logging in or signing up lenggenhager Jancis Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 55 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: October 17, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Authentication and Authorization Infrastructure: Authentication and Authorization Infrastructure Martin Sutter, Head of NetServices Thomas Lenggenhager, Deputy Project Manager AAI Christoph Graf, Head of Network SecurityAgenda: Agenda AAI deployment in Switzerland SWITCHaai key issues AAI & Grid Outlook EUGridPMAMotivation for SWITCHaai: Motivation for SWITCHaai Need for SWITCHaai spawned by Swiss Virtual Campus, a large national e-learning project. About 30 projects developing e-learning contents involving at least three different sites Authentication & Authorization not to be solved by each project individually SWITCHaai Building Blocks: Identity Providers (Home Orgs) Service Providers (Resources) Organizational Framework Interoperation Central Services Funding SWITCHaai Building BlocksOrganizational Framework: SWITCH acts as SWITCHaai Federation service provider Federation membership is based on signed service agreements Organization Organizational FrameworkInteroperation: Interoperation Interoperation Requires agreement on technical details like Standards SAML 1.1 Software versions (as per May 2005) Shibboleth 1.1 for identity providers Shibboleth 1.2.1 for service providers Accepted certificate authorities SWITCHpki plus Thawte, Trustcenter, VeriSign Attribute specification swissEduPersonInteroperation: Attributes: Criteria for attribute specification Start simple, extend as required Common understanding on interpretation Already widely used swissEduPerson Attribute usage by applications Use minimal set required Data protection principle Interoperation Interoperation: AttributesIdentity Provider Integration: Identity Provider Integration AAI-enabled Identity Provider User Directory Authentication System AAI Currently in use in SWITCHaai: Authentication Systems OpenLDAP with CAS or Pubcookie Kerberos AuthN with Active Directory Windows AuthN with IIS User Directory OpenLDAP Active Directory Identity ProvidersIdentity Providers in SWITCHaai: Identity Providers in SWITCHaai Operational AAI Identity Provider ETH Zurich University Zurich SWITCH 110’000 Swiss Higher Ed users have an AAI-Account (≈ 50% of all) Zurich University of Applied Sciences Winterthur AAI Identity Provider getting ready University Hospital Zurich University Lucerne University Fribourg University Berne University Lausanne Identity ProvidersVirtual Home Organization – VHO: Federation Member Identity Provider Resource Owner End User Admin Some end users without identity provider VHO Service @SWITCH User Dir VHO Policy Identity Providers Virtual Home Organization – VHO Integrate end users without Identity Provider Resource owner creates ‘AAI-enabled’ accounts @VHO for users without an identity provider A VHO account is only usable for the resource(s) managed by the resource ownerTypes of Service Providers: Types of Service Providers e-learning libraries other web applications DOIT VITELS Vista@SVC AD Learn & Co Vconf-Reservation SMS-Gateway EZproxy commercial ScienceDirect WebCT@ETHZ OLAT Moodle BSCW Blackboard SwissLex IS-Academia Jobs@BWI ILIAS TWiki eShops Service Providers … 50 ‘shibbolized’ servers 10’000 active AAI UsersService Provider Example: DOIT: Service Provider Example: DOIT University Zurich University Lausanne AAI Identity Provider University Berne AAI Service Provider DOIT: Dermatology Online with Interactive Technology 500 AAI Users Access Rule: IdP = UniZH | UniBE | UniL Affiliation = student studyBranch = medicine studyLevel = 15 Service ProvidersIntegration of „Blackboxes“: Service Providers Integration of „Blackboxes“ AAIportal (open source, GPL) Authentication / authorization gateway Portal functionalities (optional) User management (optional) Adaptors to blackbox applications: WebCT Vista WebCT CE …Central AAI Services: Central Services Central AAI Services Strategy & marketing International contacts Support, consulting, training Providing federation-specific files and configuration guides Operating WAYF server Testing parties (identity provider service provider) Jump-start service Virtual Home Organization ‘Where are you from?’Key Issues in SWITCHaai: Key Issues in SWITCHaai Structure of SWITCHaai Federation Switzerland is strongly federal solve problems at the lowest level coordinate where useful AAI is more than Shibboleth SWITCHaai designed to be extensible policies federation SAML 2 and Shibboleth 2 will allow interoperability with other SAML based infrastructures AAI and Grid: AAI and Grid SWITCHaai concept is ready for Grid integration Current Shibboleth version not yet Grid ready GridShib, an Internet2 project, links upcoming Shibboleth 1.3 with Globus Toolkit 4.1 first phase to be implemented until autumn 2005 second phase to be implemented until second half of 2006 http://grid.ncsa.uiuc.edu/GridShib/ Extension to other n-tier use cases possibleOutlook 2005 – 2007 : Outlook 2005 – 2007 More national AAI related projects supported by federal grants (on matching funds) Non-web browser based service providers (like Grid) Study on AAI and ECTS Study on extending AAI to AAAI accounting, but not limited to billing Integration of federation partners resources from non-members other federations http://www.switch.ch/aaiEUGridPMA: EUGridPMA What the EUGridPMA does A useful job for Grid projects (evaluating CP/CPSs) Impressive PR: made it into eIRG papers (together with TACAR) NREN perspective: NRENs engaging in PKIs need something similar to interwork But we will need more than one assurance level (Grid strength certs and basic strength certs) The predicted future of EUGridPMA: Perish: If they stay Grid-specific Flourish: if they become relevant beyond the Grid Recommendation: NRENs to collaborate and eventually host EUGridPMA activities Terena to play an important role (how about TACAR++?) You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
lenggenhager Jancis Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 55 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: October 17, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Authentication and Authorization Infrastructure: Authentication and Authorization Infrastructure Martin Sutter, Head of NetServices Thomas Lenggenhager, Deputy Project Manager AAI Christoph Graf, Head of Network SecurityAgenda: Agenda AAI deployment in Switzerland SWITCHaai key issues AAI & Grid Outlook EUGridPMAMotivation for SWITCHaai: Motivation for SWITCHaai Need for SWITCHaai spawned by Swiss Virtual Campus, a large national e-learning project. About 30 projects developing e-learning contents involving at least three different sites Authentication & Authorization not to be solved by each project individually SWITCHaai Building Blocks: Identity Providers (Home Orgs) Service Providers (Resources) Organizational Framework Interoperation Central Services Funding SWITCHaai Building BlocksOrganizational Framework: SWITCH acts as SWITCHaai Federation service provider Federation membership is based on signed service agreements Organization Organizational FrameworkInteroperation: Interoperation Interoperation Requires agreement on technical details like Standards SAML 1.1 Software versions (as per May 2005) Shibboleth 1.1 for identity providers Shibboleth 1.2.1 for service providers Accepted certificate authorities SWITCHpki plus Thawte, Trustcenter, VeriSign Attribute specification swissEduPersonInteroperation: Attributes: Criteria for attribute specification Start simple, extend as required Common understanding on interpretation Already widely used swissEduPerson Attribute usage by applications Use minimal set required Data protection principle Interoperation Interoperation: AttributesIdentity Provider Integration: Identity Provider Integration AAI-enabled Identity Provider User Directory Authentication System AAI Currently in use in SWITCHaai: Authentication Systems OpenLDAP with CAS or Pubcookie Kerberos AuthN with Active Directory Windows AuthN with IIS User Directory OpenLDAP Active Directory Identity ProvidersIdentity Providers in SWITCHaai: Identity Providers in SWITCHaai Operational AAI Identity Provider ETH Zurich University Zurich SWITCH 110’000 Swiss Higher Ed users have an AAI-Account (≈ 50% of all) Zurich University of Applied Sciences Winterthur AAI Identity Provider getting ready University Hospital Zurich University Lucerne University Fribourg University Berne University Lausanne Identity ProvidersVirtual Home Organization – VHO: Federation Member Identity Provider Resource Owner End User Admin Some end users without identity provider VHO Service @SWITCH User Dir VHO Policy Identity Providers Virtual Home Organization – VHO Integrate end users without Identity Provider Resource owner creates ‘AAI-enabled’ accounts @VHO for users without an identity provider A VHO account is only usable for the resource(s) managed by the resource ownerTypes of Service Providers: Types of Service Providers e-learning libraries other web applications DOIT VITELS Vista@SVC AD Learn & Co Vconf-Reservation SMS-Gateway EZproxy commercial ScienceDirect WebCT@ETHZ OLAT Moodle BSCW Blackboard SwissLex IS-Academia Jobs@BWI ILIAS TWiki eShops Service Providers … 50 ‘shibbolized’ servers 10’000 active AAI UsersService Provider Example: DOIT: Service Provider Example: DOIT University Zurich University Lausanne AAI Identity Provider University Berne AAI Service Provider DOIT: Dermatology Online with Interactive Technology 500 AAI Users Access Rule: IdP = UniZH | UniBE | UniL Affiliation = student studyBranch = medicine studyLevel = 15 Service ProvidersIntegration of „Blackboxes“: Service Providers Integration of „Blackboxes“ AAIportal (open source, GPL) Authentication / authorization gateway Portal functionalities (optional) User management (optional) Adaptors to blackbox applications: WebCT Vista WebCT CE …Central AAI Services: Central Services Central AAI Services Strategy & marketing International contacts Support, consulting, training Providing federation-specific files and configuration guides Operating WAYF server Testing parties (identity provider service provider) Jump-start service Virtual Home Organization ‘Where are you from?’Key Issues in SWITCHaai: Key Issues in SWITCHaai Structure of SWITCHaai Federation Switzerland is strongly federal solve problems at the lowest level coordinate where useful AAI is more than Shibboleth SWITCHaai designed to be extensible policies federation SAML 2 and Shibboleth 2 will allow interoperability with other SAML based infrastructures AAI and Grid: AAI and Grid SWITCHaai concept is ready for Grid integration Current Shibboleth version not yet Grid ready GridShib, an Internet2 project, links upcoming Shibboleth 1.3 with Globus Toolkit 4.1 first phase to be implemented until autumn 2005 second phase to be implemented until second half of 2006 http://grid.ncsa.uiuc.edu/GridShib/ Extension to other n-tier use cases possibleOutlook 2005 – 2007 : Outlook 2005 – 2007 More national AAI related projects supported by federal grants (on matching funds) Non-web browser based service providers (like Grid) Study on AAI and ECTS Study on extending AAI to AAAI accounting, but not limited to billing Integration of federation partners resources from non-members other federations http://www.switch.ch/aaiEUGridPMA: EUGridPMA What the EUGridPMA does A useful job for Grid projects (evaluating CP/CPSs) Impressive PR: made it into eIRG papers (together with TACAR) NREN perspective: NRENs engaging in PKIs need something similar to interwork But we will need more than one assurance level (Grid strength certs and basic strength certs) The predicted future of EUGridPMA: Perish: If they stay Grid-specific Flourish: if they become relevant beyond the Grid Recommendation: NRENs to collaborate and eventually host EUGridPMA activities Terena to play an important role (how about TACAR++?)