1 / 36

AA Systems

AA Systems. Do you like to puzzle?. 1 st EuroCAMP - Turin March , 3 rd , 2005. Ton.Verschuren@SURFnet.nl. Roadmap. Drivers for an AAI The pieces of the puzzle: network and application access, login, authentication, authorisation, identity management Assessments of current AA systems

edan
Download Presentation

AA Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AA Systems Do you like to puzzle? 1st EuroCAMP - Turin March, 3rd, 2005 Ton.Verschuren@SURFnet.nl

  2. Roadmap • Drivers for an AAI • The pieces of the puzzle: network and application access, login, authentication, authorisation, identity management • Assessments of current AA systems • Federations • Standards • Homework

  3. Why AAI?Personalised service provisioning!

  4. Why AAI?Educational mobility!

  5. Why AAI?Network mobility!

  6. Why AAI?Reduce the digital key ring! X X X

  7. Ingredients of an AAI Network Authorisation (web)Application Authentication Login xxx xxx Administration xxx

  8. Network access: roaming

  9. UDDI/ WSIL A-Select token Application Application Applications Applications Services Services Services AAA AAA AAA AAA Broker Broker Broker Broker OMNInet SURFnet6 Starlight NetherLight Network access: user-controlled light paths

  10. Application access:centralise intelligence

  11. Application access:centralise intelligence

  12. Login server:intermediary between application and AA

  13. Authentication:user perspective

  14. Authentication:choose your own method • IP address • Username / password • LDAP • RADIUS • SQL • Passfaces • PKI certificate • OTP through SMS • OTP through internet banking • Tokens (SecurID, Vasco, …) • Biometrics

  15. Authorisation:Policy engines

  16. Authorisation:Policy engines

  17. Authorisation:3 scenario’s • Authentication = authorisation • Identity plus a few attributes • Privacy-preserving negotiation about attributes to be exchanged

  18. Authorisation:privilege management

  19. Administration:Identity Management • How to record the identities, credentials (attributes or roles), and privileges? • Enterprise (or meta) directory to glue all sources of information together • It’s the underlying basis for an AAI! • …and it’s a hype… • But since yesterday you know this all 

  20. Cross-domain AA:Federations

  21. Cross-domain AA:Ingredients • Policies (e.g. InCommon): • Federation Operating Practices and Procedures • Participant Agreement • Participant Operating Practices • Technologies: • PKI • Schema’s

  22. Quick assessment of current AA systems • Web login (authentication) systems • A-Select, CAS, Cosign, pubcookie • Portal products (Oracle, SiteMinder, Sun One, uPortal) • Authorisation systems • Athens, FEIDE, PAPI, PERMIS, Shibboleth, SPOCP • Portal products

  23. Web login systems(A-Select, CAS, Cosign, Pubcookie) Network Authorisation (web)Application Authentication Login Administration

  24. Authorisation Athens Network Authorisation (web)Application Authentication Login Administration

  25. Authorisation PAPI Network Authorisation (web)Application Authentication Login Administration

  26. AuthorisationPERMIS, SPOCP Network Authorisation (web)Application Authentication Login Administration

  27. Portal productsOracle, SiteMinder, Sun One, uPortal Network Authorisation (web)Application Authentication Login Administration

  28. AuthorisationShibboleth Group A Group B

  29. ? What about……standards? ? ? ? ? ? • Currently many proprietary solutions(sockets, cookies, redirects, …) • Webservices (SOAP, XML RPC, WSDL, WS-*) • SAML • For federations: • WS-Federation (Microsoft, IBM) • SAML (OASIS: 150 companies, Internet2) • Liberty Alliance (Sun, 170 companies)

  30. And the future…? • Converging or dominant standard(s) • Means better interoperability between the pieces of the puzzle • Universal single sign-on across network and application domain • Convergence of EduRoam and weblogin services • Including non-web-based applications

  31. Homework:Manage your identities!

  32. Homework:Manage your identities!

  33. Homework:Manage your identities!

  34. Homework:Start building an AAI! Network Authorisation (web)Application Authentication Login xxx xxx Administration xxx

  35. References • Identity Management • EduRoam • A-Select weblogin • Privilege Management • Intro on federations • Internet2 Federation • Swiss Federation • End-to-end diagnostics

  36. Thank you! Questions?

More Related