Development and deployment of integrated attribute based access control for collaboration



Similar documents
Identity Management Systems for Collaborations and Virtual Organizations

Three Case Studies in Access Management

IGI Portal architecture and interaction with a CA- online

Single Sign On. SSO & ID Management for Web and Mobile Applications

Using Shibboleth for Single Sign- On

The Role of Federation in Identity Management

Protect Everything: Networks, Applications and Cloud Services

Using Grouper: Newcastle University case studies. Richard James Caleb Racey

Authentication Methods

Sugar Professional. Approvals Competitor tracking Territory management Third-party sales methodologies

Google Apps and Open Directory. Randy Saeks

CAS s IDP system and resources in Education Cloud

Agenda. How to configure

HOL9449 Access Management: Secure web, mobile and cloud access

Sugar Professional. Approvals Competitor tracking Territory management Third-party sales methodologies

Entrust IdentityGuard Comprehensive

Identity Management. Manager, Identity Management. Academic Technology Services. Michigan State University Board of Trustees

Single Sign-On: Reviewing the Field

Editions Comparison Chart

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps

The Challenges of Web single sign-on

The increasing popularity of mobile devices is rapidly changing how and where we

Identity, Privacy, and Data Protection in the Cloud XACML. David Brossard Product Manager, Axiomatics

Getting Started with Clearlogin A Guide for Administrators V1.01

Product Information. Sugar vs Zoho. Features Comparison

Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1

PRIVACY AWARE ACCESS CONTROL FOR CLOUD-BASED DATA PLATFORMS

How To Make A Multi-Tenant Platform Secure And Secure

Authentication Integration

Enabling Applications to Use Your Identity Management System

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver

NCSU SSO. Case Study

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal

Identity and Access Management for LIGO: International Challenges

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

VMware Identity Manager Administration

Flexible Identity Federation

Разработка программного обеспечения промежуточного слоя. TERENA BASNET Workshop, November 2009 Joost van Dijk - SURFnet

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

OPENIAM ACCESS MANAGER. Web Access Management made Easy

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications

UNI. UNIfied identity management. Krzysztof Benedyczak ICM, Warsaw University

Shibboleth Configuration in Tübingen

A Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR

Perun Modern Approach for User and Service Management

Access Management Analysis of some available solutions

Web app AAI Integration How to integrate web applications with AAI in general?

Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources

LIGO Authentication and Authorization 2.0

Identity and Access Management for Federated Resource Sharing: Shibboleth Stories

University of Maine System Active Directory Services - RFP# ADDENDUM #01

How To Manage Identity On A Cloud (Cloud) With A User Id And A Password (Saas)

SSO Questions. Request for 10 minute overview/demo on Grouper software package set-up (IT-oriented)

Connected Data. Connected Data requirements for SSO

Federated Identity for Cloud Computing and Cross-organization Collaboration

Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server

Trust but Verify: Best Practices for Monitoring Privileged Users

Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications

Centrify Cloud Connector Deployment Guide

SAML Federated Identity at OASIS

Federations 101. An Introduction to Federated Identity Management. Peter Gietz, Martin Haase

LinuxCon North America

Shibboleth N-Tier Support. Chad La Joie

Building Secure Applications. James Tedrick

VMware Identity Manager Administration

SAML and OAUTH comparison

Flexible Identity Federation

September 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence

Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems

Entitlements Access Management for Software Developers

Implementing Microsoft Azure Infrastructure Solutions

EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report

PingFederate. SSO Integration Overview

Enterprise Portal Built by and for Higher Education

From centralized to single sign on

globus online Integrating with Globus Online Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory

Transcription:

Development and deployment of integrated attribute based access control for collaboration

Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications and user communities Virtual organizations represent critical communities of researchers sharing domain resources and applications as well as general collaboration tools. Providing a unified identity management platform for collaboration is essential in a multi-domain, multi-tool world. Lots of activities in domesticating applications to work in a federated world, moving from tool-based identity to collaboration-centric identity.

Collaboration Platform Integrated set of collaboration apps (wikis, listprocs, CVS, file share, calendaring, etc) Integration of at least identity and access control via group memberships Integration with domain science apps Integration of content and meta-data is harder Repackages successful approaches for a collaborative/ project/vo setting Federated identity, group management, directories, and security token services (aka credential convertors)

Collaboration Infrastructure (COIN) Dutch National Collaboration Infrastructure Domesticated tools -Adobe Connect; Alfresco; Foodle; Filesender; Confluence; WSO2 mashup server; OpenFire; Drupal; KnowledgeTree, Sympa and Limesurvey Domesticated services -Google Apps; MyExperiment.org; Twitter; PubMed Integration across VO, institution and third-party domains Workflow Grid integration

Domestication of applications The work of re-factoring applications to use the emergent identity services infrastructure Begins with federated identity and authentication, use of directories; gains a lot from group management for access control, etc Needs a fine grain set of authorization tools down the road Domesticated apps can receive IdM attributes via LDAP, SAML, X.509, SQL, Kerberos PAC, and maybe all of the above

Typical activities in collaboration management Add or remove people from groups Create new subgroups, identify overlapping memberships, etc. Permit or deny access control to wiki pages, calendars, computing resources, version control systems, etc Add people to mailing lists, wikis, etc Create and delete/archive users, accounts, keys Identify group membership on a given date

COManage Elements Dashboard Shib SP Shib IdP Data Store Grouper STS LdapPC Including provisioning Applications

What s in a COmanage data store Enterprise Attributes Federated Id Enrolled classes Display name Citizenship Enterprise affiliation Project/VO attributes PI groups Wiki editing permissions Instrument permissions VO certificates

Grouper A general purpose, extensible, open-source group management tool In production at many institutions in the US and overseas Core national infrastructure service in several countries Manages groups of things people, devices, processes Has GUI, people picker, group math, inheritance, delegation, provisioning and deprovisioning, etc. Stores values in LDAP directory Aimed at spectrum from power user to collabmin, sysadmin and enterprise IdM.

Security Token Service Converts the form of an existing credential or packs a set of attributes into a new credential Presents external security information to an application or service in the lingua of the app/service Conversions SAML into X.509, SAML into Kerberos, SAML to LDAP, etc. Mythical in a single comprehensive package; legion in individual instances

What forms does COmanage take? Usually as an assembled set of services A dashboard, directory product, Shibboleth IdP and SP, Grouper, and a set of applications provisioned on other servers On an enterprise level to serve its collaborations and VO s, within a large VO, or at a federation level to serve a national community Can also be a VM, a VM in the cloud, or a service with the applications in the cloud. Can be embedded in a science portal or gateway

Flows of attributes - 1 Enterprise Project comanage Relying Party Data Store Enterprise

Use cases it enables A student adds a class and is immediately enabled to use the VO wiki; a student drops the class and is immediately disabled from using the VO instruments A resource prohibited from use by foreign nationals is protected International privacy laws are adhered to Anonymous access is enabled but limited to those authorized to participate Security is commensurate with the risks

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information