The AAF and Shibboleth. eresearch Australasia Prof. James Dalziel Neil Witheridge
|
|
- Claud Pierce
- 8 years ago
- Views:
Transcription
1 The AAF and Shibboleth Prof. James Dalziel Neil Witheridge Dr. Aizhong Lin Macquarie E-Learning E Centre of Excellence (MELCOE) Macquarie University The AAF and Shibboleth 1 of 28 MAMS Background DEST funded project under Systemic Infrastructure Initiative (SII) seeking to improve national research effectiveness Initial focus (FRODO projects) covering Repository Projects (ARROW, APSR, ADT) Identity & Access Management (IAM) project (MAMS) At the heart of the middleware required to unleash research potential is the cluster of services described as access and identity management. The AAF and Shibboleth 2 of 28 1
2 Demostration of MAMS Testbed Federation Accessing public and protected resources in the Fryer Library collection at the University of Queensland s ESpace repository The AAF and Shibboleth 3 of 28 Shibboleth Federated IAM Middleware Federation Entities Agreements Policies Auditing? WAYF Agent Identity Secure identity management is a core business requirement Federation Manager Belongs to an organisation which manages their identity Privacy concerns User Service Provide Services accessible via the web Want to focus on core business & avoid risks of managing users confidential info. The AAF and Shibboleth 4 of 28 2
3 Shibboleth Protocol - User Authentication SP B Service Manages User X s identity including attributes (her name, affiliation, role, department.) Authenticate at Identity 3 WAYF Where are you From? 2 Access SP A 1 SP A Identity User X The AAF and Shibboleth 5 of 28 6 Shibboleth Protocol - User Attribute Transfer implements SAML (an OASIS Standard) Security Assertion Markup Language (SAML provides for securely transfer of user attributes) SP B Service Attribute Release Policy for SP A 6 Provide User Attributes WAYF SP A 5 Request User Attributes 7 Decide what User can Access Based on Attributes 4 Identity Redirect User back to Service with opaque user handle (Authenticated) User X The AAF and Shibboleth 6 of
4 Recap: Shibboleth Protocol - Single Sign On Within authenticated session, SSO to other service providers in Federation (uses session cookies) Another Service Decide what User can Access based on Attributes SP B Service Attribute Release Policy for SP B for U X 6 You can have these WAYF I know you! 2 SP A Gimme attributes 5 3 I know you! 1 Identity 4 Redirect Authenticated User back to Service with opaque user handle SSO! (Authenticated) User X The AAF and Shibboleth 7 of 28 8 MAMS deliverables MAMS Testbed Federation (Levels 1,2,3,3) Federation Manager Roadshows, Workshops for Australian HE Shibboleth deployment aids: IdP Easy Installation CD (Knoppix),, VMWare image (Debian Linux + IdP/SP) MiniGrant Scheme (Rounds 1 and 2) ShARPE: Shib Attribute Release Policy Editor Autograph: User control of their user ARP The AAF and Shibboleth 8 of 28 4
5 MAMS deliverables (cont d) Shibbolized Applications DSpace, Fedora, Zope/Plone, Twiki, Moodle Authenticated Federated Search service OpenIdP, PeoplePicker (esecurity funded) Shibboleth protected IM (Online Librarian & generic helpdesk application) Access control using XACML (Fedora) Secure VO Infrastructure (IAM Suite) Shib-enabled Gridsphere portal basis of current collaboration with VeRSI Shib-enabled MyProxy enabling Shib access to Grid Services Delegated Attribute Retriever (DAR) & Authentication State Manager (ASM) Shib-enablement of non-web applications. The AAF and Shibboleth 9 of 28 MAMS Testbed Federation Level-2 Federation (at 26/6/07): 21 Service s 19 Identity s (~900,000 identities) The AAF and Shibboleth 10 of 28 5
6 MAMS Mini-Grant Program (2 rounds of 5 projects, AUS$40k per project) Round 1 (Feb 2006): AARNet: IdP, ENUM SP Griffith Uni: IdP, IT Department Wiki SP Uni of Qld IdP, espace Fedora+Fez SP Qld Uni of Technology : ATN IdPs, egrad School SP Uni of Sydney IdP, NANO image database SP Round 2 (Jul 2006): Deakin Uni:* IdP, electures SP James Cook Uni: IdP, JCU/AIMS data access SP Melbourne Uni: IdP, LIGO data access SP Monash Uni:* IdP, Shibbolised SRB SP Murdoch Uni: IdP, Online Librarian SP Curtin Uni: 5 IdPs (WAGUL), Reciprocal Borrowing SPs * Shared project funding The AAF and Shibboleth 11 of 28 Demo: Shibboleth SP examples Information Repository Service accessing using Macquarie University identity UQ eprints Service ( ) Collaborative Tools Shibboleth Wiki Sharing Library Service WAGUL Reciprocal Borrowing Borrower Registration, Workstation Authentication Database Access Service UQ/USyd NANO Project Image database One name and password = access to many services. The AAF and Shibboleth 12 of 28 6
7 Australian Access Federation DEST funded project to develop an operational Trust Federation for Australian HE and Research sector - the Australian Access Federation (AAF) Led by the University of Queensland, with Macquarie University and AusCERT as partners. AAF sub-projects: AAF Governance & Policy (UQ) PKI for Australian HE (UQ, AusCERT) Shibboleth Trust Federation (MAMS) The AAF and Shibboleth 13 of 28 AAF Shibboleth Trust Fed Schedule Deployment & Integration (2007) Technology Federation Management interfaces PKI Interfaces Shared ( Federation level ) Services Grid Services interfaces High-availability infrastructure SP/IdP Deployment aids Policy Development Outreach (workshops, roadshows) Minigrants First release (early 2008) Bootstrapping phase IdP auditing Second Release (late 2008) The AAF and Shibboleth 14 of 28 7
8 AAF Shibboleth Trust Federation The AAF and Shibboleth 15 of 28 Services & Shib-enabled App s Shared/Hosted Services Federated Directory Search Shibboleth enabled applications & collaboration tools DSpace, Fedora repositorites Confluence (& other wiki s) JIRA (action/defect tracking) Secure Instant Messaging (e.g. for HelpDesk) eresearch VO Toolkit (IAMSuite) Grid Services Interoperability The AAF and Shibboleth 16 of 28 8
9 Solution: IAMSuite A Shibboleth-based based Identity and Access Management Suite The AAF and Shibboleth 17 of 28 IAMSuite Objectives Provide a Shibboleth-enabled enabled Single-Sign Sign-On VO infrastructure for secure inter-institutional institutional collaboration. Provide an integrated and shared environment for accessing protected resources (e.g. research data) and services (e.g. generic or research-specific specific collaboration tools). Provide a portal for accessing VO resources and services (portlets, stand-alone alone web applications, or Grid services) Provide a general framework for developers to build and contribute collaborative applications The AAF and Shibboleth 18 of 28 9
10 Federation Architecture + IAMSuite Federation Services Federation Level WAYF <<SP>> MyProxy server <<SP>> CA? Gateway (CTS) Institutions Level IdP1@UQ IdP2@MQ IdPn@UTS <<SP>> IR <<SP>> VO Portal <<SP>> CMS Virtual Org. Level (e.g. inter-institution eresearch project) GTK: Grid GTK: HPC GTK: Store MyProxy Client VO IdP IAMSuite SP: Forum SP: Wiki SP: CMS (Gridsphere-based) The AAF and Shibboleth 19 of 28 VO, Sub-VO s & Workspaces The AAF and Shibboleth 20 of 28 10
11 VO SSOS SO Home Institution Authentication Click here The AAF and Shibboleth 21 of 28 Home Institution Authentication Click here The AAF and Shibboleth 22 of 28 11
12 Home Institution Authentication Click here The AAF and Shibboleth 23 of 28 Home Institution Authentication The AAF and Shibboleth 24 of 28 12
13 VO Service External Service Integration Click here The AAF and Shibboleth 25 of 28 Add the Integrated Service to Workspace Click here The AAF and Shibboleth 26 of 28 13
14 Successfully accessed with SSO The AAF and Shibboleth 27 of 28 Thank you Questions? The AAF and Shibboleth 28 of 28 14
Federated Identity & Access Mgmt for Higher Education
Federated Identity & Access Mgmt for Higher Education Dr. Erik Vullings Program Manager Macquarie University s s E-Learning E Centre of Excellence (MELCOE) Erik.Vullings@melcoe.mq.edu.au 1/23/2006 1 Backing
More informationAAA for IMOS: Australian Access Federation & related components
AAA for IMOS: Australian Access Federation & related components James Dalziel Professor of Learning Technology, and Director, Macquarie E-Learning Centre Of Excellence (MELCOE) Macquarie University james@melcoe.mq.edu.au
More informationSecure Federated Authentication and Authorisation to GRID Portal Applications using SAML and XACML Erik Vullings and James Dalziel
Secure Federated Authentication and Authorisation to GRID Portal Applications using SAML and XACML Erik Vullings and James Dalziel MELCOE, Macquarie University, Sydney, NSW 2109, Australia E-mail: {erik.vullings,
More informationWeb app AAI Integration How to integrate web applications with AAI in general?
Web app AAI Integration How to integrate web applications with AAI in general? Lukas Hämmerle lukas.haemmerle@switch.ch Zurich, 8. February 2009 6 Goal of this presentation 1. List the general requirements
More informationAustralian Research Collaboration Service (ARCS) & Grid Activities in Australia
Australian Research Collaboration Service (ARCS) & Grid Activities in Australia Prof Anthony Williams Executive Director Supported by: ARCS Mission The ARCS Mission is to enable and enhance research through
More informationIGI Portal architecture and interaction with a CA- online
IGI Portal architecture and interaction with a CA- online Abstract In the framework of the Italian Grid Infrastructure, we are designing a web portal for the grid and cloud services provisioning. In following
More informationMasdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae
Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department jmikhael@masdar.ac.ae Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation
More informationSD Departmental Meeting November 28 th, 2006. Ale de Vries Product Manager ScienceDirect Elsevier
ש בולת SD Departmental Meeting November 28 th, 2006 Ale de Vries Product Manager ScienceDirect Elsevier Shi... whát? : Shibboleth ש בולת [...] "stream, torrent". It derives from a story in the Hebrew Bible,
More informationThe UK Access Management Federation
Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager Joint Information Systems Committee 19/10/2006 Slide 1 Federations within the UK: Unique Issues The need
More informationFederated AAA middleware and the QUT SSO environment
Federated AAA middleware and the QUT SSO environment Bradley Beddoes Senior Network Programmer AAA eview Project Manager b.beddoes@qut.edu.au Shaun Mangelsdorf Network Programmer s.mangelsdorf@qut.edu.au
More informationIdentity and Access Management for Federated Resource Sharing: Shibboleth Stories
Identity and Access Management for Federated Resource Sharing: Shibboleth Stories http://arch.doit.wisc.edu/keith/apan/ apanshib-060122-01.ppt Keith Hazelton (hazelton@doit.wisc.edu) Sr. IT Architect,
More informationIdentity Federation For Authenticating and Authorizing Researchers
Identity Federation For Authenticating and Authorizing Researchers Cletus Okolie NOC Manager Eko-Konnect Research and Education Initiative Outline What are IdFs? IdF components Software Packages for IdF
More informationShibboLEAP Project. Final Report: School of Oriental and African Studies (SOAS) Colin Rennie
ShibboLEAP Project Final Report: School of Oriental and African Studies (SOAS) Colin Rennie May 2006 Shibboleth Implementation at SOAS Table of Contents Introduction What this document contains Who writes
More informationToward campus portal with shibboleth middleware
Toward campus portal with shibboleth middleware Eisuke Ito and Masanori Nakakuni itou@cc.kyushu u.ac.jp, Kyushu University nak@fukuoka u.ac.jp, Fukuoka University Outline 1. Background 2. Shibboleth 3.
More informationPolicy on ARCS eresearch Services Firewall Configuration Requests
Policy on ARCS eresearch Services Firewall Configuration Requests (Endorsed by CAUDIT Executive 29 July 2009) Introduction ARCS and CAUDIT have together sought to arrive at an agreed set of firewall configurations
More informationSAML SSO Configuration
SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting
More informationFAME-PERMIS Project. University of Manchester University of Kent. London, July 2006
FAME-PERMIS Project University of Manchester University of Kent London, July 2006 FAME-PERMIS Project Stands for Flexible Authentication Middleware Extension to PERMIS Addresses Access Management with
More informationE-LibUkr portal: Case study of Shibboleth and EZProxy in Ukraine.
E-LibUkr portal: Case study of Shibboleth and EZProxy in Ukraine. Yaroshenko Tetiana, yaroshenko[@]ukma.kiev.ua Introduction The Kyiv Mohyla Foundation of America and the National University of Kyiv Mohyla
More informationFederated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications
Federated Identity Management and Shibboleth Noreen Hogan Asst. Director Enterprise Admin. Applications Federated Identity Management Management of digital identity/credentials (username/password) Access
More informationFederated Identity Management Solutions
Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single
More informationA Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR
A Shibboleth View of Federated Identity Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR Short Section Title Agenda Assumptions and Trends Identity Management and Shibboleth Shibboleth
More informationGARR_AAI, Roma, 6 Mar 2007
What Universities need to do about Access Management, and what Britain is doing about it John Paschoud InfoSystems Engineer, LSE Library London School of Economics & Political Science, UK J.Paschoud@LSE.ac.uk
More informationFederated Identity Architectures
Federated Identity Architectures Uciel Fragoso-Rodriguez Instituto Tecnológico Autónomo de México, México {uciel@itam.mx} Maryline Laurent-Maknavicius CNRS Samovar UMR 5157, GET Institut National des Télécommunications,
More informationIAM, Enterprise Directories and Shibboleth (oh my!)
IAM, Enterprise Directories and Shibboleth (oh my!) Gary Windham Senior Enterprise Systems Architect University Information Technology Services windhamg@email.arizona.edu What is IAM? Identity and Access
More informationTitle: A Client Middleware for Token-Based Unified Single Sign On to edugain
Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Sascha Neinert Computing Centre University of Stuttgart, Allmandring 30a, 70550 Stuttgart, Germany e-mail: sascha.neinert@rus.uni-stuttgart.de
More informationIdentity Management. Manager, Identity Management. Academic Technology Services. Michigan State University Board of Trustees
Identity Management and Shibboleth h at MSU Jim Green Manager, Identity Management Michigan State t University it Academic Technology Services Identity Management Definition: Identity management is the
More informationEvaluation of different Open Source Identity management Systems
Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems
More informationCAS s IDP system and resources in Education Cloud
CAS s IDP system and resources in Education Cloud DAREN ZHA CANS2015, Chengdu Outline CAS s IDP system and Education Cloud introduction Problems of interoperation A interoperation plan CAS s Education
More informationSingle Sign-On: Reviewing the Field
Outline Michael Grundmann Erhard Pointl Johannes Kepler University Linz January 16, 2009 Outline 1 Why Single Sign-On? 2 3 Criteria Categorization 4 Overview shibboleth 5 Outline Why Single Sign-On? Why
More informationGrids Computing and Collaboration
Grids Computing and Collaboration Arto Teräs CSC, the Finnish IT center for science University of Pune, India, March 12 th 2007 Grids Computing and Collaboration / Arto Teräs 2007-03-12 Slide
More informationHOL9449 Access Management: Secure web, mobile and cloud access
HOL9449 Access Management: Secure web, mobile and cloud access Kanishk Mahajan Principal Product Manager, Oracle September, 2014 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle
More informationFederations 101. An Introduction to Federated Identity Management. Peter Gietz, Martin Haase
Authentication and Authorisation for Research and Collaboration Federations 101 An Introduction to Federated Identity Management Peter Gietz, Martin Haase AARC NA2 Task 2 - Outreach and Dissemination DAASI
More informationLogout in Single Sign-on Systems
Logout in Single Sign-on Systems Sanna Suoranta, Asko Tontti, Joonas Ruuskanen, Tuomas Aura IFIP IDMAN, London, UK, 8-9.4.2013 Logout in Single Sign-on Systems Motivation Single sign-on (SSO) systems SSO
More informationComputer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt
Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................
More informationCloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102
Cloud Standards Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102 2011 IBM Corporation Agenda Overview on Cloud Standards Identity and Access Management Discussion 2 Overview on Cloud
More informationGFIPM & NIEF Single Sign-on Supporting all Levels of Government
GFIPM & NIEF Single Sign-on Supporting all Levels of Government Presenter: John Ruegg, Director LA County Information Systems Advisory Body (ISAB) & Chair, Global Federated ID & Privilege Management (GFIPM)
More informationShibboleth Federation. Manabu Higashida manabu@cmc.osaka-u.ac.jp
On Issuing Grid User Certificates based on MICS profile using Shibboleth Federation 2009/03/03 Manabu Higashida manabu@cmc.osaka-u.ac.jp Outline Motivation On Issuing Grid User Ceritificates based on MICS
More informationLIGO Identity Management: Questions I Wish We Would Have Asked
LIGO Identity Management: Questions I Wish We Would Have Asked Scott Koranda for LIGO LIGO and University of Wisconsin-Milwaukee September 6, 2012 LIGO-XXXXXXXX-v1 1 / 39 We had a mess Late in 2007 and
More informationFederated Identity: Leveraging Shibboleth to Access On and Off Campus Resources
Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources Paul Riddle University of Maryland Baltimore County EDUCAUSE Mid-Atlantic Regional Conference January 16, 2008 Copyright
More informationESA EO Identify Management
ESA EO Identify Management The ESA EO IM Infrastructure & Services A. Baldi ESA: Andrea.Baldi@esa.int M. Leonardi ESA: m.leonardi@rheagroup.com 1 Issues @ ESA with legacy user management Users had multiple
More informationSAML Federated Identity at OASIS
International Telecommunication Union SAML Federated Identity at OASIS Hal Lockhart BEA Systems Geneva, 5 December 2006 SAML and the OASIS SSTC o SAML: Security Assertion Markup Language A framework for
More informationHow to Implement Enterprise SAML SSO
How to Implement Enterprise SSO THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY How to Implement Enterprise SSO Introduction Security Assertion Markup Language, or, provides numerous The advantages and
More informationSAML Security Option White Paper
Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions
More informationShibboleth : An Open Source, Federated Single Sign-On System David E. Martin martinde@northwestern.edu
Shibboleth : An Open Source, Federated Single Sign-On System David E. Martin martinde@northwestern.edu International Center for Advanced Internet Research Outline Security Mechanisms Access Control Schemes
More informationS P I E Information Environments Shibboleth and Its Integration into Security Architectures. EDUCAUSE & Internet 2 Security Professionals Conference
Shibboleth and Its Integration into Security Architectures Christian Fernau, Francisco Pinto University of Oxford EDUCAUSE & Internet 2 Security Professionals Conference Denver, CO 10-12 April 2006 16:47:29
More informationCal Racey Caleb.Racey@ncl.ac.uk
Identity Management: Services, Tools and Processes Cal Racey Caleb.Racey@ncl.ac.uk Context: Who I am Cal Racey System Architecture Manager: 9 years experience of Middleware application provision Particular
More informationTF-AACE. Deliverable B.2. Deliverable B2 - The Authentication Component =============================================
TF-AACE Deliverable B.2 Define the components and protocols to guarantee a harmonized operation of A&A systems Deliverable B2 - The Authentication Component =============================================
More informationGlobus Toolkit: Authentication and Credential Translation
Globus Toolkit: Authentication and Credential Translation JET Workshop, April 14, 2004 Frank Siebenlist franks@mcs.anl.gov http://www.globus.org/ Copyright (c) 2002 University of Chicago and The University
More informationDevelopment and deployment of integrated attribute based access control for collaboration
Development and deployment of integrated attribute based access control for collaboration Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationAuthorization Strategies for Virtualized Environments in Grid Computing Systems
Authorization Strategies for Virtualized Environments in Grid Computing Systems Xinming Ou Anna Squicciarini Sebastien Goasguen Elisa Bertino Purdue University Abstract The development of adequate security
More informationGRID COMPUTING Techniques and Applications BARRY WILKINSON
GRID COMPUTING Techniques and Applications BARRY WILKINSON Contents Preface About the Author CHAPTER 1 INTRODUCTION TO GRID COMPUTING 1 1.1 Grid Computing Concept 1 1.2 History of Distributed Computing
More informationShibboleth Identity Provider (IdP) Sebastian Rieger sebastian.rieger@gwdg.de
Shibboleth Identity Provider (IdP) Sebastian Rieger sebastian.rieger@gwdg.de Gesellschaft für wissenschaftliche Datenverarbeitung mbh Göttingen, Germany CLARIN AAI Hands On Workshop, 25.02.2009, Oxford
More informationIDENTITY MANAGEMENT AUDIT REPORT
IDENTITY MANAGEMENT AUDIT REPORT PUBLIC VERSION 6 SEPTEMBER 2011... T +44 (0)1206 873950 E djhall@data-archive.ac.uk W www.data-archive.ac.uk... UK DATA ARCHIVE UNIVERSITY OF ESSEX WIVENHOE PARK COLCHESTER
More informationIntegrating Multi-Factor Authentication into Your Campus Identity Management System
Integrating Multi-Factor Authentication into Your Campus Identity Management System Mike Grady, Unicon David Walker, Internet2 (both associated with the Internet2 Scalable Privacy Project) Agenda Multi-Context
More informationT0 Federation Scaling through self service. September, Heath Marks, Manager AAF.
T0 Federation Scaling through self service September, Heath Marks, Manager AAF. Big responsibility, small footprint The value of the AAF is a shared service for Australian Research and Education We allow
More informationshibboleth@nersc.gov Steve Chan sychan@lbl.gov
shibboleth@nersc.gov Steve Chan sychan@lbl.gov Intro What? What is Shib? What has been Shib-Enabled? Why? What problem is solved? Why should I care? Who? Where? Who is using it? What is Shibboleth? Gratuitous
More informationShibboleth N-Tier Support. Chad La Joie chad.lajoie@switch.ch
Shibboleth N-Tier Support Chad La Joie chad.lajoie@switch.ch Agenda Use Case Terminology Shibboleth Solution Future Effort Resources 2 Use Case Current use case comes from University of Chicago University
More informationUsing Shibboleth for Single Sign- On
Using Shibboleth for Single Sign- On One Logon to Rule them all.. Kirk Yaros Director, Enterprise Services Mott Community College 1 Agenda Overview of Mott Overview of Shibboleth and Mott s Project Review
More informationAustralian Synchrotron, Storage Gateway
Australian Synchrotron, Storage Gateway User Help Manual Version 1.2 Storage Gateway User Help Manual 2 REVISION HISTORY Date Version Description Author 2 May 2008 1.0 Document creation Chris Myers 13
More informationFederated Identity Management
Federated Identity Management SWITCHaai Introduction Course Bern, 1. March 2013 Thomas Lenggenhager aai@switch.ch Overview What is Federated Identity Management? What is a Federation? The SWITCHaai Federation
More informationCA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam
CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam (CAT-140) Version 1.4 - PROPRIETARY AND CONFIDENTIAL INFORMATION - These educational materials (hereinafter referred to as
More informationDelegation for On-boarding Federation Across Storage Clouds
Delegation for On-boarding Federation Across Storage Clouds Elliot K. Kolodner 1, Alexandra Shulman-Peleg 1, Gil Vernik 1, Ciro Formisano 2, and Massimo Villari 3 1 IBM Haifa Research Lab, Israel 2 Engineering
More informationSecure Federated Light-weight Web Portals for FusionGrid
Secure Federated Light-weight Web Portals for FusionGrid By: D. Aswath, M. Thompson, M. Goode, X. Lee, N. Y. Kim Presented by: Dipti Aswath GCE Workshop 2006 Second International Workshop on Grid Computing
More informationHigh Performance Computing Infrastructure in Japan
High Performance Computing Infrastructure in Japan Kento Aida National Institute of Informatics 2 Overview of HPCI Introduction n High Performance Computing Infrastructure (HPCI) Ø national project promoted
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationOpenSSO: Cross Domain Single Sign On
OpenSSO: Cross Domain Single Sign On Version 0.1 History of versions Version Date Author(s) Changes 0.1 11/30/2006 Dennis Seah Contents Initial Draft. 1 Introduction 1 2 Single Domain Single Sign-On 2
More informationAAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle lukas.haemmerle@switch.ch
AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes Lukas Hämmerle lukas.haemmerle@switch.ch Berne, 13. August 2014 Introduction App by University of St. Gallen Universities
More informationDAM-LR Distributed Solution. - ideas -
DAM-LR Distributed Solution Working on a Federated Archive - ideas - Daan, Freddy, Peter Federation Goal in DAM-LR single sign-on integrated metadata layer one basket idea federated authorization User
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES
pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon
More informationAllidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm
Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationEnabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver
Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management
More informationIMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS
APPLICATION NOTE IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS SAML 2.0 combines encryption and digital signature verification across resources for a more
More informationA Federated Authorization and Authentication Infrastructure for Unified Single Sign On
A Federated Authorization and Authentication Infrastructure for Unified Single Sign On Sascha Neinert Computing Centre University of Stuttgart Allmandring 30a 70550 Stuttgart sascha.neinert@rus.uni-stuttgart.de
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name:_Cengage Gale_ Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative
More informationUSING ESPRESSO [ESTABLISHING SUGGESTED PRACTICES REGARDING SINGLE SIGN ON] TO STREAMLINE ACCESS
USING ESPRESSO [ESTABLISHING SUGGESTED PRACTICES REGARDING SINGLE SIGN ON] TO STREAMLINE ACCESS Andy Ingham (UNC-Chapel Hill) NASIG Annual Conference, June 4, 2011 What I hope to cover Problem statement
More informationin Swiss Higher Education
AAI in Swiss Higher Education Ueli Kienholz, 2006 SWITCH Without AAI University A Student Admin Web Mail e-learning Tedious user registration at all resources Unreliable and outdated
More informationConnecting Web and Kerberos Single Sign On
Connecting Web and Kerberos Single Sign On Rok Papež ARNES aaa-podpora@arnes.si Terena networking conference Malaga, Spain, 10.6.2009 Kerberos Authentication protocol (No) authorization Single Sign On
More informationProvisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1
Item Count Provisioning/Deprovisioning Automated Deprovisioning 1 Automated on/off boarding from an authoritative source AUTOMATED [DE-]PROVISIONING 1 Removal of resources at the appropriate time 1 Timeliness
More informationLogout Support on SP and Application
Logout Support on SP and application Logout Support on SP and Application Possibilities and and Limitations SWITCHaai Team aai@switch.ch Single Logout: Is it possible? Single Logout will work only in some
More informationBroadening Iden-ty & Access Management: InCommon Federa-on
Broadening Iden-ty & Access Management: InCommon Federa-on John Krienke jcwk@internet2.edu 700 InCommon Participants Year-to-Year https://www.incommon.org/participants/ Number of Participants 600 500 400
More informationHow Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data
2014 Fifth International Conference on Computing for Geospatial Research and Application How Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data Andreas Matheus University of
More informationCERN Single Sign On solution
CERN Single Sign On solution Emmanuel Ormancey System Architect, CERN IT/IS CERN, Route de Meyrin, CH-1211 Geneva 23, Switzerland E-mail: Emmanuel.Ormancey@cern.ch Abstract. The need for Single Sign On
More informationFederated Identity Management. Willem Elbers (MPI-TLA) EUDAT training
Federated Identity Management Willem Elbers (MPI-TLA) EUDAT training Date: 26 June 2012 Outline FIM and introduction to components Federation and metadata National Identity federations and inter federations
More informationMulti-Tenancy Authorization System with Federated Identity for Cloud-Based Environments Using Shibboleth
Multi-Tenancy Authorization System with Federated Identity for Cloud-Based Environments Using Shibboleth Marcos A. P. Leandro, Tiago J. Nascimento, Daniel R. dos Santos, Carla M. Westphall, Carlos B. Westphall
More informationProtect Everything: Networks, Applications and Cloud Services
Protect Everything: Networks, Applications and Cloud Services Tokens & Users Cloud Applications Private Networks Corporate Network API LDAP / Active Directory SAML RADIUS Corporate Network LDAP / Active
More informationInformation Technology Services
Information Technology Services The purpose of an Information Technology Standard is to specify requirements for compliance with Old Dominion University Information Technology policies, other University
More informationMulti-Factor Authentication, Assurance, and the Multi-Context Broker
Multi-Factor Authentication, Assurance, and the Multi-Context Broker IAM Online April 30, 2014 Keith Wessel, University of Illinois, Urbana-Champaign David Langenberg, University of Chicago David Walker,
More informationTenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.
Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,
More informationSAML, The Liberty Alliance, and Federation* Eve Maler eve.maler@sun.com http://www.xmlgrrl.com/blog
SAML, The Liberty Alliance, and Federation* Eve Maler eve.maler@sun.com http://www.xmlgrrl.com/blog IIWb, Mountain View, CA, 4 December 2006 1 When you distribute identity tasks and information in the
More informationInter-cloud Introduction. Yisheng Wang
Inter-cloud Introduction Yisheng Wang Agenda Introduction Summer Updates Future Work Introduction Cloud Introduction Cloud Federation Researches on Cloud Federation Conclusion Cloud Introduction Definition
More informationShibboleth User Verification Customer Implementation Guide 2015-03-13 Version 3.5
Shibboleth User Verification Customer Implementation Guide 2015-03-13 Version 3.5 TABLE OF CONTENTS Introduction... 1 Purpose and Target Audience... 1 Commonly Used Terms... 1 Overview of Shibboleth User
More informationThe GISELA Science Gateway
The GISELA Science Gateway Roberto Barbera (roberto.barbera@ct.infn.it) University of Catania and INFN - Italy TICAL 2012 Lima, 3 July 2012 Introduction and driving considerations The Catania Science Gateway
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to WebEx
Configuring Single Sign-on from the VMware Identity Manager Service to WebEx VMware Identity Manager SEPTEMBER 2015 V 2 Configuring Single Sign-On from VMware Identity Manager to WebEx Table of Contents
More informationMulti-Factor Authentication: All in This Together
Multi-Factor Authentication: All in This Together Host: Tom Barton, University of Chicago Speakers: IAM Online September 11, 2013 Eric Goodman, University of California Office of the President Mike Grady,
More informationSecuring Enterprise: Employability and HR
1 Securing Enterprise: Employability and HR Federation and XACML as Security and Access Control Layer Open Standards Forum 2 Employability and HR Vertical Multiple Players - Excellent case for federation
More informationIssues in federated identity management
Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh 1 Contents Federated identity management overview Open issues for federations 2 Introduction Federated identity
More informationPerceptive Experience Single Sign-On Solutions
Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark
More information