1 / 10

RedIRIS update

RedIRIS updates SCHACing and COPing, recommending SCHAC for schema use. COPA schema gaining momentum. Explore PKIRIS web-based interface for PKIs. PAPI software advances with SP and IdP compatibility. OpenPMI provides tools for open Privilege Management Infrastructure. Opera Oberta enhances live opera multicast with native IPSec on IPv6.

wtobias
Download Presentation

RedIRIS update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Middleware activities at the South-western Border RedIRIS update

  2. SCHACing and COPing • The use of SCHAC is recommended by RedIRIS through its iris-* set of schemas • Since the availability of SCHAC IAD release 1 • The COPA coding schema is gaining momentum • Institutional codes of centers in the national council for scientific research and location-aware services • COPA v2 in beta stage • Enhanced flexibility in virtual view definition • First COPA-aware tools • SiLeDAP: http://sugus.eii.us.es/siledap/ • VOSnav: http://www.irisgrid.es/vosnav/

  3. pkIRIS • A web-based interface for managing PKIs • Based on OpenSSL • Coded in PHP • AA (PAPI and potentially others) aware • Full LDAP backend • Extensibility of operations • Access methods based on COPA codes • In use for the EUGridPMA-accredited Spanish PKI (pkIRISGrid) • Beta distributions in use at CICA and UNED (Spain), REUNA (Chile) and UNAM (Mexico)

  4. PAPI: Software • PAPI 1.4.1 about to be released • Maintenance releases (last version on Apache 1) • PAPI 1.5 in beta testing • phpPoA 2.0 in beta testing • Coherent object mode an enhanced attribute retrieval • Several Java flavors in production • Tomcat filter • JAAS implementation • SAGPoA (AA-RR based) • Rewriting the Java implementation • PAPI-EE and PAPICore • Enhancing the proxy features • Better attribute entanglement

  5. PAPI speaks Shibboleth • Both SP and IdP • Using the tests at http://www.testshib.org/ • First real-usage tests to start next month • The Shib Wiki • Sympa • Elsevier SP • Experimenting with AKAShib configuration • Shibbolized applications can run behind a PAPI PoA without change

  6. PAPI: Community • The federation idea has been soaking minds for quite a long time • The two biggest PAPI-based federation are now interconnected • Several projects for building federated infrastructures • With direct financial support • Similar to the one that brought eduroam • The European fusion community is on the rails • First interconnection CFN-ITER-TJII • Meeting at JET next November

  7. OpenPMI • Aimed for providing the necessary tools to build an open Privilege Management Infrastructure (PMI) according to standards • Authorization service based on attributes certificates • Available at http://openpmi.sourceforge.net/ • Current status • Based on enhancing OpenSSL with attribute certificate support • Collaboration with Adobe • SAML – AC translator • Attribute certificate delegation editor • Visual design of delegation model • Automatic AC generation • Ongoing work • Java and Web Services support • Attribute certificate support in TLS handshake • Attribute certificates in smartcards

  8. AA application to SB in OSIRIS OSIRIS component 1 PoA AA component Liberty protocol OSIRIS component 2 PoA GPoA OpenPMI OSIRIS component N PoA Admin

  9. Opera Oberta • Opera Oberta multicasts live opera performances from Gran Teatre del Liceu http://www.opera-oberta.org/ • 10 Mbps MPEG2 • Dolby Digital • More than 40 institutions in 5 countries • DRM is performed using proprietary technology • Smartcard-based IPSec boxes • Sessions are announced and managed via out-of-band methods

  10. Enhancing Opera Oberta • Native IPSec multicast on IPv6 • Session keys distributed and managed through IKE • Session descriptions stored in LDAP • Session metadata • Session entitlements • Session key material • Several output formats envisaged • Direct LDAP query • SDP • RSS • Currently defining the schema and building initial component prototypes

More Related