Deployment of a shibboleth based infrastructure in switzerland switchaai
Download
1 / 21

Deployment of a Shibboleth-based Infrastructure in Switzerland: SWITCHaai - PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on

Deployment of a Shibboleth-based Infrastructure in Switzerland: SWITCHaai. Martin Sutter, Head of NetServices, SWITCH (Ueli Kienholz & Thomas Lenggenhager) UK e-Science Core Programme Town Meeting Monday 11 th April 2005. Project Timeline. 2001. 2002. 2003. 2004. 2005. 2006. Study.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Deployment of a Shibboleth-based Infrastructure in Switzerland: SWITCHaai' - colby-church


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Deployment of a shibboleth based infrastructure in switzerland switchaai

Deployment of a Shibboleth-based Infrastructure in Switzerland: SWITCHaai

Martin Sutter, Head of NetServices, SWITCH

(Ueli Kienholz & Thomas Lenggenhager)

UK e-Science Core Programme Town Meeting

Monday 11th April 2005


Project timeline
Project Timeline Switzerland: SWITCHaai

2001

2002

2003

2004

2005

2006

Study

Pilot

Implementation

Operation

Study, Planning

Architecture

Evaluation

 Shibboleth


Without aai
Without AAI Switzerland: SWITCHaai

  • Tedious user registration at all resources

  • Unreliable and outdated user data at resources

  • Different login processes

  • Many different passwords

  • Many resources not protected due to difficulties

  • Often IP-based authorization

  • Costly implementation of inter-institutional access

University A

Student Admin

Web Mail

e-Learning

Library B

e-Journals

Literature DB

University C

Research DB

e-Learning

User Administration

Authentication

Authorization

Resource

Credentials


With aai
With AAI Switzerland: SWITCHaai

  • No user registration and user data maintenance at resource needed

  • Single login process for the users

  • Many new resources available for the users

  • Enlarged user communities for resources

  • Authorization independent of location

  • Efficient implementation of inter-institutional access

University A

AAI

Student Admin

Web Mail

e-Learning

Library B

e-Journals

Literature DB

University C

Research DB

e-Learning

User Administration

Authentication

Authorization

Resource

Credentials


Switchaai building blocks
SWITCHaai Building Blocks Switzerland: SWITCHaai

Organizational

Framework

Interoperation

Identity

Providers

(Home Orgs)

Service

Providers

(Resources)

Central

Services

Finances


Organizational framework
Organizational Framework Switzerland: SWITCHaai

Organization

SWITCH acts as SWITCHaai Federation service provider

Federation membership based on signed service agreements


Interoperation
Interoperation Switzerland: SWITCHaai

Requires agreement on technical details like

  • Standards

    • SAML 1.1

  • Software versions

    • Shibboleth 1.1 for identity providersShibboleth 1.2.1 for service providers

  • Accepted certificate authorities

    • SWITCHpki, plus Thawte, Trustcenter, VeriSign

  • Attribute specification

    • SwissEduPerson

Interoperation


Interoperation attributes
Interoperation: Attributes Switzerland: SWITCHaai

Criteria for attribute specification

  • Start simple, extend as required

  • Common understanding on interpretation

  • Already widely used

    SwissEduPerson

  • Attribute usage by applications

  • Use minimal set required

    • Data protection principle

Interoperation


Identity provider integration
Identity Provider Integration Switzerland: SWITCHaai

AAI-enabled

Identity Provider

  • Currently in use in SWITCHaai:

  • Authentication Systems

    • OpenLDAP with CAS or Pubcookie

    • Kerberos AuthN with Active Directory

    • Windows AuthN with IIS

  • User Directory

    • OpenLDAP

    • Active Directory

AAI

AuthenticationSystem

UserDirectory

Identity Providers


Identity providers in switchaai

University Bern Switzerland: SWITCHaai

Université de

Fribourg

Virtual

Home

Org

Université de

Lausanne

Université de Genève

Identity Providers in SWITCHaai

Operational AAI Identity Provider

University Hospital

Zurich

Zürcher Hochschule

Winterthur

AAI Identity Provider getting ready

Prototype running

University

Zurich

Service Agreement

SFIT Zurich

SWITCH

University

Lucerne

Identity Providers

110’000 Swiss Higher Ed users

have an AAI-Account (≈ 50% of all)


Virtual home organization vho

VHO Service Switzerland: SWITCHaai

@SWITCH

User Dir

Virtual Home Organization – VHO

  • Integrate end users without identity pprovider

  • Resource owner creates @VHO “AAI-enabled” accounts forusers without an identity provider

  • A VHO account is only usable for the resource managed by the resource owner

Some end users

without

identity provider

Federation Member

Identity

Provider

Resource

Owner

End User

Admin

VHO Policy

Identity Providers


Switchaai building blocks1
SWITCHaai Building Blocks Switzerland: SWITCHaai

Organizational

Framework

Interoperation

Identity

Providers

(Home Orgs)

Service

Providers

(Resources)

Central

Services

Finances


Types of service providers
Types of Service Providers Switzerland: SWITCHaai

e-learning

libraries

OLAT

[email protected]

EZproxy

[email protected]

VITELS

ScienceDirect

DOIT

Blackboard

Moodle

BSCW

ILIAS

AD Learn & Co

other web applications

commercial

Vconf-Reservation

SwissLex

TWiki

SMS-Gateway

eShops

IS-Academia

Service Providers

[email protected]


Service provider example doit
Service Provider Example: DOIT Switzerland: SWITCHaai

DOIT: Dermatology Online with Interactive Technology

Access Rule

IdP = UniZH | UniBE | UniL

affiliation = student

studyBranch = medicine

studyLevel = 15

AAI Identity Provider

AAI Service Provider

UniZH

ETHZ

SWITCH

UniBE

VHO

UniL

UniGE

Service Providers

500 AAI Users


Service provider example olat
Service Provider Example: OLAT Switzerland: SWITCHaai

OLAT: Online Learning an Training (open source e-learning platform of the University of Zurich)

AAI Identity Provider

AAI Service Provider

UniZH

ETHZ

SWITCH

UniBE

VHO

UniL

UniGE

Service Providers

5000 AAI Users

75 Courses


Integration of blackboxes
Integration of „Blackboxes“ Switzerland: SWITCHaai

  • Authentication / authorization gateway

  • Portal functionalities (optional)

  • User management (optional)

  • Adaptors toblackbox applications:

    • WebCT Vista

    • WebCT CE

Sign

On

Application

AAIportal

A1

A2

API

.

.

.

Shibboleth

Service Providers


Central aai services
Central AAI Services Switzerland: SWITCHaai

  • Strategy & marketing

  • International contacts

  • Support, consulting, training

  • Providing federation-specific files and configuration guides

  • Operating WAYF

  • Testing parties (identity provider  service provider)

  • Jump-start service

Central Services


Funding
Funding Switzerland: SWITCHaai

funding / costs

pilot project

project

operational service

funded by SWITCH & Universities

funded by federal grants

funded by tariffs

2000

2001

2002

2003

2004

2005

2006

2007

2008

2009

2010

Finances


Outlook
Outlook Switzerland: SWITCHaai

  • Projects with federal grants

  • Non-web service providers, e.g. grid

  • ECTS (Study)

  • AAA (Study)

  • Federation partners


Further information
Further Information Switzerland: SWITCHaai

  • SWITCHaai Website

    http://www.switch.ch/aai

  • Shibboleth

  • http://shibboleth.internet2.edu/

  • Shibboleth Demo

    http://www.switch.ch/aai/demo

  • Attribute Specification

    http://www.switch.ch/aai/docs/AAI_Attr_Specs.pdf


Questions
Questions ? Switzerland: SWITCHaai

Q & A

http://www.switch.ch/aai

[email protected]


ad