1 / 12

A Ship on the Grid – Interoperability between Shibboleth and the Grid –

A Ship on the Grid – Interoperability between Shibboleth and the Grid –. Dr. Erik Vullings Programme Manager Macquarie University E-Learning Centre of Excellence (MELCOE) Australia Erik.Vullings@melcoe.mq.edu.au. Backing Australia’s Ability.

wilton
Download Presentation

A Ship on the Grid – Interoperability between Shibboleth and the Grid –

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Ship on the Grid– Interoperability between Shibboleth and the Grid – Dr. Erik Vullings Programme Manager Macquarie University E-Learning Centre of Excellence (MELCOE) Australia Erik.Vullings@melcoe.mq.edu.au META ACCESS MANAGEMENT SYSTEM

  2. Backing Australia’s Ability DEST founded ARIIC to guide the first round of SII projects: • Australian Digital Thesis (ADT) • Australian Partnership for Sustainable Repositories (APSR) • Australian Research Repositories Online to the World (ARROW) • Meta Access Management System (MAMS) • Financed by DEST till the end of 2006 (3y, $4.2 million ~ €2,7m) FRODO (Federated Repositories of Digital Objects) META ACCESS MANAGEMENT SYSTEM

  3. Legacy plug-ins Federated search Federated Identity Mgmt Provisioning Access Control Single Sign-On Digital Identity Mgmt META ACCESS MANAGEMENT SYSTEM

  4. Projects I won’t spend a slide on… • Australian Inqueu-like Federation • Easy Install CD, incl. registration • Mini-grant program: Shibbolizing SPs • Shibbolizing GridSphere, DSpace, Zope/Plone, Wiki... • Institutional Repository WebGUI • Fedora with XACML • Virtual Librarian Service • Use Shibboleth to validate IM service • XACML editor for repository policies • XML-free interface META ACCESS MANAGEMENT SYSTEM

  5. Attribute Release Policies When I visit an SP, how do I present myself? Reference #123456 Staff at Macquarie Uni Erik Vullings Staff at Macquarie Uni Who am I? Erik Vullings Erik@mq.edu.au Staff at Macquarie Uni +61-(0)2-9850.6537 MQ META ACCESS MANAGEMENT SYSTEM

  6. Reference #123456 Staff at Macquarie Uni Erik Vullings Staff at Macquarie Uni Erik Vullings Erik@mq.edu.au Staff at Macquarie Uni +61-(0)2-9850.6537 MQ Different cards open different doors – Attributes give access to Features – Enables access to repository Allows me to rank material Allows me to add comments META ACCESS MANAGEMENT SYSTEM

  7. Different cards open different doors – Services & Service Level – META ACCESS MANAGEMENT SYSTEM

  8. Multiple Attribute Authority(Join SAML assertions as SP) Visit other IdP/AA and return META ACCESS MANAGEMENT SYSTEM

  9. Old New University Staff member 1 <<SP>> 3 Query + SessionID Login via WAYF & IdP <<WS>> Search Repositoryi <<Servlet>> Attribute Mngr 2aCreate User Shib session (bypass WAYF) 2bTarget=SessionMngr/SessionID AuthN federated Search (AFS)(Delegated SAML Profile?) Query <<WS>> S <<SP>> R FS <<WS>> S <<SP>> R Access <<SP>> Repositoryi <<WS>> Search <<SP>> AFS IdP META ACCESS MANAGEMENT SYSTEM

  10. <<SP>> GS Portal GS Portal Old New University Staff member MyProxy Server 3 Get proxy cert + SessionID <<Portlet>> MyProxy <<Portlet>> MyProxy 1 Login via WAYF & IdP <<SP>> Attribute Mngr 2aCreate User Shib session (bypass WAYF) 2bTarget=SessionMngr/SessionID Shibbolizing MyProxy(with Jim Basney & Von Welch) Login with Username1 & pwd1 Username2 & pwd2 MyProxy Server IdP META ACCESS MANAGEMENT SYSTEM

  11. VO AA 2 3 WAYF VO members SP IdP Redirect Credentials IdP SP 5 4 AR AA Attribute Requester Attribute Authority IdP+VOattributes IdPattributes LDAP (session) LDAP directory User session Virtual Organisation(Attribute Authority) 1 Request access Claim Transformation Service (CTS) University Staff member • Notes: • At step 4 and 5, mapping of attr.names and values can take place. • Typical VO attr. are entitlements,such as ethnicity, IEEE fellow, etc. • Extendable between federations META ACCESS MANAGEMENT SYSTEM

  12. Fed2Fed SSO 1 Federation A (Fa) IdP SP 7 IdP 2 SP WAYF CTS IdP 6 Federation B (Fb) SP 3 5 CTS WAYF 4 IdP CTS: Claim Transformation Service WAYF: Where Are You From IdP: Identity Provider SP: Service Provider IdP SP IdP META ACCESS MANAGEMENT SYSTEM

More Related