1 / 21

Deployment of a Shibboleth-based Infrastructure in Switzerland: SWITCHaai

Deployment of a Shibboleth-based Infrastructure in Switzerland: SWITCHaai. Martin Sutter, Head of NetServices, SWITCH (Ueli Kienholz & Thomas Lenggenhager) UK e-Science Core Programme Town Meeting Monday 11 th April 2005. Project Timeline. 2001. 2002. 2003. 2004. 2005. 2006. Study.

monte
Download Presentation

Deployment of a Shibboleth-based Infrastructure in Switzerland: SWITCHaai

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Deployment of a Shibboleth-based Infrastructure in Switzerland: SWITCHaai Martin Sutter, Head of NetServices, SWITCH (Ueli Kienholz & Thomas Lenggenhager) UK e-Science Core Programme Town Meeting Monday 11th April 2005

  2. Project Timeline 2001 2002 2003 2004 2005 2006 Study Pilot Implementation Operation Study, Planning Architecture Evaluation  Shibboleth

  3. Without AAI • Tedious user registration at all resources • Unreliable and outdated user data at resources • Different login processes • Many different passwords • Many resources not protected due to difficulties • Often IP-based authorization • Costly implementation of inter-institutional access University A Student Admin Web Mail e-Learning Library B e-Journals Literature DB University C Research DB e-Learning User Administration Authentication Authorization Resource Credentials

  4. With AAI • No user registration and user data maintenance at resource needed • Single login process for the users • Many new resources available for the users • Enlarged user communities for resources • Authorization independent of location • Efficient implementation of inter-institutional access University A AAI Student Admin Web Mail e-Learning Library B e-Journals Literature DB University C Research DB e-Learning User Administration Authentication Authorization Resource Credentials

  5. SWITCHaai Building Blocks Organizational Framework Interoperation Identity Providers (Home Orgs) Service Providers (Resources) Central Services Finances

  6. Organizational Framework Organization SWITCH acts as SWITCHaai Federation service provider Federation membership based on signed service agreements

  7. Interoperation Requires agreement on technical details like • Standards • SAML 1.1 • Software versions • Shibboleth 1.1 for identity providersShibboleth 1.2.1 for service providers • Accepted certificate authorities • SWITCHpki, plus Thawte, Trustcenter, VeriSign • Attribute specification • SwissEduPerson Interoperation

  8. Interoperation: Attributes Criteria for attribute specification • Start simple, extend as required • Common understanding on interpretation • Already widely used SwissEduPerson • Attribute usage by applications • Use minimal set required • Data protection principle Interoperation

  9. Identity Provider Integration AAI-enabled Identity Provider • Currently in use in SWITCHaai: • Authentication Systems • OpenLDAP with CAS or Pubcookie • Kerberos AuthN with Active Directory • Windows AuthN with IIS • User Directory • OpenLDAP • Active Directory AAI AuthenticationSystem UserDirectory Identity Providers

  10. University Bern Université de Fribourg Virtual Home Org Université de Lausanne Université de Genève Identity Providers in SWITCHaai Operational AAI Identity Provider University Hospital Zurich Zürcher Hochschule Winterthur AAI Identity Provider getting ready Prototype running University Zurich Service Agreement SFIT Zurich SWITCH University Lucerne Identity Providers 110’000 Swiss Higher Ed users have an AAI-Account (≈ 50% of all)

  11. VHO Service @SWITCH User Dir Virtual Home Organization – VHO • Integrate end users without identity pprovider • Resource owner creates @VHO “AAI-enabled” accounts forusers without an identity provider • A VHO account is only usable for the resource managed by the resource owner Some end users without identity provider Federation Member Identity Provider Resource Owner End User Admin VHO Policy Identity Providers

  12. SWITCHaai Building Blocks Organizational Framework Interoperation Identity Providers (Home Orgs) Service Providers (Resources) Central Services Finances

  13. Types of Service Providers e-learning libraries OLAT Vista@SVC EZproxy WebCT@ETHZ VITELS ScienceDirect DOIT Blackboard Moodle … BSCW ILIAS AD Learn & Co other web applications commercial Vconf-Reservation SwissLex TWiki SMS-Gateway eShops IS-Academia Service Providers Jobs@BWI

  14. Service Provider Example: DOIT DOIT: Dermatology Online with Interactive Technology Access Rule IdP = UniZH | UniBE | UniL affiliation = student studyBranch = medicine studyLevel = 15 AAI Identity Provider AAI Service Provider UniZH ETHZ SWITCH UniBE VHO UniL UniGE Service Providers 500 AAI Users

  15. Service Provider Example: OLAT OLAT: Online Learning an Training (open source e-learning platform of the University of Zurich) AAI Identity Provider AAI Service Provider UniZH ETHZ SWITCH UniBE VHO UniL UniGE Service Providers 5000 AAI Users 75 Courses

  16. Integration of „Blackboxes“ • Authentication / authorization gateway • Portal functionalities (optional) • User management (optional) • Adaptors toblackbox applications: • WebCT Vista • WebCT CE • … Sign On Application AAIportal A1 A2 API . . . Shibboleth Service Providers

  17. Central AAI Services • Strategy & marketing • International contacts • Support, consulting, training • Providing federation-specific files and configuration guides • Operating WAYF • Testing parties (identity provider  service provider) • Jump-start service Central Services

  18. Funding funding / costs pilot project project operational service funded by SWITCH & Universities funded by federal grants funded by tariffs 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 Finances

  19. Outlook • Projects with federal grants • Non-web service providers, e.g. grid • ECTS (Study) • AAA (Study) • Federation partners

  20. Further Information • SWITCHaai Website http://www.switch.ch/aai • Shibboleth • http://shibboleth.internet2.edu/ • Shibboleth Demo http://www.switch.ch/aai/demo • Attribute Specification http://www.switch.ch/aai/docs/AAI_Attr_Specs.pdf

  21. Questions ? Q & A http://www.switch.ch/aai aai@switch.ch

More Related