Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sakai Authentication and Directory Architecture for 1.0 and Beyond A response to an E-Mail by Albert Wu and Thomas Bush 8/28/2004 Charles Severance.

Published byFrederica Griffith Modified over 8 years ago

Similar presentations

Presentation on theme: "Sakai Authentication and Directory Architecture for 1.0 and Beyond A response to an E-Mail by Albert Wu and Thomas Bush 8/28/2004 Charles Severance."— Presentation transcript:

1 Sakai Authentication and Directory Architecture for 1.0 and Beyond A response to an E-Mail by Albert Wu and Thomas Bush 8/28/2004 Charles Severance

2 Sakai Tools Sakai Legacy API Implementations JK_connectorWSRP Portals Browsers Sakai API Implementations Plugin Form Based Auth Directory Plugin Enterprise Info Enterprise Info Architecture for 1.0 and 2.0 Apache Plugin OSID

3 Sakai Identity and User Directory Information Approach Sakai must know several things about a person –Basic identity (csev) –Directory Information (first name, Last name, E-Mail, etc) Sakai is very flexible and easily configured to accept information from external sources for either or both of these elements

4 Basic Identity WebISO identity provider –Sakai can be configured to take identity from a WebISO source –Sakai is protected by an apache mod and Tomcat gets identity through the JK connector. The WebISO identity is the Sakai identity and this identity is placed in the framework and all of the Sakai API implementations for use by Sakai tools transparently to all tools and services. Form based Identity –Without WebISO, Sakai uses its own internally generated form- based identity capability which consults the UserDirectory Service for Id/PW information. The UserDirectory service may or may not consult a plugin for this information.

5 Directory Plug Ins The Sakai UserDirectory Service by default simply consults its own internal database for identity and directory information Plugins are used to change this behavior and cause Sakai to consult various sources of enterprise information. There are several choices –The plugin takes responsibility for any subset of identity,password, and all directory information In addition Sakai can be configured to trust the plugin exclusively for all information or to use the plugin to load information into Sakai structure so that authentication can be done locally when the external source is not available.

6 Common Configurations Out of the box - Form based authentication, no plugins, all users are managed and stored internally WebISO used for identity, user directory info stored internally in Sakai. Form based authentication, plugin used for id/pw (say Kerberos) and plugin used for directory info (say LDAP) Form-based authentication, external id/pw validation, local storage of directory information, and local caching of password information (Grid-Portal approach using myproxy) Hybrid - support for both form and webiso authentication with id/pw/directory coming from a combination of plugins and internal data.

7 Time View of Features In Sakai 1.0 –Much of the infrastructure is based on the legacy service implementations so plugins must be built to plug into the legacy implementations –http://cvs.sakaiproject.org/release/1.0.rc2/javadoc/org/sakaiproject/service/l egacy/user/UserDirectoryProvider.htmlhttp://cvs.sakaiproject.org/release/1.0.rc2/javadoc/org/sakaiproject/service/l egacy/user/UserDirectoryProvider.html Between Sakai 1.0 and 2.0 –WSRP support will be added (assuming all goes well) as a mechanism for interacting with Portals. This will also provide identity like WebISO –The Sakai API (not legacy) implementations will be developed and the plugins will be to these implementations –Additional plugin types will be developed based on the OKI OSIDs It would be possible to build a SakaiPlugin which implements AuthUdp, CompleteUdp, PiggybackUdp chich consumes an OKI OSID implementation (RC6 or 2.0) By Sakai 2.0 OSIDs as plugins will be directly supported by a wide range of APIs (Authentication, Directory, Authorization, DR, etc…)

Download ppt "Sakai Authentication and Directory Architecture for 1.0 and Beyond A response to an E-Mail by Albert Wu and Thomas Bush 8/28/2004 Charles Severance."

Similar presentations

Implementing Tableau Server in an Enterprise Environment

Implementing Tableau Server in an Enterprise Environment
Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.

CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.
Introduction to z/OS Security Lesson 4: There’s more to it than RACF

Introduction to z/OS Security Lesson 4: There’s more to it than RACF
Using the Collaborative Tools in NEESgrid Charles Severance University of Michigan.

Using the Collaborative Tools in NEESgrid Charles Severance University of Michigan.
CGW 2009 Vine Toolkit A uniform access and portal solution to existing grid middleware services P.Dziubecki, T.Kuczynski, K.Kurowski, D.Szejnfeld, D.Tarnawczyk,

CGW 2009 Vine Toolkit A uniform access and portal solution to existing grid middleware services P.Dziubecki, T.Kuczynski, K.Kurowski, D.Szejnfeld, D.Tarnawczyk,
SWIM WEB PORTAL by Dipti Aswath SWIM Meeting ORNL Oct 15-17, 2007.

SWIM WEB PORTAL by Dipti Aswath SWIM Meeting ORNL Oct 15-17, 2007.
شهره کاظمی 1 آزمايشکاه سيستم های هوشمند (http://ce.aut.ac.ir/islab) A Simple Definition of Portal Shohreh kazemi 84131065.

شهره کاظمی 1 آزمايشکاه سيستم های هوشمند ( A Simple Definition of Portal Shohreh kazemi
CS 5150 1 CS 5150 Software Engineering Lecture 13 System Architecture and Design 1.

CS CS 5150 Software Engineering Lecture 13 System Architecture and Design 1.
MGRID: Network Testing and Performance Charles J. Antonelli Center for Information Technology Integration University of Michigan.

MGRID: Network Testing and Performance Charles J. Antonelli Center for Information Technology Integration University of Michigan.
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
System Architecture University of Maryland David Henry Office of Information Technology December 6, 2002.

System Architecture University of Maryland David Henry Office of Information Technology December 6, 2002.
Authentication and Authorization in Sakai Charles Severance Sakai Chief Architect www.dr-chuck.com/talks.php.

Authentication and Authorization in Sakai Charles Severance Sakai Chief Architect
Sakai Architecture Charles Severance / Glenn Golden University of Michigan.

Sakai Architecture Charles Severance / Glenn Golden University of Michigan.
Active Directory Lecture 3 – Domain Services Primer.

Active Directory Lecture 3 – Domain Services Primer.
Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.

Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.
Claims Based Authentication

Claims Based Authentication
Submitted by: Madeeha Khalid Sana Nisar Ambreen Tabassum.

Submitted by: Madeeha Khalid Sana Nisar Ambreen Tabassum.

Similar presentations

Ads by Google