1 / 17

PAPI based federation as a test-bed for a common security infrastructure in EFDA sites

PAPI based federation as a test-bed for a common security infrastructure in EFDA sites. R. Castro , J. Vega , A. Portas, D. R. López, S. Balme , J.M. Theis , P. Lebourg , H. Fernandes , A. Neto , A. Duarte , F. Oliveira , F. Reis , K. Purahoo , K Thomsen , W. Schiller , J. Kadlecsik. Index.

tate
Download Presentation

PAPI based federation as a test-bed for a common security infrastructure in EFDA sites

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme, J.M. Theis, P. Lebourg, H. Fernandes , A. Neto , A. Duarte, F. Oliveira , F. Reis , K. Purahoo , K Thomsen , W. Schiller , J. Kadlecsik

  2. Index • Motivation • Federation as solution • PAPI • PAPI for Federation • EFDA Federation • Future lines

  3. Motivation • Security framework for service access control • Necessity in organizations of sharing resources for collaborative work • Transparency • Simple management

  4. Federation • Set of organizations sharing resources based on: • Trust • Policies agreements • An Authentication and Authorization system • Requirements • Single Sign On • Secure Access • Users Mobility • Simple Management and Scalability • Transparency • Common tools compatibility

  5. PAPI system • Distributed AA system • Authentication Server (AS) • Point of Access (PoA) • Group Point of Access (GPoA) • PAPI Front-End Server • Authentication modules • X.509 certificates • LDAP • SQL • Local file

  6. Authentication data Temporal Signed-URLs Signed-URL Encry-cookie S1 Encry-cookie S2 Encry-cookie Signed-URL Encry-cookie How does it work? Authentication Server PoA HTTP Server S1 HTTP Client PoA HTTP Server S2

  7. Group Point of Access • One credential -> Many resources HTTP Client GPoA 1 1 2 Point of Access Point of Access GPoA 2 Point of Access Point of Access

  8. Front-End Service • Easy services integration • One XML configuration point HTTP Server GPoA PoA PoA HTTP Service PoA HTTP Server

  9. PAPI for Federation • Fulfills federation requirements • Trust among components based on PKI • Client types: • Common web browsers • JAVA applications (JWS supported) • Standard java library (version > 1.5) • RT-HTTPClient • [http://www.innovation.ch/java/HTTPClient/] • jakarta commons-httpclient • [http://jakarta.apache.org/commons/httpclient/] • Service types: • Web page servers • Application servers (example Tomcat) • Wiki integration (XWIKI)

  10. PAPI in a Federated Organization

  11. Federation Architecture • Easy management

  12. Federation Mechanism User Repository Federation WAYF Federation GPoA Federated Organization ? ? Federated Serice Authentication Server Federated Organization Web browser Federated Serice User’s home Organization

  13. EFDA Federation • Starting decision: meeting 28/11/2006 in JET

  14. Coordination • EFDA wiki site • RP -> Authentication and Authorisation Systems • Mail list • efda-federation@ciemat.es • EFDA Jabber

  15. Current State • CEA • Federated, Attributes, Java Apps • EFDA wiki federated !!! • CIEMAT • Federated, Attributes, Java Apps • EFDA • Federating • HAS/KFKI • Federating, Integrating PAPI and Shibboleth • IST • Federated, Attributes, Java Apps • JET • Federated, Attributes, Java Apps

  16. Future lines • Evaluation of results of PAPI - Shibboleth integration • New authentication mechanisms • New services available in the federation • Agreements on polices • Evaluate new coordinated technologies taking advantage of trust and policy agreement

  17. Thank you for your attention R. Castro, J. Vega, A. Portas, D. R. López, S. Balme, J.M. Theis, P. Lebourg, H. Fernandes , A. Neto , A. Duarte, F. Oliveira , F. Reis , K. Purahoo , K Thomsen , W. Schiller , J. Kadlecsik

More Related