Dienstoverstijgend federatief groepsmanagement

Size: px
Start display at page:

Download "Dienstoverstijgend federatief groepsmanagement"

Transcription

1 Dienstoverstijgend federatief groepsmanagement Project : SURFworks / Collaboration Projectjaar : 2009 Projectmanager : Frank Pinxt Auteur(s) : Martin van Es Opleverdatum : 15 juni 2009 Versie : 2.0 Samenvatting Omdat de federatieve werkwijze per definitie instellingsoverstijgend kan zijn, is het niet mogelijk groepsgegevens van gebruikers uit verschillende instellingen in een lokale omgeving onder te brengen. Momenteel realiseert iedere dienst, daarom zijn eigen groepsdefinities (bijvoorbeeld de Teamsites in SURFgroepen). Gevolg hiervan is dat wanneer de gebruiker vervolgens van een andere dienst gebruik wil maken, hij binnen deze dienst het lidmaatschap van verschillende groepen opnieuw moet regelen. Er bestaat geen relatie tussen de groepen binnen dienst A en dienst B. Het is wenselijk om dit groepslidmaatschap eenmalig centraal te realiseren, waardoor het groepslidmaatschap kan worden gedeeld tussen verschillende diensten (applicatie omgevingen) en eindgebruikers zelf op eenvoudige wijze in staat zijn de indeling van hun eigen groepen te bepalen. Dit rapport beschrijft zowel de Technologieverkenning als de Proof of Concept Dienstoverstijgend federatief groepsmanagement. De Technologieverkenning is in 2008 in het kader van het SURFworks Programma opgeleverd, de Proof of Concept is in de eerste helft van 2009 uitgevoerd. Voor de leesbaarheid en overzichtelijkheid en zijn Technologieverkenning en Proof of Concept in dit rapport samengevoegd. Voor deze publicatie geldt de Creative Commons Licentie Attribution-Noncommercial-Share Alike 3.0 Netherlands. Meer informatie over deze licentie is te vinden op

2 Colofon Programmalijn : SURFworks Technologieverkenning Collaboration Infrastructure & Federated Collaboratories Onderdeel : Activiteit : Federated Collaboratories Deliverable : Rapport naar aanleiding van onderzoek naar dienstoverstijgend federatief groepsmanagement + PoC met één voorkeursproduct Toegangsrechten : publiek Externe partij : IGI Dit project is tot stand gekomen met steun van SURF, de organisatie die ICT vernieuwingen in het hoger onderwijs en onderzoek initieert, regisseert en stimuleert door onder meer het financieren van projecten. Meer informatie over SURF is te vinden op de website (www.surf.nl).

3 Context 4 dingen die je moet weten over Dienstoverstijgend federatief groepsmanagement Iedere SURFnetdienst realiseert op dit moment zijn eigen groepsdefinities (bijvoorbeeld de teamsites van SURFgroepen). Gevolg hiervan is dat wanneer een gebruiker gebruik wil maken van een andere dienst, hij binnen deze dienst het lidmaatschap van verschillende groepen opnieuw moet regelen. Het is wenselijk om dit groepslidmaatschap eenmalig centraal te regelen. In deze technologieverkenning is onderzoek gedaan naar een centrale voorziening om deze groepdefinities gekoppeld aan de federatieve authenticatie vast te leggen. Wat is het? Een centrale directory waarin groepslidmaatschap gekoppeld aan federatieve identiteit wordt vastgelegd. Voor wie is het? Het rapport Dienstoverstijgend federatief groepsmanagement is bestemd voor technisch georiënteerde lezers die geïnteresseerd zijn in het onderwerp en voor het Programma Management SURFworks ter voorbereiding op een mogelijk dienstontwikkeltraject. Het rapport is geschreven als voorbereiding op de mogelijke ontwikkeling van een dienst ten behoeve van groepsmanagement voor de gebruikers van SURFnet-diensten. Hoe werkt het? Gebruikers van dienstoverstijgend federatief groepsmanagement kunnen door middel van een grafische interface hun groepslidmaatschap beheren. Deze informatie wordt in een centrale database opgeslagen en is op die manier ook beschikbaar voor gebruik door andere dienst. Wat kan je ermee? Groepslidmaatschap beheren: - Aanmaken van groepen - Verwijderen van groepen - Deelnemers toevoegen (uitnodigen) - Deelnemers verwijderen Extra (Bijlagen, Thema, Gerelateerde thema s) Rapport Technologieverkenning Dienstoverstijgend federatief groepsmanagement Proof of Concept Dienstoverstijgend federatief groepsmanagement

4

5 Federative Group Management Technology scouting and proof of concept for service spanning group management Author: Martin van Es version: 2.0 date: Filename : Eindrapport Dienstoverstijgend federatief Auteur : Martin van Es 5/45

6 Table of Contents 1 Executive summary Introduction Service spanning group management Goal What is service spanning group management? A Schoolbook use case example: SURFgroepen & SURFmedia The SURFnet IdP/SP proxy (ESPEE) Integration Techniques Attributes/Assertions based (authorization) Webservices (SOAP/REST), LDAP, SQL (pull) Direct, automatic provisioning (push) Manual or automated Import/Export (out-of-band) Proxy server based on any of the above Products COmanage/Grouper IAMSuite UABgrid MyVocs SWITCH GMT (Group Management Tool) Imanami Group Management Solutions VOMS UVOS SymLABS Federated Identity Suite: People Service Server Homebrew Other projects worth mentioning G-FIV-O CUCKOO Conclusion SURFnet Services requirements Services SURFgroepen SURFgroepen/Video conferencing SURFmedia SURFnet TV SURFmedia Core SURF lists Dashboard SURF Advisories AIRT PACT Advisories Netflow tooling Bab Infoserver External webserver CMS FTP mirrorserver Mailfilter Office Automation Conclusions Product selection Filename : Eindrapport Dienstoverstijgend federatief Auteur : Martin van Es 6/45

7 6.1 Product candidates Conclusion Proof of Concept Grouper Proof of Concept Introduction Grouper design philosophy Subject Sources Choosing Identifiers for Subjects Grouper interaction Grouper Shell (gsh) Grouper web User-Interface Grouper web services Automation Grouper installation Grouper Grouper-ws (webservices) Grouper empty source issue and proposed solution Grouper Proof of Concept Custom UI The interface Internal housekeeping of the custom UI Grouper PHP SOAP call example Conclusions and Advise Grouper installation and setup Grouper usage Architecture and design Filename : Eindrapport Dienstoverstijgend federatief Auteur : Martin van Es 7/45

8 1 Executive summary SURFnet seeks to raise the level of integration between the various collaboration services that it delivers to its community. The possibility of applying group management features across the various services is regarded as a requirement to achieve this goal. A short investigation has been made of solutions for service spanning group management. i.e. user groups that can be managed centrally and can be used in different web based applications. Also SURFnet service managers were interviewed regarding group management in order to discover the utility of such groups for their service. In general, one can conclude that the services SURFgroepen en SURFmedia will immediately benefit from centrally managed user groups, but the rest is happy the way they are. If a central group manager would be implemented, some service managers could think of possible applications but they would all be related to role-based authorization based on group-membership. The search for a product that most likely will fulfill the needs for SURFnet is COManage/Grouper. Grouper offers the best interoperability and developer support of all evaluated products. A Proof of Concept has been done using Grouper. A custom user interface was designed to allow just-in-time provisioning of federated users to the Grouper subject store and to provide a simple group management interface to end users. Auteur : Martin van Es 8/45

9 2 Introduction 2.1 Service spanning group management SURFnet strives to create a seamless end-user experience for the different services it runs. With the introduction of the SURFfederation and SURFGuest IdP (non-federative Identity Provider) it is already possible to login to all SURFnet services using a single account, where possible the user's account at the organization of origin. Authorization can be provided based on roles provided by the authentication system. Such authorization is implied by the organisation of origin. However, there is a need for user defined authorization, where users can define groups that have access to the content or collaboration environment they have created within the SURFnet services. Many of the SURFnet services facilitate cooperation among end-users of multiple organizations. Hence the groups may contain members of different organizations, implying that roles defined within one organization cannot help out. Group management should be done at the level of the SURFnet services to minimize the administrative overhead and to increase the level of perceived integration. At this moment each service defines it's own groups (e.g. Teamsites in SURFgroepen and mailinglist subscribers in Listserv). One consequence is that when the end-user accesses another service, these group definitions have to be created again, even if the group consists of exactly the same members. Even worse: if the group changes, this change has to be applied to the groups in all services. It would be desirable to define a group only once and share it among several services. Although there are some tools that offer this functionality, at this moment it is not known if these could be used in the SURFnet environment. 2.2 Goal Evaluate the available tools for group management spanning multiple services, based on offered functionality, technology, interoperability and test at least one of the best alternatives in a Proof of Concept setup. This technology scouting and Proof of Concept may serve as a stepping stone for further research on Federated Collaborations next year, encompassing the welding of identity, group and privilege management among multi-media cooperation services into one coherent infrastructure of collaborative applications for the SURFnet community. 2.3 What is service spanning group management? To understand what is meant by service spanning group management, it is useful to look at the SURFfederation first. The federation is a way to authenticate members of different organizations as if they were local users. For this the protected application or service (Service Provider, SP) relies on the ability of the home organization (a so called Identity Provider, IdP) to correctly recognize a local user (to the IdP) and truthfully tell the Service Provider if this user has authenticated herself correctly or not. This requires a strong trust relationship between the SP and IdP. Now suppose a service (SP) is designed to let users of many organizations cooperate in a project so they can act like a group working on a common goal. A group administrator would invite other members to join the group, authorize them and start to work on the project sharing whatever they need to share in the service to go forward. Now suppose there is another service (SP) that would suit their needs but is designed Auteur : Martin van Es 9/45

10 around a different application framework which caters other services needed to complete the project. They still need to cooperate in the same group, however, and would like to protect their work from competing groups, in other words: they need the same group in this service. Normally the group administrator would have to recreate the whole group and invite all members to join this group in the new service. Illustration 1: Service spanning group management This is where service spanning group management would provide a big advantage: the group would have been defined in a separate service (group manager) once and from there provisioned to all applications. Groups like these are sometimes referred to as Virtual Organisations. How this can be achieved will be explained in Chapter 3, Integration Techniques. 2.4 A Schoolbook use case example: SURFgroepen & SURFmedia The combination of SURFgroepen en SURFmedia serves a schoolbook use case example of the requirements of service spanning group management. SURFgroepen is a collaboration environment in which users interact with each other as a group. They share documents, agenda's and media like video's. SURFmedia can protect media via an explicit list of addresses that can view the content. Ideally, users in a SURFgroepen group are able to see video's that can only be seen by group members without having to supply information about the group members in SURFmedia. 2.5 The SURFnet IdP/SP proxy (ESPEE) Currently, SURFnet provides a translator (proxy) service to streamline federative authentication and guest (or non-federative) logins for SURFnet services. This translator is called ESPEE and serves as a IdP/SP proxy. The proxy momentarily forwards authentication requests coming from the different SP's to the responsible IdP's or the Guest-IdP and is able to add attributes when pushing back the results to the SP. One Auteur : Martin van Es 10/45

11 application of this 'attribute enrichment' is quota information for the SURFmedia application. This server would be a trivial choice for group management proxy services (see paragraph 3.5). The subject of this document (a service spanning group manager) could very well be positioned beside ESPEE so that any of the solutions mentioned before could easily be implemented. Illustration 2: IdP/SP proxy and service spanning group t l 1: Assertions based, all user information arrives as attributes. 2: Proxy based group attribute collection 3: Federative Authentication, specific user attributes by web services like SOAP or REST. 4: Active provisioning of application specific backend information storages (directly or manual). Auteur : Martin van Es 11/45

12 3 Integration Techniques As described in the previous chapter, there is a real world use case for service spanning group management, but how can different services be provided with the right information so they would know that certain (federation) members belong to certain groups? A couple of techniques come to mind which can be divided into roughly 2 types: push and pull. In order for these techniques to be useful, both the server and the application (client) need to understand each other. To accomplish this, some standards have been created. Not all applications understand these standards, but if the server and the client are to communicate, it will probably be based on one of these standards. A good example of a "push" standard is SAML (redirect/post profile). Two good "pull" examples would be SOAP and REST. Following are 5 methods that could be used to keep (group) server and clients in sync ordered by preference. In all cases I assume the group-information part to be the required functionality, the way the user is authenticated is regarded of minor importance unless explicitly mentioned. 3.1 Attributes/Assertions based (authorization) To authenticate users coming from other organizations (within the federation) a couple of standard protocols have been devised or evolved from each other. Without explaining too many details, all these protocols share techniques to redirect the user (of a web application) to the web server of the home organization for authentication. As soon as the home server has authenticated the user, she will be redirected to the service combined with the right credentials in such a way that neither the user nor someone else can tamper with the credentials sent along. These credentials are called attributes and are said to "assert" certain statements about the user, ranging from "This user is who she says she is, namely..." to "This user is member of a certain organizational unit". New attributes could be created to assert membership of certain groups ("This user is member of group A, B and F"). In an ideal world, all services would understand an assertions based protocol (for group membership) and all integration efforts would be directed towards deploying an attributes based group manager. Updating or changing applications to work with assertions is probably one of the more difficult routes to follow. Although SAML is suitable to provide a transport mechanism for those attributes, the knowledge about attributes for group membership of SURFnet services is not available at the IdP's and thus needs to be provided or inserted by a third party along the way. 3.2 Webservices (SOAP/REST), LDAP, SQL (pull) The world is not ideal, so there should be some work-arounds for those applications that can not be made to understand assertions as described in 3.1. A first alternative could be active inquiry of group membership information by the application at the group manager via common protocols like SOAP (Simple Object Access Protocol) or REST (Representational State Transfer), LDAP or SQL. This would require quite some work for applications that are not prepared to collect this kind of information from an external source, but if the application source is available and the source is well structured this should be a feasible task. 3.3 Direct, automatic provisioning (push) If an application can't be changed into an application that collects information about group membership from an external source, the group manager could inject the Auteur : Martin van Es 12/45

13 application information store (either file, database or directory based) actively with group membership information on a regular basis or on each change to the groupmember database. The more open standards are used (e.g. SQL, OpenLDAP) the easier it would be to provision such applications. Proprietary applications that use a proprietary and closed/binary information store would be very hard, if not impossible to provision and thus difficult to connect to the service spanning group manager. Webservices (3.2) are preferable to direct, automatic provisiong because that would guarantee the group membership data to stay in one central repository. Automatic provisioning would immediately evoke the troubles of deprovisioning as well. 3.4 Manual or automated Import/Export (out-of-band) In this scenario an operator exports group membership information from the group manager server and imports this into the application. This is the same as 3.3 except for the fact that it requires human intervention or a hand-crafted export / (translate) / import script that can be executed on a regular basis. 3.5 Proxy server based on any of the above A designated server translates unsupported protocol request types into known web services requests and passes the results back to the applications. This solution could help if the application provides some sort of automation but lacks a common protocol with the server. A proxy solution could in certain cases prove to be easier than changing the application. Of course the protocol used by the client should be well-documented. The idea of having a proxy was born out of the existence of a similar service implemented by SURFnet at the moment (ESPEE, see paragraph 2.5) Auteur : Martin van Es 13/45

14 4 Products This chapter will discuss the products that were considered. The products will primarily be evaluated on interoperability. Setup and maintainability are deducted from documentation where possible. Lack of documentation, poor websites, or no reaction from the creators is deemed poorly maintainable. 4.1 COmanage/Grouper From the Grouper FAQ (Wiki): "How do I get group information out of Grouper and into my operational systems? With the 1.0 release, Grouper includes an XML import and export tool that can be used for episodic or periodic provisioning of group info to other contexts. The GrouperShell can likewise be used to load and retrieve group information. With the release of Ldappc 1.0 (the LDAP Provisioning Connector) we now have a near-real-time "provisioning connector" that can update LDAP directories or other run-time security infrastructure services. See LDAP Provisioning Connector for more information. With the release of Grouper there is also a Web Services interface to Grouper. See https://wiki.internet2.edu/confluence/display/grouperwg/grouper+product for more information." Grouper points of integration: Auteur : Martin van Es 14/45

15 LDAP Provisioning Connector: https://wiki.internet2.edu/confluence/display/i2micommon/ldappc "Ldappc will not create or delete person entries in LDAP. That's presumed to be the province of the existing IdM operation. As such, a LDAP source containing users that are members of the Grouper groups should already be in place." Webservices: Verdict: https://wiki.internet2.edu/confluence/display/grouperwg/grouper+web+services CoManage Grouper scores high on all fields: very good interoperability, standards compliant, good documentation and close contact with developers. See also: G-FIV-O and CUCKOO. 4.2 IAMSuite Illustration 3: Grouper interoperability (points of integration) "IAMSuite (Identity and Access Management Suite) is a secure access and collaboration environment. IAMSuite: Auteur : Martin van Es 15/45

16 supports Shibboleth-based authentication and Single Sign-On (SSO); facilitates a "mini" trust federation (also know as a VO Federation), which accepts commercial certificates, issues trial certificates, manages mutually trusted [IdPs] and SPs, and generates metadata for those [IdPs] and SPs; provides service integration that allows protected services (or collaborative tools: such as Confluence Wiki, JIRA, Fedora Repository, DSpace,...) to be integrated into IAMSuite for SSO and attribute-based authorization; provides a Virtual Organization (VO) infrastructure that supports user selection via invitations and/or People Picker integration with [IdPs], group management, and attribute-based service access authorization; provides a collaborative environment that supports management of hierarchical goal-oriented workspaces incorporating tools for managing content and service access and role-based access control; and supports Grid access via SLCS plus [MyProxy]" Verdict: IAMSuite only cooperates with tightly integrated and Shibbolized applications without support for active provisioning or a web services based interface and is therefore not a very likely candidate for the SURFnet environment. Documentation and contact with developers was good. UABgrid "UABGrid is the campus infrastructure for computation and collaboration in the Grid environment. The Grid is a ground breaking effort at building an integrated collaboration environment: a computer that is always on and always where you are. It's a collection of resources that makes high performance computing and collaboration environments available to everyone." Verdict: UABgrid does not seem to be what SURFnet is looking for. The "GRID" seems to be hardware and/or computational services oriented. Documentation about setup and technical details was not (easily) available. 4.3 MyVocs https://spaces.internet2.edu/display/gs/myvocs Verdict: "myvocs is a virtual organization collaboration system (VOCS) developed at the University of Alabama at Birmingham funded by NSF ANI "NMI Enabled Open Source Collaboration Tools for Virtual Organizations". Basically, myvocs is a SAMLIdPProxy, a bridge between a federation of Shibboleth IdPs and a federation of Shibboleth SPs. Using myvocs, the SPs (called VO SPs) may be aggregated into virtual organizations (VOs). We think of VOs as people, and the aggregated SPs as a federated set of distributed applications. It is an important feature of myvocs that a single VO SP may serve multiple VOs." Auteur : Martin van Es 16/45

17 MyVocs seems to fill the gap that ESPEE (the SURFnet SP/IdP proxy) has been built for, and thus has not much added value in this scouting project. Of course, a usable and actively maintained alternative for in-house software is always valuable. 4.4 SWITCH GMT (Group Management Tool) Verdict: "The Group Management Tool (GMT) is an easy to install PHP web application that can be used to create and manage groups of Shibboleth users with custom roles in order to use them for access control and authorization. By automatically generating Apache.htaccess files and/or Shibboleth XMLAccessControl files, the GMT can restrict access to web server directories or locations on the same host based on the unique ID of a Shibboleth user. Group, role and user information can also be queried by other hosts via PHP, Perl or Java modules coming with the GMT. This allows other applications to integrate the GMT's easy and straight-forward user management functions. No database is needed because the GMT stores all the information in easy to edit flat text files." At first glance GMT looks promising but uses a flat-file storage and address based identification, which does not make it very suitable for SURFnet's needs. 4.5 Imanami Group Management Solutions Imanami offers 3 tools for AD based group management: Verdict: "Directory Transformation Manager ((de-)provisioning) SmartDL Once Active Directory becomes accurate, (DTM) allows organization to synchronize different directories and databases with Active Directory ensuring that information makes into (and out of) every necessary data source in your infrastructure. Automatically create and maintain distribution lists based on directory attributes and turn hours of repetitive work into a few simple clicks! SmartDL, the number one tool for distribution list management! Web Based Directories WebDir is a simple, yet powerful, web-based directory and group management solution that can immediately reduce administrative costs and increase the accuracy of Active Directory. Providing self-service, WebDir enables end users to update their own directory information, access a read-only corporate phonebook and change their own passwords based on controls the administrator sets." Since this product is AD based I do not foresee a big future at SURFnet as SURFnet is trying to move away from AD and other proprietary systems as much as possible. 4.6 VOMS Virtual Organization Membership Service Auteur : Martin van Es 17/45

18 "Virtual Organization Membership Service provides information on the user's relationship with her Virtual Organization: her groups, roles and capabilities. single login using voms-proxy-init only at the beginning of the session (was gridproxy-init) expiration time: the authorization information is only valid for a limited period of time as the proxy certificate itself backward compatibility: the extra VO related information is in the user's proxy certificate, which can be still used with non VOMS-aware services multiple VOs: the user may "log-in" into multiple VOs and create an aggregate proxy certificate, which enables her to access resources in any of them Verdict: The service is basically a simple account database, which serves the information in a special format (VOMS credential). The VO manager can administrate it remotely using command line tools or a web interface." The project seems promising (although the only functionality that makes is stand out from Grouper is a change history) but looks deserted and is probably no longer maintained. 4.7 UVOS Verdict: "UNICORE VO System (UVOS) is a client-server system, used as an additional tool for other large and generally distributed systems. Grid systems and especially UNICORE grid middleware are the mainspring of the UVOS. UVOS is a part of the Chemomentum project." On examining the documentation and Wiki of UVOS it looks like it's almost on par with Grouper, except for the fact that it lacks the active LDAP provisioning interface and hooks/triggers that could make up for this deficiency. On the other hand UVOS has a swing client interface. However, after a lengthy mail conversation with one of the developers, the conclusion is that for the moment Grouper would probably be the best bet for SURFnet despite the fact that UVOS would be "easier to install and maintain". 4.8 SymLABS Federated Identity Suite: People Service Server Verdict: "Symlabs People Service (PS) Server is the component of Symlabs Federated Identity Suite that delivers a full, ready to deploy, Liberty People Service Web Services Provider. It enables secure, cross-principal, online interactions between users and friends in a social context or between users and job roles in a professional context - all with full respect for privacy." Symlabs is the only commercial party in this list. After some extensive s it turned out Symlabs did not have a stock solution for what SURFnet is looking for but was willing to implement any custom application required for the job. Costs were not discussed at that point. Auteur : Martin van Es 18/45

19 4.9 Homebrew Since the requirements for the group management application are quite simple and an IdP proxy exists (ESPEE) this server could well serve all necessary requirements to provide a simple yet powerful group management service based on simple building blocks like OpenLDAP and Perl or Python scripts. The most complex part would be the selfservice interface. But since the needed actions are limited (subscribe/unsubscribe) this could probably be demonstrated to work (PoC) within the contraints of a limited time and budget. On top of that, ESPEE already manages certain group attributes for extra quota privileges in the SURF media application Other projects worth mentioning G-FIV-O From the G-FIV-O website: "G-FIV-O [Grouper to support Federated Identity for Virtual Organizations] is a JISC funded project based at Newcastle University to investigate the use of next generation access management tools to support the use of collaborative tools for distributed organizations." G-FIV-O is a well-documented investigation in federative access and groups management, like this one. One very interesting accomplishment seems to be a.net and php API to manage Grouper. Apart from that, the findings do not add much to the investigations done so far. See also: COManage/Grouper CUCKOO "The aim of the project is to research implement/demonstrate Shibboleth Virtual Organizations (VO s) and on-line collaboration tools. Building on and incorporating work already done, such as attribute release policies mapping (ShARPE) and MyVOCS. The project will research into how Shibboleth 2.0 will affect these tools and solutions. Within Virtual Organization creating, managing, and supporting groups can be challenging. Open source toolkit such as Grouper is designed to function as the core element of a common infrastructure for managing group information across integrated applications and repositories. The project will research and report on these authorization and service provisioning decisions, issues such as allowing portals to personalize content and provide role information to applications. The CUCKOO project has not released any (relevant) documents yet." Despite best intentions expressed in mails, I never received answers to the questions I mailed. See also: COManage/Grouper Conclusion In this conclusion I summarize the above findings in one matrix. Please refer to the discussion above for clarification on omissions or question marks concerning certain Auteur : Martin van Es 19/45

20 information. Product/Source License Integration In Integration Out Technology COmanage/ Grouper Apache 2.0 XML import/export Webservices (SOAP+REST) XML import/export LDAP (automatic provisioning) Webservices (SOAP+REST) Java eg Tomcat AIMSuite Apache 2.0 Java API? Shibboleth Java API? Tomcat GridSphere UABgrid???? myvocs? SAML SAML? SWITCH GMT BSD WebGUI (invitation/pwd) PHP/PERL/JAVA lib API (REST-like) Shibboleth XML authconf.htaccess files PHP flat-file Imanami commercial ODBC compliant AD.net 2.0 VOMS? SOAP LDAP SOAP Tomcat UVOS open source Webservices? Webservices via SAML2.0 Java UNICORE? SymLABS PSS commercial??? Homebrew open Source??? Auteur : Martin van Es 20/45

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication

More information

IGI Portal architecture and interaction with a CA- online

IGI Portal architecture and interaction with a CA- online IGI Portal architecture and interaction with a CA- online Abstract In the framework of the Italian Grid Infrastructure, we are designing a web portal for the grid and cloud services provisioning. In following

More information

Evaluation of different Open Source Identity management Systems

Evaluation of different Open Source Identity management Systems Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems

More information

OAuth2lib Based Groups Management Tool for Authorization and Services Aggregation

OAuth2lib Based Groups Management Tool for Authorization and Services Aggregation Thursday 16th June 2011 Poster Session OAuth2lib Based Groups Management Tool for Authorization and Services Aggregation 1. INTRODUCTION Over recent years we have witnessed the emergence and consolidation

More information

API Architecture. for the Data Interoperability at OSU initiative

API Architecture. for the Data Interoperability at OSU initiative API Architecture for the Data Interoperability at OSU initiative Introduction Principles and Standards OSU s current approach to data interoperability consists of low level access and custom data models

More information

Apache Syncope OpenSource IdM

Apache Syncope OpenSource IdM Apache Syncope OpenSource IdM Managing Identities in Enterprise Environments Version 1.3 / 2012-07-26 Apache Syncope OpenSource IdM by http://syncope.tirasa.net/ is licensed under a Creative Commons Attribution

More information

Copyright 2014 Jaspersoft Corporation. All rights reserved. Printed in the U.S.A. Jaspersoft, the Jaspersoft

Copyright 2014 Jaspersoft Corporation. All rights reserved. Printed in the U.S.A. Jaspersoft, the Jaspersoft 5.6 Copyright 2014 Jaspersoft Corporation. All rights reserved. Printed in the U.S.A. Jaspersoft, the Jaspersoft logo, Jaspersoft ireport Designer, JasperReports Library, JasperReports Server, Jaspersoft

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

TG Web. Technical FAQ

TG Web. Technical FAQ TG Web Technical FAQ About this FAQ We encourage you to contact us if. You can't find the information you're looking for. You would like to discuss your specific testing requirements in more detail. You

More information

Single Sign On. SSO & ID Management for Web and Mobile Applications

Single Sign On. SSO & ID Management for Web and Mobile Applications Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing

More information

Three Case Studies in Access Management

Three Case Studies in Access Management Three Case Studies in Access Management IAM Online June 10, 2015-2 pm EDT Andy Morgan, Oregon State University Mandeep Saini, GÉANT Albert Wu, UCLA Moderator: Tom Barton, University of Chicago Fit for

More information

ShibboLEAP Project. Final Report: School of Oriental and African Studies (SOAS) Colin Rennie

ShibboLEAP Project. Final Report: School of Oriental and African Studies (SOAS) Colin Rennie ShibboLEAP Project Final Report: School of Oriental and African Studies (SOAS) Colin Rennie May 2006 Shibboleth Implementation at SOAS Table of Contents Introduction What this document contains Who writes

More information

The Top 5 Federated Single Sign-On Scenarios

The Top 5 Federated Single Sign-On Scenarios The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3

More information

UNI. UNIfied identity management. Krzysztof Benedyczak ICM, Warsaw University

UNI. UNIfied identity management. Krzysztof Benedyczak ICM, Warsaw University UNI TY UNIfied identity management Krzysztof Benedyczak ICM, Warsaw University Outline The idea Local database Groups, Entities, Identities and Attributes UNITY Authorization Local authentication Credentials

More information

Business Process Management with @enterprise

Business Process Management with @enterprise Business Process Management with @enterprise March 2014 Groiss Informatics GmbH 1 Introduction Process orientation enables modern organizations to focus on the valueadding core processes and increase

More information

Authentication and Single Sign On

Authentication and Single Sign On Contents 1. Introduction 2. Fronter Authentication 2.1 Passwords in Fronter 2.2 Secure Sockets Layer 2.3 Fronter remote authentication 3. External authentication through remote LDAP 3.1 Regular LDAP authentication

More information

Federated Identity & Access Mgmt for Higher Education

Federated Identity & Access Mgmt for Higher Education Federated Identity & Access Mgmt for Higher Education Dr. Erik Vullings Program Manager Macquarie University s s E-Learning E Centre of Excellence (MELCOE) Erik.Vullings@melcoe.mq.edu.au 1/23/2006 1 Backing

More information

Websense Support Webinar: Questions and Answers

Websense Support Webinar: Questions and Answers Websense Support Webinar: Questions and Answers Configuring Websense Web Security v7 with Your Directory Service Can updating to Native Mode from Active Directory (AD) Mixed Mode affect transparent user

More information

Using EMC Documentum with Adobe LiveCycle ES

Using EMC Documentum with Adobe LiveCycle ES Technical Guide Using EMC Documentum with Adobe LiveCycle ES Table of contents 1 Deployment 3 Managing LiveCycle ES development assets in Documentum 5 Developing LiveCycle applications with contents in

More information

Authentication Integration

Authentication Integration Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication

More information

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper TABLE OF CONTENTS INTRODUCTION... 3 Where we came from... 3 The User s Dilemma with the Cloud... 4 The Administrator

More information

E-LibUkr portal: Case study of Shibboleth and EZProxy in Ukraine.

E-LibUkr portal: Case study of Shibboleth and EZProxy in Ukraine. E-LibUkr portal: Case study of Shibboleth and EZProxy in Ukraine. Yaroshenko Tetiana, yaroshenko[@]ukma.kiev.ua Introduction The Kyiv Mohyla Foundation of America and the National University of Kyiv Mohyla

More information

CA Identity Manager. Glossary. r12.5 SP8

CA Identity Manager. Glossary. r12.5 SP8 CA Identity Manager Glossary r12.5 SP8 This documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is for your informational

More information

Jitterbit Technical Overview : Microsoft Dynamics CRM

Jitterbit Technical Overview : Microsoft Dynamics CRM Jitterbit allows you to easily integrate Microsoft Dynamics CRM with any cloud, mobile or on premise application. Jitterbit s intuitive Studio delivers the easiest way of designing and running modern integrations

More information

Secure the Web: OpenSSO

Secure the Web: OpenSSO Secure the Web: OpenSSO Sang Shin, Technology Architect Sun Microsystems, Inc. javapassion.com Pat Patterson, Principal Engineer Sun Microsystems, Inc. blogs.sun.com/superpat 1 Agenda Need for identity-based

More information

SOA, case Google. Faculty of technology management 07.12.2009 Information Technology Service Oriented Communications CT30A8901.

SOA, case Google. Faculty of technology management 07.12.2009 Information Technology Service Oriented Communications CT30A8901. Faculty of technology management 07.12.2009 Information Technology Service Oriented Communications CT30A8901 SOA, case Google Written by: Sampo Syrjäläinen, 0337918 Jukka Hilvonen, 0337840 1 Contents 1.

More information

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3 April 8, 2016. Integration Guide IBM

IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3 April 8, 2016. Integration Guide IBM IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3 April 8, 2016 Integration Guide IBM Note Before using this information and the product it supports, read the information

More information

About Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

About Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack About Me KVM, API, DB, Upgrades, SystemVM, Build system, various subsystems Contributor and Committer

More information

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...

More information

Sisense. Product Highlights. www.sisense.com

Sisense. Product Highlights. www.sisense.com Sisense Product Highlights Introduction Sisense is a business intelligence solution that simplifies analytics for complex data by offering an end-to-end platform that lets users easily prepare and analyze

More information

Using Shibboleth for Single Sign- On

Using Shibboleth for Single Sign- On Using Shibboleth for Single Sign- On One Logon to Rule them all.. Kirk Yaros Director, Enterprise Services Mott Community College 1 Agenda Overview of Mott Overview of Shibboleth and Mott s Project Review

More information

Interwise Connect. Working with Reverse Proxy Version 7.x

Interwise Connect. Working with Reverse Proxy Version 7.x Working with Reverse Proxy Version 7.x Table of Contents BACKGROUND...3 Single Sign On (SSO)... 3 Interwise Connect... 3 INTERWISE CONNECT WORKING WITH REVERSE PROXY...4 Architecture... 4 Interwise Web

More information

User Pass-Through Authentication in IBM Cognos 8 (SSO to data sources)

User Pass-Through Authentication in IBM Cognos 8 (SSO to data sources) User Pass-Through Authentication in IBM Cognos 8 (SSO to data sources) Nature of Document: Guideline Product(s): IBM Cognos 8 BI Area of Interest: Security Version: 1.2 2 Copyright and Trademarks Licensed

More information

A Survey Study on Monitoring Service for Grid

A Survey Study on Monitoring Service for Grid A Survey Study on Monitoring Service for Grid Erkang You erkyou@indiana.edu ABSTRACT Grid is a distributed system that integrates heterogeneous systems into a single transparent computer, aiming to provide

More information

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

DIGIPASS Authentication for Citrix Access Gateway VPN Connections DIGIPASS Authentication for Citrix Access Gateway VPN Connections With VASCO Digipass Pack for Citrix 2006 VASCO Data Security. All rights reserved. Page 1 of 31 Integration Guideline Disclaimer Disclaimer

More information

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam (CAT-140) Version 1.4 - PROPRIETARY AND CONFIDENTIAL INFORMATION - These educational materials (hereinafter referred to as

More information

Your complete guide to installing the info@hand Self-Service Portal and estore.

Your complete guide to installing the info@hand Self-Service Portal and estore. Your complete guide to installing the info@hand Self-Service Portal and estore. Install the Portal & estore as shrink-wrapped software, or as add-ons to an existing Joomla! installation. Then configure

More information

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta.

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta. Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Directories and the Cloud: An Overview 3 Okta

More information

Oracle Identity Analytics Architecture. An Oracle White Paper July 2010

Oracle Identity Analytics Architecture. An Oracle White Paper July 2010 Oracle Identity Analytics Architecture An Oracle White Paper July 2010 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and may

More information

Communiqué 4. Standardized Global Content Management. Designed for World s Leading Enterprises. Industry Leading Products & Platform

Communiqué 4. Standardized Global Content Management. Designed for World s Leading Enterprises. Industry Leading Products & Platform Communiqué 4 Standardized Communiqué 4 - fully implementing the JCR (JSR 170) Content Repository Standard, managing digital business information, applications and processes through the web. Communiqué

More information

Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual

Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123 Instructor Manual Published: 2013-07-02 SWD-20130702091645092 Contents Advance preparation...7 Required materials...7 Topics

More information

LSC @ LDAPCON. 2011. Sébastien Bahloul

LSC @ LDAPCON. 2011. Sébastien Bahloul LSC @ LDAPCON. 2011 Sébastien Bahloul About me Developer and software architect 10 years experience in IAM Recently hired as product manager by a French security editor, Dictao, providing : personal and

More information

INSTALLATION GUIDE VERSION

INSTALLATION GUIDE VERSION INSTALLATION GUIDE VERSION 4.1 2014 Copyright 2008 2014. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means electronic or mechanical, for any purpose

More information

Project management integrated into Outlook

Project management integrated into Outlook Project management integrated into Outlook InLoox PM 7.x off-line operation An InLoox Whitepaper Published: October 2011 Copyright: 2011 InLoox GmbH. You can find up-to-date information at http://www.inloox.com

More information

Integrating Siebel CRM with Microsoft SharePoint Server

Integrating Siebel CRM with Microsoft SharePoint Server Integrating Siebel CRM with Microsoft SharePoint Server www.sierraatlantic.com Headquarters 6522 Kaiser Drive, Fremont CA 94555, USA Phone: 1.510.742.4100 Fax: 1.510.742.4101 Global Development Center

More information

Three Campus Case Studies: Managing Access with Grouper

Three Campus Case Studies: Managing Access with Grouper Three Campus Case Studies: Managing Access with Grouper IAM Online March 13, 2013 Speakers: Paul Donahue and Keith Hazelton, University of Wisconsin-Madison Sébastien Gagné, University of Montreal Rahul

More information

password, just as if you were accessing the SharePoint environment with a browser. This prompting is also handled via Windows.

password, just as if you were accessing the SharePoint environment with a browser. This prompting is also handled via Windows. FAQ s I. Product Overview 1. What is Microsoft SharePoint? Microsoft SharePoint is a business collaboration platform that enables teams to connect through formal and informal business communities and to

More information

5.2.3 Thank you message 5.3 - Bounce email settings Step 6: Subscribers 6.1. Creating subscriber lists 6.2. Add subscribers 6.2.1 Manual add 6.2.

5.2.3 Thank you message 5.3 - Bounce email settings Step 6: Subscribers 6.1. Creating subscriber lists 6.2. Add subscribers 6.2.1 Manual add 6.2. Step by step guide Step 1: Purchasing an RSMail! membership Step 2: Download RSMail! 2.1. Download the component 2.2. Download RSMail! language files Step 3: Installing RSMail! 3.1: Installing the component

More information

LDAP Authentication Configuration Appendix

LDAP Authentication Configuration Appendix 1 Overview LDAP Authentication Configuration Appendix Blackboard s authentication technology is considered a focal point in the company s ability to provide true enterprise software. Natively, the Blackboard

More information

Integrating SharePoint Sites within WebSphere Portal

Integrating SharePoint Sites within WebSphere Portal Integrating SharePoint Sites within WebSphere Portal November 2007 Contents Executive Summary 2 Proliferation of SharePoint Sites 2 Silos of Information 2 Security and Compliance 3 Overview: Mainsoft SharePoint

More information

WatchDox Administrator's Guide. Application Version 3.7.5

WatchDox Administrator's Guide. Application Version 3.7.5 Application Version 3.7.5 Confidentiality This document contains confidential material that is proprietary WatchDox. The information and ideas herein may not be disclosed to any unauthorized individuals

More information

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015 Federation At Fermilab Al Lilianstrom National Laboratories Information Technology Summit May 2015 About Fermilab Since 1967, Fermilab has worked to answer fundamental questions and enhance our understanding

More information

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise

More information

nexus Hybrid Access Gateway

nexus Hybrid Access Gateway Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries

More information

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003 Oracle Identity Management Concepts and Architecture An Oracle White Paper December 2003 Oracle Identity Management Concepts and Architecture Introduction... 3 Identity management... 3 What is Identity

More information

HELP DOCUMENTATION E-SSOM INSTALLATION GUIDE

HELP DOCUMENTATION E-SSOM INSTALLATION GUIDE HELP DOCUMENTATION E-SSOM INSTALLATION GUIDE Copyright 1998-2013 Tools4ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted in any form or by any means

More information

Contents About the Contract Management Post Installation Administrator's Guide... 5 Viewing and Modifying Contract Management Settings...

Contents About the Contract Management Post Installation Administrator's Guide... 5 Viewing and Modifying Contract Management Settings... Post Installation Guide for Primavera Contract Management 14.1 July 2014 Contents About the Contract Management Post Installation Administrator's Guide... 5 Viewing and Modifying Contract Management Settings...

More information

Migrating Exchange Server to Office 365

Migrating Exchange Server to Office 365 Migrating Exchange Server to Office 365 By: Brien M. Posey CONTENTS Domain Verification... 3 IMAP Migration... 4 Cut Over and Staged Migration Prep Work... 5 Cut Over Migrations... 6 Staged Migration...

More information

CA Performance Center

CA Performance Center CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

More information

Introduction to Directory Services

Introduction to Directory Services Introduction to Directory Services Overview This document explains how AirWatch integrates with your organization's existing directory service such as Active Directory, Lotus Domino and Novell e-directory

More information

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion. Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On

More information

Getting Started with Single Sign-On

Getting Started with Single Sign-On Getting Started with Single Sign-On I. Introduction Your institution is considering or has already purchased Collaboratory from Treetop Commons, LLC. One benefit provided to member institutions is Single

More information

Setup Guide Access Manager 3.2 SP3

Setup Guide Access Manager 3.2 SP3 Setup Guide Access Manager 3.2 SP3 August 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE

More information

Federated Identity Management. Willem Elbers (MPI-TLA) EUDAT training

Federated Identity Management. Willem Elbers (MPI-TLA) EUDAT training Federated Identity Management Willem Elbers (MPI-TLA) EUDAT training Date: 26 June 2012 Outline FIM and introduction to components Federation and metadata National Identity federations and inter federations

More information

OVERVIEW. DIGIPASS Authentication for Office 365

OVERVIEW. DIGIPASS Authentication for Office 365 OVERVIEW DIGIPASS for Office 365 Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO Data Security assumes no responsibility

More information

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2 Feature and Technical Overview Published: 2010-06-16 SWDT305802-1108946-0615123042-001 Contents 1 Overview: BlackBerry Enterprise

More information

USING FEDERATED AUTHENTICATION WITH M-FILES

USING FEDERATED AUTHENTICATION WITH M-FILES M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication

More information

Spectrum Technology Platform. Version 9.0. Administration Guide

Spectrum Technology Platform. Version 9.0. Administration Guide Spectrum Technology Platform Version 9.0 Administration Guide Contents Chapter 1: Getting Started...7 Starting and Stopping the Server...8 Installing the Client Tools...8 Starting the Client Tools...9

More information

LearningServer for.net Implementation Guide

LearningServer for.net Implementation Guide LearningServer for.net Implementation Guide This document outlines recommended steps for planning and implementing a LearningServer solution. A successful installation and implementation requires the completion

More information

Spring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious

Spring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious Spring Security 3 Secure your web applications against malicious intruders with this easy to follow practical guide Peter Mularien rpafktl Pen source cfb II nv.iv I I community experience distilled

More information

Federated Identity Management Solutions

Federated Identity Management Solutions Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single

More information

Crawl Proxy Installation and Configuration Guide

Crawl Proxy Installation and Configuration Guide Crawl Proxy Installation and Configuration Guide Google Enterprise EMEA Google Search Appliance is able to natively crawl secure content coming from multiple sources using for instance the following main

More information

There are more security levels in ARCHIBUS, as described bellow.

There are more security levels in ARCHIBUS, as described bellow. Glossary: VPA = Virtual Private ARCHIBUS restriction SSO = Single Sign-On LDAP = Lightweight Directory Access Protocol WebCentral = ARCHIBUS Core Engine IIS = Internet Information Services (IIS, formerly

More information

NetIQ Identity Manager Setup Guide

NetIQ Identity Manager Setup Guide NetIQ Identity Manager Setup Guide July 2015 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE

More information

IBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide

IBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide IBM SPSS Collaboration and Deployment Services Version 6 Release 0 Single Sign-On Services Developer's Guide Note Before using this information and the product it supports, read the information in Notices

More information

Citrix Access Gateway: Implementing Enterprise Edition Feature 9.0

Citrix Access Gateway: Implementing Enterprise Edition Feature 9.0 coursemonstercom/uk Citrix Access Gateway: Implementing Enterprise Edition Feature 90 View training dates» Overview Nederlands Deze cursus behandelt informatie die beheerders en andere IT-professionals

More information

Software Architecture Document

Software Architecture Document Software Architecture Document Project Management Cell 1.0 1 of 16 Abstract: This is a software architecture document for Project Management(PM ) cell. It identifies and explains important architectural

More information

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Requirements.... 3 Horizon Workspace Components.... 3 SAML 2.0 Standard.... 3 Authentication

More information

Using Grouper: Newcastle University case studies. Richard James Caleb Racey

Using Grouper: Newcastle University case studies. Richard James Caleb Racey Using Grouper: Newcastle University case studies Richard James Caleb Racey Context: Newcastle University UK University Over 5000 staff members Over 20,000 students Research focused Centralised IT service

More information

SavvyDox Publishing Augmenting SharePoint and Office 365 Document Content Management Systems

SavvyDox Publishing Augmenting SharePoint and Office 365 Document Content Management Systems SavvyDox Publishing Augmenting SharePoint and Office 365 Document Content Management Systems Executive Summary This white paper examines the challenges of obtaining timely review feedback and managing

More information

Encore Software Solutions (V3) Identity Lifecycle Management and Federated Security Suite (ILM/FSS) Overview and Technical Requirements

Encore Software Solutions (V3) Identity Lifecycle Management and Federated Security Suite (ILM/FSS) Overview and Technical Requirements Encore Software Solutions (V3) Identity Lifecycle Management and Federated Security Suite (ILM/FSS) Overview and Technical Requirements Encore Software Solutions (V3) provides a holistic Identity Lifecycle

More information

ITAR Compliant Data Exchange

ITAR Compliant Data Exchange ITAR Compliant Data Exchange Managing ITAR Data Across Collaborative Project Teams WebSpace Customers Aerospace & Defense Manufacturing High Tech & Contract Manufacturing Automotive Manufacturing Medical/

More information

Content Management Systems: Drupal Vs Jahia

Content Management Systems: Drupal Vs Jahia Content Management Systems: Drupal Vs Jahia Mrudula Talloju Department of Computing and Information Sciences Kansas State University Manhattan, KS 66502. mrudula@ksu.edu Abstract Content Management Systems

More information

RS MDM. Integration Guide. Riversand

RS MDM. Integration Guide. Riversand RS MDM 2009 Integration Guide This document provides the details about RS MDMCenter integration module and provides details about the overall architecture and principles of integration with the system.

More information

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1 Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1 This document supports the version of each product listed and supports all subsequent versions until the document

More information

OpenLDAP Oracle Enterprise Gateway Integration Guide

OpenLDAP Oracle Enterprise Gateway Integration Guide An Oracle White Paper June 2011 OpenLDAP Oracle Enterprise Gateway Integration Guide 1 / 29 Disclaimer The following is intended to outline our general product direction. It is intended for information

More information

Implementation Guide SAP NetWeaver Identity Management Identity Provider

Implementation Guide SAP NetWeaver Identity Management Identity Provider Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before

More information

Getting started with OWASP WebGoat 4.0 and SOAPUI.

Getting started with OWASP WebGoat 4.0 and SOAPUI. Getting started with OWASP WebGoat 4.0 and SOAPUI. Hacking web services, an introduction. Version 1.0 by Philippe Bogaerts Philippe.Bogaerts@radarhack.com www.radarhack.com Reviewed by Erwin Geirnaert

More information

Architecture and Mode of Operation

Architecture and Mode of Operation Software- und Organisations-Service Open Source Scheduler Architecture and Mode of Operation Software- und Organisations-Service GmbH www.sos-berlin.com Scheduler worldwide Open Source Users and Commercial

More information

About This Document 3. Integration and Automation Capabilities 4. Command-Line Interface (CLI) 8. API RPC Protocol 9.

About This Document 3. Integration and Automation Capabilities 4. Command-Line Interface (CLI) 8. API RPC Protocol 9. Parallels Panel Contents About This Document 3 Integration and Automation Capabilities 4 Command-Line Interface (CLI) 8 API RPC Protocol 9 Event Handlers 11 Panel Notifications 13 APS Packages 14 C H A

More information

Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y 2 0 1 5

Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y 2 0 1 5 Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y 2 0 1 5 Disclaimer The following is intended to outline our general product

More information

User Manual for Delivery

User Manual for Delivery User Manual for Delivery Published By Imanami Corporation 2301 Armstrong St. Suite 211 Livermore, CA 94551, United States Copyright 2011 by Imanami Corporation. All rights reserved. No part of this document

More information

Securing your business

Securing your business Securing your business Anders Askåsen Product Manager for OpenIDM * World Wide Coverage ForgeRock.com Enterprise Open Source Software ForgeRock Norway ForgeRock USA ForgeRock UK ForgeRock France Consulting

More information

IBM Campaign and IBM Silverpop Engage Version 1 Release 2 August 31, 2015. Integration Guide IBM

IBM Campaign and IBM Silverpop Engage Version 1 Release 2 August 31, 2015. Integration Guide IBM IBM Campaign and IBM Silverpop Engage Version 1 Release 2 August 31, 2015 Integration Guide IBM Note Before using this information and the product it supports, read the information in Notices on page 93.

More information

An Oracle White Paper September 2011. Oracle Team Productivity Center

An Oracle White Paper September 2011. Oracle Team Productivity Center Oracle Team Productivity Center Overview An Oracle White Paper September 2011 Oracle Team Productivity Center Overview Oracle Team Productivity Center Overview Introduction... 1 Installation... 2 Architecture...

More information

Development and deployment of integrated attribute based access control for collaboration

Development and deployment of integrated attribute based access control for collaboration Development and deployment of integrated attribute based access control for collaboration Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications

More information

Middleware- Driven Mobile Applications

Middleware- Driven Mobile Applications Middleware- Driven Mobile Applications A motwin White Paper When Launching New Mobile Services, Middleware Offers the Fastest, Most Flexible Development Path for Sophisticated Apps 1 Executive Summary

More information

User-Centric Client Management with System Center 2012 Configuration Manager in Microsoft IT

User-Centric Client Management with System Center 2012 Configuration Manager in Microsoft IT Situation Microsoft IT needed to evolve their Configuration Manager 2007-based environment that used homegrown application distribution services to meet the self-service needs of Microsoft personnel. Solution

More information

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere. OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere. OpenAM, the only all-in-one open source access management solution, provides the

More information