1 / 10

SWITCH Plans for Shibboleth and Grid

SWITCH Plans for Shibboleth and Grid. GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH. First an important reminder…. Happy Valentine’s Day. SWITCHaai. SWITCH built up and operates now SWITCHaai - a national Shibboleth-based AAI

konane
Download Presentation

SWITCH Plans for Shibboleth and Grid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SWITCH Plans forShibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH

  2. First an important reminder…. • Happy Valentine’s Day

  3. SWITCHaai • SWITCH built up and operates now SWITCHaai - a national Shibboleth-based AAI • AAI efforts started in 2002, since last summer in production mode • Current Status: • Approx. 133’000 members of the Swiss higher education sector have AAI-enabled accounts • Approx. 10’000 use SWITCHaai on a regular basis • So far SWITCH has not been active in grids • Among other things SWITCH also operates SWITCHpki

  4. SWITCH and EGEE-2 • SWITCH work on interoperability of Shibboleth and gLite is part of EGEE-2 proposal (by SWITCH in EGEE NREN Federation) • Focus is on • Interoperability (NO replacement for X.509) • Specific for EGEE-2 infrastructure (VOMS etc) • Integrate, re-use, re-engineer existing code, write new code only as needed • Key Concepts: • Home institution of the user should be the Identity Provider • Home institution provides some attributes • But VO is needed for (grid specific) attributes

  5. Plan • Work will start in April 2006 and last for 2 years • Our plan consists of three phases • Two initial, shorter phases with the goal • Start small and hook up Shibboleth AAI to a gLite grid with minimum amount of changes (in particular no change at the CE) • Build up knowledge and expertise • April 06 --> summer/fall • A longer third phase • SAML support at the resource end • Design during phase 1 and 2 (summer 06) • Implementation fall 06 --> spring 08

  6. Phase 1 and 2

  7. Phase 1: Integration with SWITCHpki Generation of X.509 by Shib Resource based on AuthN at IdP User generates key pair and submits certificate signing request Admin. Procedures are key for quality of user management System (EUGRIDPMA compliant) Different kinds of assurance levels

  8. Phase 3: SAML Support at the Resource • Goal: Support for SAML for authentication and authorization without relying on X.509 (on a configurable basis) • Should be based on SAML2 and Shibboleth2 • Supports ECP Profile (constrained delegation) • Detailed Design to be done in summer 2006 (depends on Shib2)

  9. Access for Grid Users to Shib SP • Intention: add “symmetry” between enabling access for Shib and grid users • Test-bed SWITCH INFN in 2006

  10. Q & A

More Related