1 / 25

Overview

munin
Download Presentation

Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite(including AAF update)James Dalziel & Alan LinProfessor of Learning Technology, and Director, Macquarie E-Learning Centre Of Excellence (MELCOE)Macquarie Universityjames@melcoe.mq.edu.auwww.melcoe.mq.edu.auPresentation for Internet2 Conference, San Diego, USA, Monday 8th October, 2007

  2. Overview • MAMS & AAF update • Other federation collaboration services • IAMSuite • VO Federation management • VOs and workspaces • People picker for finding potential members • National collaboration services

  3. MAMS Testbed Federation http://federation.org.au/FedManager/listMembers.do “Level-2” Federation (at 26/6/07): 21 Service Providers19 Identity Providers (approx 900,000 end users) Growing…

  4. Admin tool: ShARPE IdP Administrators import “service descriptions” and create site & group ARPs 17 - 18 April 2007

  5. User privacy: Autograph Users can view attributes released to a SP and manage User ARPs. 17 - 18 April 2007

  6. Australian Access Federation • The Australian Access Federation project is taking forward the work of the MAMS (Shibboleth) and e-Security (PKI) projects to develop a unified trust federation for higher education and research • Policy and governance • PKI and Shibboleth production rollout • Adoption support, workshops, supporting systems, etc • Overall AAF rollout led by University of Queensland • Macquarie University leading Shibboleth & AusCERT leading PKI

  7. AAF Shib Trust Fed Components 17 - 18 April 2007

  8. Examples of collaboration services • Trusted (secure) repositories (documents, data, media) • DSpace (integration of “traditional” application) • Fedora (native support for SAML, XACML for authorisation) • Others to come • Secure Real-Time Text Chat • Example: Online Librarian • Trusted Gridsphere portal and Virtual Organisation management (“IAMSuite”) • Including access to Grid services via Shibboleth/PKI bridge • Workflow for collaborative research (“RAMS”)

  9. A • A Shibboleth-enabled DSpace repository

  10. A • A “Muradora” - Shibboleth and XACML-based Fedora Repository

  11. A • A Shibboleth-based Secure chat service (Jabber) – Online Librarian

  12. RAMS workflow authoring: Online research group meeting

  13. A • A Shibboleth-based Virtual Organisation system - IAMSuite

  14. IAMSuite Overview • A framework & toolkit for managing a VO Federation under a larger national federation where additional user attributes are managed within VOs. • Core identity attributes come from home IdP each session; only “extras” held in VO • VO attributes can be used for access to VO Federation-only Service Providers, or VO-only features of national Service Providers • IAMSuite provides tools and templates for configuring extra attributes to be released to VO Service Providers, eg for levels of SP authorization (eg, view vs edit wiki) • VO Federation-specific OpenIdP is available (but no access to national federation) • VO members can be selected via "People Picker", a federated IdP search • People Picker & IAMSuite may provide a stronger identity foundation than simple email "roundtrips" for VO invitation/membership (foundation based on current directory attributes, not working email) • Provides email roundtrips as alternative function if no People Picker • Current IAMSuite integrated services such as wikis, instant messaging, document repository, video meeting, shared calendars and MyProxy integration • The V1 beta release is currently available, and the production V1 release is planned for early 2008.

  15. IAMSuite VO Federation Architecture Fed A WAYF VO Fed SP SP IdP SP IdP IAMSuite VO OpenIdP … IdP VO IdP SP SP IdP SP External SP 3 External SP 1 External SP 2

  16. A IAMSuite Toolkit for management of VO Federations and VOs (secure workspaces)

  17. A VO frontpage (right) and components (Services, Content, Roles, Participants - left)

  18. Use PeoplePicker to find a Federation Member.

  19. Configure IdPs to search. Select IdPs from list. Set Search Time-out and limit no. of results to be displayed.

  20. Perform a search based on surname Select the required user information row.

  21. A • A IAMSuite VO: Configuring User Authorisation for Trusted Services

  22. A IAMSuite integration with Grid Portlet for Certificates

  23. MAMS is implementing IAMSuite for VeRSI eResearch projects

  24. National collaboration services? • Current discussion of federation-level (national) provision of basic collaboration services for any eResearch users • For example: • WAYF, People Picker, Virtual Home Organisation (OpenIdP), MyProxy, IAMSuite, Wiki, Mailing List, Shib Instant Messaging, audio & video conf, collaborative activity workflow, etc • Could also provide data federation national services (ANDS “data commons”), eg, Persistent Identifier infrastructure, Data collections registries, National Discovery Service/Authenticated Federated Search, National authorisation fabric, etc • Importance of high availability, redundancy, backup, 24x7 support, helpdesk, etc

  25. NB: Under development • IAMSuite, People Picker, SP integrations/adaptors, etc are all under current development • Final version may resemble current screenshots • IAMSuite & People Picker V1 production release late 07/early 08 • Muradora V1 production release this week • RAMS (collab workflow) out already, Shib to come soon • Online Librarian (Shib Jabber) out already

More Related