90 likes | 385 Views
Researcher ID. September13 2013 Presented by Terry Smith - AAF Technical Manager . Researcher ID. The brief Creation of a test “sandbox” environment for the Researcher ID Populate an LDAP directory Based on Authn and Attributes from AAF or Social Authentication
E N D
Researcher ID September13 2013 Presented by Terry Smith - AAF Technical Manager
Researcher ID • The brief • Creation of a test “sandbox” environment for the Researcher ID • Populate an LDAP directory • Based on Authn and Attributes from AAF or Social Authentication • Simple UI for Researchers to manage their Researcher ID (Passwords, etc) • Extend the accounts with Group membership, permissions and roles • Simple workflow that can be used by resource owners • Test against use cases provided by the RDSI Nodes • Determine what it will take to run as a production system
Researcher ID Federated Authentication Social Authentication IdP IdP Identity IdP IdP AAF DS Provisioning & Account Management Account and Password Management Advanced account provisioning OAuth SAML AA SAML IdP RW RW RO RO RO Researcher ID Identity Store Master Replicas OU=Groups OU=People Node RO Replicas DN=email-address + AAF Core Attrs + MemberOf DN=Group Name Members=… Group Mgnt, Workflows and APIs RestAPI RestAPI WebUi WebUi VOOT VOOT LDAP LDAP Web Apps Federated and/or Social Authentication + Groups App LDAP or Oauth Authentication + Groups Server Access PAM-LDAP + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups Node Applications & Resources
Researcher ID Federated Authentication Social Authentication IdP IdP Identity IdP IdP AAF DS Provisioning & Account Management Account and Password Management Advanced account provisioning OAuth SAML AA SAML IdP RW RW RO RO RO Researcher ID Identity Store Master Replicas OU=Groups OU=People Node RO Replicas DN=email-address + AAF Core Attrs + MemberOf DN=Group Name Members=… Group Mgnt, Workflows and APIs RestAPI RestAPI WebUi WebUi VOOT VOOT LDAP LDAP Web Apps Federated and/or Social Authentication + Groups App LDAP or Oauth Authentication + Groups Server Access PAM-LDAP + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups Node Applications & Resources
Researcher ID Federated Authentication Social Authentication IdP IdP Identity IdP IdP AAF DS Provisioning & Account Management Account and Password Management Advanced account provisioning OAuth SAML AA SAML IdP RW RW RO RO RO Researcher ID Identity Store Master Replicas OU=Groups OU=People Node RO Replicas DN=email-address + AAF Core Attrs + MemberOf + Password DN=Group Name Members=… Group Mgnt, Workflows and APIs RestAPI RestAPI WebUi WebUi VOOT VOOT LDAP LDAP Web Apps Federated and/or Social Authentication + Groups App LDAP or Oauth Authentication + Groups Server Access PAM-LDAP + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups Node Applications & Resources
Researcher ID Federated Authentication Social Authentication IdP IdP Identity IdP IdP AAF DS Provisioning & Account Management Account and Password Management Advanced account provisioning OAuth SAML AA SAML IdP RW RW RO RO RO Researcher ID Identity Store Master Replicas OU=Groups OU=People Node RO Replicas DN=POSIX Username + AAF Core Attrs + MemberOf + Password + PosixAttrs DN=PosixGroupName Members=… + PosixAttrs Group Mgnt, Workflows and APIs RestAPI RestAPI WebUi WebUi VOOT VOOT LDAP LDAP Web Apps Federated and/or Social Authentication + Groups App LDAP or Oauth Authentication + Groups Server Access PAM-LDAP + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups Node Applications & Resources
Researcher ID Federated Authentication Social Authentication IdP IdP Identity IdP IdP AAF DS Provisioning & Account Management Account and Password Management Advanced account provisioning OAuth SAML AA SAML IdP RW RW RO RO RO Researcher ID Identity Store Master Replicas OU=Groups OU=People Node RO Replicas DN=POSIX Username + AAF Core Attrs + MemberOf + Password + PosixAttrs + Kerberos + PKI Certs DN=PosixGroupName Members=… + PosixAttrs RestAPI Group Mgnt, Workflows and APIs WebUi WebUi VOOT LDAP LDAP CA Kerberos Web Apps Federated and/or Social Authentication + Groups App LDAP or Oauth Authentication + Groups Server Access PAM-LDAP + Groups Server Access SSSD Single Sign-on Kerberos, PKI + Groups Node Applications & Resources
Researcher ID The Use cases dictates the Schema and components that need to be included to build the Researcher ID Infrastructure. Next activity - Building an end to end pilot Researcher ID
Researcher ID Possible Protocols and Services supported by the Researcher ID? NFS WebDav Globus Online SSH / SCP SFPT SIF Shares Aspera Grid FTP Web http