PaNdata WP3 F2F Meeting. PaNdata F2F Meeting, MAX-lab, March 13/14, 2013 Heinz J Weyer, PSI 1

Similar documents
IT Needs of and Vision for Photon / Neutron Community

RDA Report Working Meeting Session 5 IG Federated Identity Management. Presentations

Building an Open Data Infrastructure for Science: Turning Policy into Practice

Federated Identity Management for Research Collaborations

Federated Identity Management for Research Collaborations

Single Sign On. SSO & ID Management for Web and Mobile Applications

Authentication and Single Sign On

Integrating Research Information: Requirements of Science Research

This document is not an offer, commitment, representation or warranty by AT&T and is subject to change.

Linking raw data with scientific workflow and software repository: some early

Case Studies in Federated Identity Management for Research Communities

OneLogin Integration User Guide

Integrating Multi-Factor Authentication into Your Campus Identity Management System

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On

Single Sign-On: Reviewing the Field

Deliverable D1.1. Building data bridges between biological and medical infrastructures in Europe. Grant agreement no.:

Procurement Innovation for Cloud Services in Europe

Secure Your Enterprise with Usher Mobile Identity

Profiling as a Service

Designing for Office 365 Infrastructure

Avaya IP Office 8.1 Configuration Guide

Case Study - Configuration between NXC2500 and LDAP Server

Editorial NUMBER 01 NOVEMBER Editorial. Project overview. Reference architecture

Authentication Integration

Connecting to Manage Your MS SQL Database

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

Security Policy Revision Date: 23 April 2009

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle

Integrating OID/SSO with E- Business Suite and Third-Party SSO Solutions. Presented by Paul Jackson (Norman Leach)

Getting Started with AD/LDAP SSO

Federated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Q&A Session for Understanding Atrium SSO Date: Thursday, February 14, 2013, 8:00am Pacific

What we're doing with Drupal at UChicago and how it can help you.

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Brian Spector CEO, CertiVox. CloudAuthZ

Cloudwork Dashboard User Manual

U S E R D O C U M E N TA T I O N ( A L E P H I N O

CA Spectrum and CA Embedded Entitlements Manager

Research proposal (Part B)

2 Transport-level and Message-level Security

User Management and Sharing in sciebo, the Academic Cloud Storage Service in NRW Holger Angenent. University of Münster

Patrick Fuhrmann. The DESY Storage Cloud

Configuration Worksheets for Oracle WebCenter Ensemble 10.3

Use of The Information Services Active Directory Service (AD) Code of Practice

From the Intranet to Mobile. By Divya Mehra and Stian Thorgersen

Building blocks for establishing federation with organizations like ESA

Designing Windows Server 2008 Active Directory Infrastructure and Services Course 6436B; 5 Days, Instructor-led

HP A-IMC Firewall Manager

Getting Started with Single Sign-On

Identity Management Basics. OWASP May 9, The OWASP Foundation. Derek Browne, CISSP, ISSAP

Agenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization

Federation Are We Ready? Alec Cartwright Authentication Common Capability Design Authority

Scientific Cloud Computing Infrastructure for Europe. Bob Jones,

IOS 8: Configure IMAP/POP/SMTP

Centrify Cloud Connector Deployment Guide

Tenable for CyberArk

Mail 8.2 for Apple OSX: Configure IMAP/POP/SMTP

Please return this document to when complete.

SAML Security Option White Paper

ESA EO Identify Management

Getting Secure Access to NHSN for LTCF Users

Pilot Projects Coordination Workshop Date: 18. February 2003 Time: 09:30 12:30 Place: University of Bern, Gesellschaftsstrasse 6

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Operating system module for automated remapping of access to network resources resulting from a change in network topology

CloudCERT (Testbed framework to exercise critical infrastructure protection)

Robert Honeyman Honeyman IT Consulting.

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

EUDAT Infrastructure and Service Support

Renata Giménez (BSC) Jasmina Tomic, David Vicente (BSC) Pascale Bernier-Bruna (BULL) <website, domain, project, portal>

Scientific Cloud Computing Infrastructure for Europe Strategic Plan. Bob Jones,

The Government Gateway UK Best Practice on Infrastructure and Identity Management. Chris Haynes Director of the EDT Cabinet Office UK Government

This release bulletin relates to Version build 2701 of the Swivel Authentication Platform and other new capabilities.

HP Software as a Service. Federated SSO Guide

Shibboleth Development and Support Services. OpenID and SAML. Fiona Culloch, EDINA. EuroCAMP, Stockholm, 7 May 2008

Designing a Windows Server 2008 Active Directory Infrastructure and Services

Information Systems Services. Configuring Entourage 2008 to connect to the University s Exchange service Version 2.2 February 2009

Setting up RDP on your ipad

Azure Active Directory

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

CRISP WP18. Requirements for Data Recording to Storage Media. CRISP Milestone 3. CRISP_MS3.doc

AskCody Connect Connect your Outlook or AD to AskCody s solutions seamlessly. Everything included!

Research Data Alliance: Current Activities and Expected Impact. SGBD Workshop, May 2014 Herman Stehouwer

Ping Identity, Euro Cloud award entry

SharePoint AD Information Sync Installation Instruction

CA Performance Center

About Me. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

Federated Directory Services

Content Management System for internal communication. Deliverable D1.2

WineWeb Account Services

Single Sign-On for the UQ Web

RSA SecurID Certified Administrator (RSA Authentication Manager 8.0) Certification Examination Study Guide

AVG Business Secure Sign On Active Directory Quick Start Guide

How To Use Saml 2.0 Single Sign On With Qualysguard

Guillem Bernat (RAPITA) Communication, Deliverable, Dissemination, Publication, Reporting

SD Departmental Meeting November 28 th, Ale de Vries Product Manager ScienceDirect Elsevier

Configuring User Identification via Active Directory

Configuring a TeleVox account on an ios device.

Transcription:

PaNdata WP3 F2F Meeting PaNdata F2F Meeting, MAX-lab, March 13/14, 2013 Heinz J Weyer, PSI 1

TOC Umbrella as answer to facility IT requests Umbrella in a nutshell PaNdata and CRISP Modified DoW Umbrella implementation / deployment Implementation teams Affiliation database (ESRF) Open issues Conclusions Heinz J Weyer, PSI 2

Umbrella as answer to facility IT requests I Concept Unique user identification on EU (trans-facility) scale Only one (1) identity provider Hybrid information storage: o Authentication (minimal info): central Umbrella o Authorization (complete info): WUOs (local user offices) (Lufthansa <-> Swiss) No way for sub-surface cross-facility information exchange Waterproof but slim data protection system Base system on professional authentication standard Shibboleth, federated Single-Sign-On System (SAML), widely used Specific photon / neutron user federation Supervising by local User Offices Heinz J Weyer, PSI 3

Umbrella as answer to facility IT requests II Incorporate confidentiality aspects High competition, especially in structural biology Allow for time-window structured access to experiments and data Rely on existing local user office structure Great experience DIY (Do It Yourself) operation o Users: manage their personal entries o User offices: supervising; manage authorizations o Possibility for verification feedback Heinz J Weyer, PSI 4

Hybrid concept (central and federated) Answer to conflicting requests: Efficient technology Confidentiality Consequent distinction of authentication and authorisation: Authentication: Umbrella Authorization: WUOs (local user offices) User info Proposal Modules Affiliation info Central (common) part o Identification o Registration for central serv. o Modules with general, scientific info o Department o Postal address Central phone Local facility part o Detailed info o Roles at facilities o Proposer info o Roles at facilities o Facility specific city code (e.g. for EU reimbursement PaNdata F2F Meeting, MAX-lab, March 13/14, 2013 Heinz J Weyer, PSI 5

Umbrella as answer to facility IT requests III Affiliation database Common tool for Umbrella partners Advantage & support for facilities Advantage & support for users -> Presentation D.Porte, ESRF Heinz J Weyer, PSI 6

TOC Umbrella as answer to facility IT requests Umbrella in a nutshell PaNdata and CRISP Modified DoW Umbrella implementation / deployment Implementation teams Affiliation database (ESRF) Open issues Conclusions Heinz J Weyer, PSI 7

PaNdata/WP3 and CRISP/WP16 Initially highly overlapping DoWs for identity management System immanent problem Raised again at the Brussels review (Dec. 2012) Bottom-up approach Harmonization meetings (Next one coming up: June 2013 @HZB) Job subdivision PaNdata/WP3: Basic Umbrella o Deployment of Basic Umbrella o Affiliation database o Umbrella and ICAT CRISP/WP16: Further developments: o Bridging o Moonshot o Fast data exchange (GRIDftp) Heinz J Weyer, PSI 8

PaNdata/WP3 and CRISP/WP16 cont. Modified DoW: Methodology: This task will deploy, operate and evaluate a protocol for introducing a pan-european user identification and Single-Sign-On (SSO) system and implement common processes for the joint operation of that system. This is a necessary baseline for enabling seamless cross-facility data and experiment access and integration by individual users. It will build on the user policy and user data exchange standards which are being developed by the consortium in the current PaNdata Support Action. The need for common user identification at research facilities is identified also by several other projects (e.g. CRISP, NMI3, and CALIPSO); especially between WP3 and CRISP / WP16 there is strong overlap. As consequence, these projects meet since the beginning twice per year in order to harmonize their identity management activities. Specifically PaNdata / WP3 and CRISP / WP16 have agreed that WP3 concentrates on the deployment of the basic Umbrella system and WP16 on the development of further functionalities. Deliverables and month of delivery D3.1 : Specification of authentication infrastructure (M6) D3.2 : Pilot deployment of initial authentication service infrastructure (M12) D3.3 : Production deployment of authentication service infrastructure (M18) D3.4 : Evaluation of initial authentication service infrastructure (M24) Heinz J Weyer, PSI 9

TOC Umbrella as answer to facility IT requests Umbrella in a nutshell PaNdata and CRISP Modified DoW Umbrella implementation / deployment Implementation teams Affiliation database (ESRF) Open issues Conclusions Heinz J Weyer, PSI 10

Umbrella implementation / deployment Highly delicate Affecting management of 30 000+ visiting scientists Touching holy grails of facilities -> only one (1) chance Facility management Umbrella IT development Users User office Good old salami tactics: small, overseeable steps Keep everybody in the boat 4 Phases Open the gate gradually Keep option to go back Heinz J Weyer, PSI 11

Communication Harmonization meetings Bi-annual (2013:Jan15,Feb19,Mar6) PaNdata,CRISP, but also CALIPSO, NMI3, BiostructX, FMI ESUO European photon science October 2012,Barcelona -> official endorsement of Umbrella by ESUO IUCr 27th European Crystallographic Meeting, August 2012, in Bergen -> Xtallographers = strongest photon user group FIM4R Wide range of communities Next meeting (Mar 20/21)at PSI Heinz J Weyer, PSI 12

Umbrella Implementation / Deployment Phase 0: implementation of Umbrella-ready versions o Changes to existing WUO are Trans facility Umbrella user ID, Umbrella -WUO handshakes Harmonized local user db format Umbrella username / password conventions Phase I: Local experts o IT people involved, local user office staff Goal is to verify the new procedures. Phase II: Open to selected friendly users o Tell them that this is the 2 nd phase of deployment. Tell them about what is to come (should include also estimates for harmonized proposal handling and ICAT) o Ask them for their feedback o Incorporate feedback Phase III: Open to all users o Planned for spring / summer Heinz J Weyer, PSI 13

Implementation teams Project structure Management team o Priorities, MoU, facility coordination Technical team o Specific technical questions Holy document Legal / administrative issues o Umbrella physical topology o Central user database o Local user database o Affiliation database o Security issues o User support o Procedure for handling further developments o Umbrella production version o Implementation steps o Operational issues o MoU Heinz J Weyer, PSI 14

Umbrella Implementation Teams Facility Project Management Technical Alba P D. Salvat D. Salvat DESY P+C F. Schluenzen J.P. Kurz, U. Lindemann DIAMOND P B. Pulford B. Pulford Elettra P G. Paolucci, O. Degiacomo EMBL HH& Biostruct X F. Bille J. Schmidt J. Schmidt ESRF P+C D. Porte S. Schulze European XFEL C K. Wrona K. Wrona FMI D. Flanders R. Schmidt GSI C P. Malzacher, K. Schwarz HZB P Th. Gutberlet A. Tomiak ILL P J.-F. Perrin F. Festivi ISIS & STFC P T. Griffin A. Wilson A. Montiel Gonzales PSI P+C S. Janssen M. Knecht Umbrella team P+C B. Abt, M. Van Daalen H.J. Weyer (lead) B. Abt (lead) M. Van Daalen H.J. Weyer Heinz J Weyer, PSI 15

Next steps First wave ESRF ILL PSI Second wave HZB DIAMOND Detailed roadmap Project file Heinz J Weyer, PSI 16

TOC Umbrella as answer to facility IT requests Umbrella in a nutshell PaNdata and CRISP Modified DoW Umbrella implementation / deployment Implementation teams Affiliation database (ESRF) Open issues Conclusions Heinz J Weyer, PSI 17

Open issues -> at the end Heinz J Weyer, PSI 18

ALBA (P) Daniel Salvat DESY (C+P) Frank Schluenzen, Rolf Treusch, Jan-Peter Kurz, Ulrike Lindemann DIAMOND (P) Bill Pulford Fermi/Elettra (P) Cecilia Blasetti, Ornela Degiacomo, Giorgio Paolucci EMBL HH / Biostruct X Johannes Schmidt ESRF (C+P) Rudolf Dimper, Dominique Porte, Stefan Schulze, Julien Savoyet European XFEL (C) Krzysztof Wrona Friedrich Miescher Institut Dean Flanders, Roger Schmidt GSI (C) Peter Malzacher, Almudena Montiel, Kilian Schwarz Umbrella collaborators HZB (P) Thomas Gutberlet, Dietmar Herrendoerfer, Olaf Schwarzkopf I LL (C+P) Jean-Francois Perrin, F. Festivi ISIS (P) Tom Griffin IPJ (Poland) Robert Nietubic MAXlab Ulf Johansson PSI (C+P) Bjoern Abt, Stephan Egli, Stefan Janssen, Markus Knecht, Mirjam van Daalen, Heinz J Weyer Soleil (P) Frederique Fraissard STFC (P) Anthony Gleeson Heinz J Weyer, PSI 19

Conclusion Update of WP3 DoW Umbrella ready for implementation Heinz J Weyer, PSI 20

Open issues!! Need to be decided before we leave!! Passing on (new account) o Username o Password Umbrella first registration o Google-type and link o Umbrellify New/old username New/old password Umbrella visibility o Central o Federal o Both Central server o Domain name o Ldap replication Mpp o Needed for work sync o Why slow response? MoU o Draft status o Superfluous items o Missing items o Who signs o One or two? o Editorial team o Road map Heinz J Weyer, PSI 21

Thank you Heinz J Weyer, PSI 22

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information