1 / 18

Collaborative Platforms

Collaborative Platforms. Collaborations and Virtual Organizations. IdM is a critical dimension of collaboration, crossing many applications and user communities

acarlos
Download Presentation

Collaborative Platforms

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Collaborative Platforms

  2. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications and user communities Virtual organizations represent critical communities of researchers sharing domain resources and applications as well as general collaboration tools. Providing a unified identity management platform for collaboration is essential in a multi-domain, multi-tool world. Lots of activities in domesticating applications to work in a federated world, moving from tool-based identity to collaboration-centric identity.

  3. Collaboration Platform • Integrated set of collaboration apps (wikis, listprocs, CVS, file share, calendaring, etc) • Integration of at least identity and access control via group memberships • Integration of content and meta-data is harder • Repackages successful approaches for a collaborative/project/VO setting • Federated identity, group management, directories, and security token services (aka credential convertors)

  4. Examples of Collaborative Platforms • COmanage • http://middleware.internet2.edu/co/ • http://www.surfnet.nl/Documents/indi-2009-07-020%20(Report%20Collaboration%20Infrastructure).pdf • Commercial offerings – Sharepoint, Adobe Connect, Google Sites, Google Wave, Google Apps • Repurposed LMS –Sakai, Croquet

  5. Collaboration Infrastructure (COIN) Dutch National Collaboration Infrastructure Domesticated tools -Adobe Connect; Alfresco; Foodle; Filesender; Confluence; WSO2 mashup server; OpenFire; Drupal; KnowledgeTree, Sympa and Limesurvey Domesticated services -Google Apps; MyExperiment.org; Twitter;  PubMed Integration across VO, institution and third-party domains Workflow Grid integration

  6. Domestication of applications The work of re-factoring applications to use the emergent identity services infrastructure Begins with federated identity and authentication, use of directories; gains a lot from group management for access control, etc Needs a fine grain set of authorization tools down the road Domesticated apps can receive IdM attributes via LDAP, SAML, X.509, SQL, Kerberos PAC, and maybe all of the above

  7. Typical activities in collaboration management Add or remove people from groups Create new subgroups, identify overlapping memberships, etc. Permit or deny access control to wiki pages, calendars, computing resources, version control systems, etc Add people to mailing lists, wikis, etc Create and delete/archive users, accounts, keys Identify group membership on a given date

  8. COManage Elements Data Store Applications

  9. What’s in a COmanage data store

  10. Grouper A general purpose, extensible, open-source group management tool In production at many institutions in the US and overseas Core national infrastructure service in several countries Manages groups of things – people, devices, processes Has GUI, people picker, group math, inheritance, delegation, provisioning and deprovisioning, etc. Stores values in LDAP directory Aimed at spectrum from power user to collabmin, sysadmin and enterprise IdM.

  11. Security Token Service Converts the form of an existing credential or packs a set of attributes into a new credential Presents external security information to an application or service in the lingua of the app/service Conversions – SAML into X.509, SAML into Kerberos, SAML to LDAP, etc. Mythical in a single comprehensive package; legion in individual instances

  12. What forms does COmanage take? • Usually as an assembled set of services • A dashboard, directory product, Shibboleth IdP and SP, Grouper, and a set of applications provisioned on other servers • On an enterprise level to serve its collaborations and VO’s, within a large VO, or at a federation level to serve a national community • Can also be a VM, a VM in the cloud, or a service with the applications in the cloud. • Can be embedded in a science portal or gateway

  13. Some key issues Extent of application domestication Waiting for other technologies to happen – interfederation, discovery, metadata tagging, etc. GUI approach Domain application/science portal integration

  14. Roles, schema and attributes Research communities have their own cultures, vocabularies, needs Building community-wide consistency on roles, privileges, groups provides tremendous leverage for collaborations Keeping it simple is critical and difficult

  15. Needs of Big Science Researchers Access to collaboration tools Basic group management and access control Command line tools Integration of web and command line IdM and access control No modifications to existing domain science apps International capabilities Multiple levels of assurance Roles, attributes, metadata and ontologies

  16. Relying Party Flows of attributes - 1 Enterprise Project comanage Data Store Enterprise

  17. Relying Party Flows of attributes – 2 – PDP extra pass Enterprise Project comanage Data Store Enterprise

  18. Relying Party Flows of attributes – 3 – IdP to RP Enterprise Project comanage Data Store Enterprise

More Related