A ship on the grid interoperability between shibboleth and the grid
Download
1 / 12

A Ship on the Grid – Interoperability between Shibboleth and the Grid – - PowerPoint PPT Presentation


  • 73 Views
  • Uploaded on

A Ship on the Grid – Interoperability between Shibboleth and the Grid –. Dr. Erik Vullings Programme Manager Macquarie University E-Learning Centre of Excellence (MELCOE) Australia [email protected] Backing Australia’s Ability.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' A Ship on the Grid – Interoperability between Shibboleth and the Grid –' - wilton


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
A ship on the grid interoperability between shibboleth and the grid

A Ship on the Grid– Interoperability between Shibboleth and the Grid –

Dr. Erik Vullings

Programme Manager

Macquarie University E-Learning Centre of Excellence (MELCOE)

Australia

[email protected]

META ACCESS MANAGEMENT SYSTEM


Backing australia s ability
Backing Australia’s Ability

DEST founded ARIIC to guide the first round of SII projects:

  • Australian Digital Thesis (ADT)

  • Australian Partnership for Sustainable Repositories (APSR)

  • Australian Research Repositories Online to the World (ARROW)

  • Meta Access Management System (MAMS)

    • Financed by DEST till the end of 2006 (3y, $4.2 million ~ €2,7m)

FRODO (Federated Repositories of Digital Objects)

META ACCESS MANAGEMENT SYSTEM


Legacy plug-ins

Federated search

Federated Identity Mgmt

Provisioning

Access Control

Single Sign-On

Digital Identity Mgmt

META ACCESS MANAGEMENT SYSTEM


Projects i won t spend a slide on
Projects I won’t spend a slide on…

  • Australian Inqueu-like Federation

    • Easy Install CD, incl. registration

    • Mini-grant program: Shibbolizing SPs

    • Shibbolizing GridSphere, DSpace, Zope/Plone, Wiki...

  • Institutional Repository WebGUI

    • Fedora with XACML

  • Virtual Librarian Service

    • Use Shibboleth to validate IM service

  • XACML editor for repository policies

    • XML-free interface

META ACCESS MANAGEMENT SYSTEM


Attribute release policies
Attribute Release Policies

When I visit an SP, how do I present myself?

Reference #123456

Staff at Macquarie Uni

Erik Vullings

Staff at Macquarie Uni

Who am I?

Erik Vullings

[email protected]

Staff at Macquarie Uni

+61-(0)2-9850.6537

MQ

META ACCESS MANAGEMENT SYSTEM


Different cards open different doors attributes give access to features

Reference #123456

Staff at Macquarie Uni

Erik Vullings

Staff at Macquarie Uni

Erik Vullings

[email protected]

Staff at Macquarie Uni

+61-(0)2-9850.6537

MQ

Different cards open different doors – Attributes give access to Features –

Enables access to repository

Allows me to rank material

Allows me to add comments

META ACCESS MANAGEMENT SYSTEM


Different cards open different doors services service level
Different cards open different doors – Services & Service Level –

META ACCESS MANAGEMENT SYSTEM


Multiple attribute authority join saml assertions as sp
Multiple Attribute Authority(Join SAML assertions as SP)

Visit other IdP/AA and return

META ACCESS MANAGEMENT SYSTEM


Authn federated search afs delegated saml profile

Old

New

University

Staff member

1

<<SP>>

3

Query +

SessionID

Login via

WAYF & IdP

<<WS>>

Search

Repositoryi

<<Servlet>>

Attribute Mngr

2aCreate User

Shib session

(bypass WAYF)

2bTarget=SessionMngr/SessionID

AuthN federated Search (AFS)(Delegated SAML Profile?)

Query

<<WS>>

S

<<SP>>

R

FS

<<WS>>

S

<<SP>>

R

Access

<<SP>>

Repositoryi

<<WS>>

Search

<<SP>>

AFS

IdP

META ACCESS MANAGEMENT SYSTEM


Shibbolizing myproxy with jim basney von welch

<<SP>>

GS Portal

GS Portal

Old

New

University

Staff member

MyProxy Server

3

Get proxy cert + SessionID

<<Portlet>>

MyProxy

<<Portlet>>

MyProxy

1

Login via

WAYF & IdP

<<SP>>

Attribute Mngr

2aCreate User

Shib session

(bypass WAYF)

2bTarget=SessionMngr/SessionID

Shibbolizing MyProxy(with Jim Basney & Von Welch)

Login with

Username1 & pwd1

Username2 & pwd2

MyProxy Server

IdP

META ACCESS MANAGEMENT SYSTEM


Virtual organisation attribute authority

VO AA

2

3

WAYF

VO members

SP

IdP

Redirect

Credentials

IdP

SP

5

4

AR

AA

Attribute

Requester

Attribute

Authority

IdP+VOattributes

IdPattributes

LDAP

(session)

LDAP

directory

User

session

Virtual Organisation(Attribute Authority)

1

Request

access

Claim

Transformation

Service

(CTS)

University

Staff member

  • Notes:

  • At step 4 and 5, mapping of attr.names and values can take place.

  • Typical VO attr. are entitlements,such as ethnicity, IEEE fellow, etc.

  • Extendable between federations

META ACCESS MANAGEMENT SYSTEM


Fed2fed sso
Fed2Fed SSO

1

Federation A (Fa)

IdP

SP

7

IdP

2

SP

WAYF

CTS

IdP

6

Federation B (Fb)

SP

3

5

CTS

WAYF

4

IdP

CTS: Claim Transformation Service

WAYF: Where Are You From

IdP: Identity Provider

SP: Service Provider

IdP

SP

IdP

META ACCESS MANAGEMENT SYSTEM


ad