgroepen service -Sharepoint -User defined groups/spaces -But: -Monolithic -No domestication (then) -Single (specific) service  no choice -No way to extend groups to other services -(exception: AdobeConnect) SURFnet. We make innovation work5

7 SURFconext -Allow users from different institutions to work together using their own preferred combination of tools -Using groups across services -Using SURFfederatie (trust, identities, attributes) SURFnet. We make innovation work6

8 SURFconext platform features -IdP and SP (SAML 2.0) proxy -Group Relation Provider(s) -IdP and SP and oAuth registry -OpenSocial ‘Gadgets’ for GUI handling -OpenSocial ‘Social Data’ API -VO Registry  VO IdP -Uses OSS components where possible -Apache Shindig – OpenSocial Container -Apache Rave (incubator) – OpenSocial Portal -Corto – Idp/SP proxy -Janus – (SP/IdP Metadata) registry -Is Open Source itself – http://www.openconext.org SURFnet. We make innovation work7

9 SURFconext architecture SURFnet. We make innovation work8

10 SURFconext services -Confluence -Alfresco -Liferay -WebEx -BigBlueButton -Sympa -Lobber -… https://wiki.surfnetlabs.nl/display/domestication/Overview SURFnet. We make innovation work9

11 What’s missing/TBD? -Group Management across boundaries -NREN and/or VO-platform boundary -On the agenda of GN3-JRA3-T2 -Production ready VO support -Group Management in context of a VO -virtualIDP for services supporting only single IdP endpoint (Google apps etc) -Roles and Rights -Roles group management ≠ roles services -Service usage (licenses for guest users) SURFnet - We make innovation work10

12 Questions? -http://www.surffederatie.nl -http://www.surfconext.nl -http://www.openconext.org remco.poortinga@surfnet.nl SURFnet. We make innovation work11

13 Backup slides SURFnet. We make innovation work12

14 OpenSocial - overview App’s Virtual Organization Consumers ‘Social Network’ ‘Social Network’

15

16 https://portal.surfconext.nlhttps://portal.surfconext.nl → http://wiki.apache.org/incubator/RaveProposalhttp://wiki.apache.org/incubator/RaveProposal https://os.surfconext.nlhttps://os.surfconext.nl → http://shindig.apache.org/http://shindig.apache.org/ https://engine.surfconext.nlhttps://engine.surfconext.nl → http://code.google.com/p/corto/http://code.google.com/p/corto/ https://serviceregistry.surfconext.nlhttps://serviceregistry.surfconext.nl → http://code.google.com/p/janus-ssp/ (SURFteams) https://www.surfteams.nl → http://www.internet2.edu/grouper/http://code.google.com/p/janus-ssp/https://www.surfteams.nl

17 SURFconext & eduGAIN SURFnet - We make innovation work16 SURFconext /Corto VOs Groups Service IDP SP Guest IDP eduGAIN SURF- federatie IDP SP IDP SP IDP SP Service

18 17

19 18

20 19

Download ppt "SURFfederatie & SURFconext Federated identity system for scientific collaborations 9-10 June 2011 CERN Remco Poortinga – van Wijnen*, SURFnet"

Similar presentations

Federated Identity for Grid Architects Tom Scavo NCSA

Federated Identity for Grid Architects Tom Scavo NCSA
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
SURFfederatie - eduGAIN Opt-in Metadata Management for a Hub & Spoke Federation.

SURFfederatie - eduGAIN Opt-in Metadata Management for a Hub & Spoke Federation.
An OpenSocial Based Collaboration Infrastructure Paul van Dijk Product Manager SURFnet.

An OpenSocial Based Collaboration Infrastructure Paul van Dijk Product Manager SURFnet.
Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.

Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.
AARNet Copyright 2013 Network Operations OpenConext Workshop Down-Under Enabling Federated Team Management, Group-Aware SPs, and SP Shop-Fronts Neil Witheridge,

AARNet Copyright 2013 Network Operations OpenConext Workshop Down-Under Enabling Federated Team Management, Group-Aware SPs, and SP Shop-Fronts Neil Witheridge,
Update SURFnet Bart Kerver TF-EMC2-meeting, Utrecht, 17 Oktober 2006.

Update SURFnet Bart Kerver TF-EMC2-meeting, Utrecht, 17 Oktober 2006.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Eric Meeks (UCSF) Leslie Yuan (UCSF) OpenSocial Gadget Update from UCSF June 17, 2011 – Harvard Profiles User Group Meeting.

Eric Meeks (UCSF) Leslie Yuan (UCSF) OpenSocial Gadget Update from UCSF June 17, 2011 – Harvard Profiles User Group Meeting.
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
FIM, 2012-06-22, Nijmegen CLARIN: status of FIM Dieter Van Uytvanck 1.

FIM, , Nijmegen CLARIN: status of FIM Dieter Van Uytvanck 1.
Supporting Are we ready? REFEDS, Oct 2013 Ann Harding

Supporting Are we ready? REFEDS, Oct 2013 Ann Harding
Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.

Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.
Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,

Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,
Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
SURFnet. We make innovation work0. 1 State-of-the-art Network IT InnovationLicensing.

SURFnet. We make innovation work0. 1 State-of-the-art Network IT InnovationLicensing.
Géant-TrustBroker project overview Slides assembled by the Géant-TrustBroker team at Leibniz Supercomputing Centre, Germany for a short presentation by.

Géant-TrustBroker project overview Slides assembled by the Géant-TrustBroker team at Leibniz Supercomputing Centre, Germany for a short presentation by.

Similar presentations

Ads by Google