180 likes | 198 Views
OpenConext is an open-source middleware platform that enables secure federated authentication, centralized groups management, and attribute-based authorization for collaboration in the Dutch higher education and research community.
E N D
OpenConext • Supporting Collaboration Pieter van der Meulen Technical Product Manager
SURFnet: the Dutch NREN • SURFnet is the Dutch National Research & Education Network (NREN) • Services, innovation, knowledge • Not for profit • Task organisation of Stichting SURF = ICT collaboration of higher education & research • A small operation serving a large community: • 85 employees • 160 connected institutions • 1 million end-users • Turnover 35 million Euro; 1/3 innovation subsidies SURFnet - We make innovation work
OpenConext SURFnet - We make innovation work
OpenConext • Middleware for building Collaboration Platforms • Open Source, Apache 2 License • Available since 2011 The Netherlands – SURFconext (SURFnet)A national Collaboration and Service delivery platform for Higher Education & Research 140 Identity Providers 430 Service Providers SURFnet - We make innovation work
Collaboration Platform • Federated Authentication • Centralized Groups Federated Authentication Leverages secure, trusted authentication and Single Sign on for Campus and Cloud applications Centralized groups Used for Adhoc collaborations and institutional groups Group Provider Provide groups to service providers Receive group data from external group providers SURFnet - We make innovation work
OpenConext SURFnet - We make innovation work
Service Delivery Platform • Federated Authentication • Attribute based Authorization • National Procurement & Licencing Create Trusted Services By combining Identity Federation, privacy and data protection regulations and license deal in one contract between Service Provider and (all) Dutch institutions SURFnet - We make innovation work
Services Dashboard SURFnet - We make innovation work
Commercial Services SURFnet - We make innovation work
eScience Services SURFnet - We make innovation work
OpenConext Uses • AARnet– Shop front for services to E-Science organization • JISC – JISCM@il services SURFnet - We make innovation work
Collaborative Organisations • Groups • Distributes Services • Attributes, roles and rights Groups are core to collaborationAny collaboration is based on groups. In modern eScience these groups are dynamic and international; Distributed ServicesCOs collaborate around distributes services. Managing and maintaining many SP IdP interconnections is tough; Attributes, roles and rightsRoles and rights are based on Attributes. COs need very different attributes as compared to the attributes provided by the IdPs. SURFnet - We make innovation work
How OpenConext helps • Groups • Distributed Services • Attributes, roles and rights Centralized and external group providersOpenConext provides a centralized group provider and allows linking external group providers; Manage servicesCO SP(s) and IdP connections can be managed centrally, including Access Policies and Attribute Release Policies; AttributesCan be transformed and filtered SURFnet - We make innovation work
Example Cases • Virtual Campus Hub • WeNMR Virtual Campus HubCreate a virtual education portal for a joint programme, consisting of applications made available by the partners involved in that programme, and to which all relevant users have seamless access; WeNMRBringing together research teams in the structural biology and life science area. The project offers a platform integrating services and streamlining the computational approaches necessary for data analysis and structural modelling. SURFnet - We make innovation work
OpenConext - OpenSource • JANUS – SAML Metadata registration • https://github.com/janus-ssp/janus • SimpleSAMLphp Library • https://github.com/simplesamlphp • APIS – Oauth authorization server • https://github.com/OpenConextApps/apis SURFnet - We make innovation work
OpenConext Roadmap • Separate Group management Application • Yet another group manager • Use APIS for Authorization • Add OpenID Connect • Allow Service Providers to use OpenID connect with OpenConext • Step-up authentication as-a-service • A Managed service for multi factor authentication using existing federation infrastructure SURFnet - We make innovation work
Step-up authentication as a Service SURFnet - We make innovation work
More information • SURFconext • OpenConext OpenConext is open for collaboration! OpenConexthttp://www.openconext.org SURFconext http://www.surf.nl/en/services-and-products/surfconext/index.html Pieter.vanderMeulen[at]surfnet.nl SURFnet - We make innovation work