Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shibboleth, SRB, PGL & Plone Russell Sim. MyProxy client uses portal with Web SSO protected with an SP transformation of attributes to certs by MyProxy.

Published byMadeline Lindsey Modified over 8 years ago

Similar presentations

Presentation on theme: "Shibboleth, SRB, PGL & Plone Russell Sim. MyProxy client uses portal with Web SSO protected with an SP transformation of attributes to certs by MyProxy."— Presentation transcript:

1 Shibboleth, SRB, PGL & Plone Russell Sim

2 MyProxy client uses portal with Web SSO protected with an SP transformation of attributes to certs by MyProxy certs stored in portal to access grid services part of ShibGrid (gridshib requires all SPs to be Shibboleth aware)

3 Using MyProxy 1. Store credentials in MyProxy w/ anonymous access 2. Log in with MyProxy credentials 3. Extract credentials from MyProxy 4. Connect to SRB w/ credentials 5. Locate users based on DN SRBMyProxy Gridsphere/P GL

4 GSI & Shibgrid in SRB Authenticate with:  SRB Username+domain+password; or  GSI certificate  MyProxy Username+password This only provides authentication, not encryption Using Shibb for auth. would be hard because SRB isn't a web-app  Use GSI_AUTH, and Shibb-MyProxy (Shibgrid) Shibgrid is a modified MyProxy  using dynamic creation of certificates.  encoding of shibboleth attributes in certificate. By encoding SAML groups into Shibb-MyProxy certs. SRB could update groups on login  Possible security concerns with revoking groups in SRB  Administrator defines which groups are acknowledged.

5 Personal Grid Library PGL is a set of Gridsphere Portlets for SRB  Reusable within other projects Provides:  Object and collection manipulation  User metadata templates  Annotations  Searching including recursive and wildcard  Previews  Simple library view

6 GSI in PGL Upload a proxy certificate (Messy) Use MyProxy directly (Implemented) Use GridPortlets credential store  MyProxy Gridsphere authentication available (TODO) Shibboleth-MyProxy from MAMS? (TODO)

7 Logins

8 PGL Browser

9 Plone Plone is a Content Management System Very Flexible Shibboleth support  Development is done but refinement/testing is needed. SRB

10 Plone SRB Provide a view into SRB, exposing it in a different way to PGL  Tree-based view  Full metadata (getting as many attributes form the appropriate tables)  Provide some initial editing for metadata.  Python bindings need extending  Guest account access (December)  Authorisation controlled by plone  User account access including MyProxy (mid January)  Authorisation controlled by SRB  User metadata templates

11 Questions?

12 ShibGrid myProxy WAYF 1 2 3 IdP 4 5 5 Portal 7 6 Grid User

Download ppt "Shibboleth, SRB, PGL & Plone Russell Sim. MyProxy client uses portal with Web SSO protected with an SP transformation of attributes to certs by MyProxy."

Similar presentations

MyProxy Jim Basney Senior Research Scientist NCSA

MyProxy Jim Basney Senior Research Scientist NCSA
Federated Identity for Grid Architects Tom Scavo NCSA

Federated Identity for Grid Architects Tom Scavo NCSA
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
ASPiS - Architecture for a Shibboleth-Protected iRODS System Mark Hedges, Tobias Blanke Centre for e-Research, Kings College London Adil Hasan, Jens Jensen.

ASPiS - Architecture for a Shibboleth-Protected iRODS System Mark Hedges, Tobias Blanke Centre for e-Research, Kings College London Adil Hasan, Jens Jensen.
SearchSearch User Profiles SearchSearchExcelExcelUserProfilesUserProfiles Managed Metadata.

SearchSearch User Profiles SearchSearchExcelExcelUserProfilesUserProfiles Managed Metadata.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.

Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.

EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.
1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.
Globus Computing Infrustructure Software Globus Toolkit 11-2.

Globus Computing Infrustructure Software Globus Toolkit 11-2.
SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
Federated A(A(A))I Jens Jensen hepsysman, RAL, 20110701.

Federated A(A(A))I Jens Jensen hepsysman, RAL,
Tools for e-Research Mat Wyatt. 2 e-Research Sensor nets data compute… Models/ software/ workflows colleagues instruments.

Tools for e-Research Mat Wyatt. 2 e-Research Sensor nets data compute… Models/ software/ workflows colleagues instruments.
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009.

How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009.
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

Similar presentations

Ads by Google