slide1
Download
Skip this Video
Download Presentation
Neil Witheridge [email protected] Program manager

Loading in 2 Seconds...

play fullscreen
1 / 14

Neil Witheridge [email protected] Program manager - PowerPoint PPT Presentation


  • 76 Views
  • Uploaded on

Australian Access Federation Shibboleth Trust Federation AARNet Ozeconference - Identity Management Primer 3 23 rd July 2007. Neil Witheridge [email protected] Program manager Meta Access Management System (MAMS) Project Macquarie E-Learning Centre of Excellence (MELCOE)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Neil Witheridge [email protected] Program manager' - morela


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Australian Access FederationShibboleth Trust FederationAARNet Ozeconference - Identity Management Primer 323rd July2007

Neil Witheridge

[email protected]

Program manager

Meta Access Management System (MAMS) Project

Macquarie E-Learning Centre of Excellence (MELCOE)

Macquarie University

META ACCESS MANAGEMENT SYSTEM

mams project
MAMS Project
  • Meta Access Management System project
    • Funded by DEST under the “Systemic Infrastructure Initiative” for Australian Higher Education
    • Apply Federated Identity and Access Management with aim of facilitating increased research effectiveness

“ At the heart of the middleware required to unleash research potential is the cluster of services described as identity and access management ”.

    • Provide a secure infrastructure for inter-institutional sharing of research data and other resources

META ACCESS MANAGEMENT SYSTEM

trust federation entities

- an open source implementation of OASIS open standard

Security Assertion Markup Language (SAML)

Users

Each user belongs to

an organisation which

manages their identity

and have

privacy concerns

Federation

Manager

SAML

transfer of

user attributes

Identity

Providers

Service

Providers

WAYF

Federation MetadataShared Services

Federation Policies

News, alerts & updates

Secure identity

management is a

core business requirement

Trust

Provide Services accessible

via the web

Want to focus on core business

& avoid risks of managing

users’ confidential info.

Trust Federation Entities
  • Shibboleth

META ACCESS MANAGEMENT SYSTEM

shibboleth protocol

WAYF

Local

Authentication

Authenticate

Shibboleth SP

HTTP Filter

User

Directory

User

Attributes

SAML Request / Response

Attribute

Release

Policies

Protected

Web Application

User Handle

Authorisation

Shibboleth Protocol

Single

Sign

On

Service

Provider

Identity

Provider

META ACCESS MANAGEMENT SYSTEM

shibboleth provides
Shibboleth provides...
  • Federated IAM infrastructure: software components, secure protocol & metadata definitions
  • Implements SAML for secure transfer of user attributes
    • Authentication and Attribute statements
  • Secure transport & message layer transactions through use of PKI
    • Mutual authentication for Server-Server (IdP-SP) transactions
  • Inter-institutional single-sign-on through use of session cookies
    • Shib 2.0 will deliver Single Sign Out
  • Privacy protection via attribute release policies
    • Potential for end-user control of release of attributes to SPs

META ACCESS MANAGEMENT SYSTEM

attribute release management

IdP Admin

Choose service level B

Import

Service

Description

Attribute ReleasePolicies (ARPs)

Service

Description

Service Level A:e.g. view Wiki

Attributes a,b,c

Site

Group

User

Identity

Provider

Service

Provider

Service Level B:e.g. Edit wiki

Attributes a,b,c,d

User Approval of

attribute release

User

Attribute Release Management

ShARPE

Shibboleth

ARP Editor

One aspect of “TRUST”

Effective identity management.

User attributes rightly asserted, with agreed syntax, semantics, and constraints.

Autograph

META ACCESS MANAGEMENT SYSTEM

mams testbed federation
MAMS Testbed Federation

http://federation.org.au/FedManager/listMembers.do

“Level-2” Federation (at 26/6/07):

(Level 2 = known institutions)

21 Service Providers

19 Identity Providers

(~900,000 identities)

META ACCESS MANAGEMENT SYSTEM

mams mini grant program
Round 1 (Feb 2006):

AARNet:

IdP, ENUM SP

Griffith Uni:

IdP, IT Department Wiki SP

Uni of Qld

IdP, eSpace Fedora+Fez SP

Qld Uni of Technology :

ATN IdPs, eGrad School SP

Uni of Sydney

IdP, NANO image database SP

Round 2 (Jul 2006):

Deakin Uni:

IdP, eLectures SP

James Cook Uni:

IdP, JCU/AIMS data access SP

Melbourne Uni:

IdP, LIGO data access SP

Monash Uni:

IdP, Shibbolised SRB SP

Murdoch Uni:

IdP, Online Librarian SP

Curtin Uni:

5 IdPs (WAGUL), Reciprocal Borrowing SPs

MAMS Mini-Grant Program

META ACCESS MANAGEMENT SYSTEM

demo shibboleth sp examples
Demo: Shibboleth SP examples
  • Information Repository Service
    • UQ ePrints Service ( https://espace.library.uq.edu.au/ )
  • Collaborative Tools
    • Shibboleth Wiki
  • Sharing Library Service
    • WAGUL Reciprocal Borrowing
    • Borrower Registration, Workstation Authentication
  • Database Access Service
    • UQ/USyd NANO Project
    • Image database

One name and password = access to many services.

META ACCESS MANAGEMENT SYSTEM

aaf shib trust fed schedule
AAF Shib Trust Fed Schedule
  • Integration & Testing (2007)
    • Technology
      • Federation Management interfaces
      • AusCERT PKI Interfaces
      • Shared (‘Federation level’) Services
      • Grid Services interfaces
      • High-availability infrastructure
      • SP/IdP Deployment assistance
    • Policy Development
    • Outreach (workshops, roadshows)
    • AAF Minigrant projects
  • Release 1 (early 2008)
    • Bootstrapping phase
    • IdP implementation assistance
  • Release 2 (late 2008)

META ACCESS MANAGEMENT SYSTEM

aaf shib trust fed components

Shared / Hosted

Services

AAF Shibboleth Trust Federation (Release 1)

AusCERT

PKI

AAF PKI

Federation

Manager

CA / RA

IdP Support

Grid

Services

Federation

Hosted

IdPs

WAYF

Where Are

You From

IdP

IdP

IdP

IdP

IdP

IdP

IdP

IdP

VHO

SP

SP

SP

SP

SP

SP

SP

SP

SP

SP

SP

SP

SP

SP

SP

SP

SP

SP

SP

SP

SP

Grid Services

CA / RA

SLCS/MICS

CA / RA

Trad PKI

Institutional

Proxy

Certs

Virtual

Organisations

VOMS

GS

GS

GS

GS

VGS

VGS

VGS

VGS

GS

GS

GS

Grid

Services

AAF Shib Trust Fed Components

META ACCESS MANAGEMENT SYSTEM

services applications
Services & Applications
  • Shared/Hosted Services
    • e.g. Federated Directory Search
  • Shibboleth enabled applications & collaboration tools
    • Repositories (e.g. DSpace, Fedora)
    • Wiki’s (e.g. Confluence)
    • Action/defect tracking (e.g. JIRA)
    • Secure Instant Messaging (e.g. for HelpDesk)
    • eResearch VO Toolkit (MAMS’ IAMSuite)
  • Grid Services Interoperability

META ACCESS MANAGEMENT SYSTEM

summary
Summary
  • AAF Shibboleth Trust Federation will
    • provide a secure infrastructure for sharing of resources between member institutions
      • facilitate secure collaborative research & sharing or research data & other resources
    • provide set of services and resources promoting efficient & effective use of the AAF
      • provide secure VO infrastructure
    • provide for privacy control of individual users

META ACCESS MANAGEMENT SYSTEM

slide14

Thank you

Questions ?

Links:

MAMS Testbed Federation: http://www.federation.org.au/

MAMS Project: http://www.melcoe.mq.edu.au/projects/MAMS/

MAMS CMS: https://mams.melcoe.mq.edu.au/zope/mams

Software downloads: http://www.federation.org.au/software

META ACCESS MANAGEMENT SYSTEM

ad