a study of credential integration model in academic
play

- PowerPoint PPT Presentation

Mar 28, 2024 •104 likes •282 views

A"Study"of"Credential"Integration"Model" in"Academic"Research"Federation" Supporting"a"Wide"Variety"of"Services International,Symposium,Grids,&,Clouds,2018 20 th

  1. A"Study"of"Credential"Integration"Model" in"Academic"Research"Federation" Supporting"a"Wide"Variety"of"Services International,Symposium,Grids,&,Clouds,2018 20 th – 23 rd March,2018 Academia,Sinica,,Taipei,,Taiwan Eisaku SAKANE,,Takeshi,NISHIMURA,,Kento Aida,,Motonori NAKAMURA National,Institute,of,Informatics,,Japan

  2. Outline • Introduction-to-GakuNin and-HPCI • Issues • Consideration of-credential-integration • Related-works • Summary 2

  3. An#Academic#Identity#Federation#in#Japan SP E=Journals Lib#Services Web#mail Groupware E=Learning Academic#Federations# have#been#established#per# country#basis GakuNin Steering&Committee Discovery&Service Registration&Sys. • Federation&Policy • IdP Auditing Metadata&Repo. Info.&Web&Site • Promotion IdP Univ.#A Univ. B Univ. C Reduction#of#ID#management# Seamless#access#with# Easy#Access#from#out# cost, SSO of#Campus Improvement#of#security Content&Services Application&Services Admin& eLearning Services Most&of& ePortfolio Major& Publishers Foodle 3 3

  4. HPCI:&High&Performance&Computing&Infrastructure Supercomputer centers (IdP & IdM) MICS9based&CA cert. related&system PI getting proxy&cert.&with&Shibboleth :&Communication&w/&Shibboleth GSI9enabled&SSH&login Researcher HPCI&authentication&system&features&include: • Single&user&ID&and&multiple&accounts&called&HPCI9ID,&HPCI&and&local&accounts • HPCI&accounts&are&managed&by&identity&providers. • A&hierarchical&initial&identity&vetting&system&based&on&face9to9face&meetings&with&photo9IDs • Two&kinds&of&credentials&for&services&in&HPCI: • Shibboleth&assertion&for&Web&services:&certificate&issuance,&CMS,&etc. • GSI&proxy&certificate&for&access&to&supercomputers&and&storages 4

  5. Difference(between(HPCI(and(Gakunin • What(is(difference(between(HPCI(and(Gakunin? • IdP in(HPCI(is(different(from(IdP in(Gakunin: • Gakunin IdP is(managed(by(an(academic(institution(and(covers(all(constituent(members(of(its( academic(institution. • HPCI(IdP is(managed(by(a(supercomputer(center((university(or(institute)(and(covers(only(HPCI( users(who(are(not(only(academic(researchers(but(also(industrial(ones. • Why(did(HPCI(build(dedicated(IdPs ? • HPCI(IdP has(to(satisfy(a(strict(LoA imposing(identity(vetting(via(a(faceFtoFface(meeting. • HPCI(IdP needs(to(cover(industrial(researchers. • HPCI(is(not(a(common(service(to(all(constituent(members(of(an academic(institution(like(eF Journals. • Only(if(HPCI(users(are(academic(ones,(at(least(HPCI(and(Gakunin IdPs should(be( integrated. 5

  6. Guiding question • How.do.we.integrate.HPCI.IdP and.GakuNin IdP in.order.that. academic.users.only.need.to.manage.one.credential? • We.select.GakuNin IdP as.primary.identity.provider.because.GakuNin IdP is.operated.by.home.organization that.user.belongs.to. • How do.we.apply.a.credential.issued.by.GakuNin IdP to.HPCI.services? 6

  7. 国立情報学研究所 Shibboleth SAML GSI 職員証 情報 研太郎 Authentication+flow+in+HPCI registered+data Initial+Identity Vetting Check C Name �������������� C Affiliation �������������������� Shibboleth+IdP HPCI+account+issuing+(IdP) S h i b b o l e t h + S P myproxyClogon Certificate+issuing bridging as+a+Web+service g s i C l o g i n Supercomputers, Storages 7

  8. 情報 Shibboleth SAML GSI 国立情報学研究所 研太郎 職員証 Possibilities)for)GakuNin credential)application registered)data Initial)Identity Vetting Check E Name �������������� E Affiliation �������������������� Shibboleth)IdP HPCI)account)issuing)(IdP) S h i b b o l e t h ) S P myproxyElogon Certificate)issuing bridging as)a)Web)service g s i E l o g i n Supercomputers, Storages 8

  9. 国立情報学研究所 Shibboleth SAML GSI 職員証 情報 研太郎 Possibilities)for)GakuNin credential)application registered)data Initial)Identity Vetting Check C Name �������������� C Affiliation �������������������� Shibboleth)IdP HPCI)account)issuing S h i b b o l e t h ) S P We)consider)applying)the)GakuNin credential)to)the)initial)identity) myproxyClogon Certificate)issuing bridging as)a)Web)service vetting)in)HPCI)IdM. g s i C l o g i n Supercomputers, Storages 9

  10. Basic&idea: Initial&identity&vetting&with&external&credential IdM Trusted&Third&Party&(CA,&IdP,&…) 0.&Agree&with&cooperation 2.&Inquiry&about&the&applicant identity&vetting&based& notifying&the&applicant on&an&LoA of the inquiry 1.&Presenting& some credential an&applicant generalized our previous&work,&PoS(ISGC2017)009 10

  11. Initial'identity'vetting'with'credential'issued'by' GakuNin IdP HPCI'IdM GakuNin IdP 0.'Agree'with'cooperation 2.'Shibboleth'authentication the'applicant'already has the account. 1.'Access'to'a'Web'service'for'initial'vetting an'applicant generalized our previous'work,'PoS(ISGC2017)009 11

  12. Initial'identity'vetting'with'credential'issued'by' GakuNin IdP (Cont’d) HPCI'IdM GakuNin IdP 0.'Agree'with'cooperation 2.'Shibboleth'authentication the'applicant'already 2.1.'The'IdP authenticates'the'applicant. has the account. 2.2.'The'IdP confirms'whether'the applicant allows'the'IdP to'send'the'required' attributes'to'the'IdM. 2.3. The'IdM can'check'the'identity'data'against' the'information'provided'by'the IdP. an'applicant generalized our previous'work,'PoS(ISGC2017)009 12

  13. 情報 職員証 研太郎 国立情報学研究所 Discussion • Do the+proposed+procedure+provide+the+same+level of assurance? • HPCI+IdM must+vet+the+identity+of+user+based+on+a+face<to<face+meeting+with+a+ photo<ID. The+user+present+her/his+photo<ID+issued+by+ GakuNin IdP (University) home+university. �������������� �������������������� The+proposed+procedure+can+intuitively+be+regarded++the+same+ as+the+initial+identity+vetting+based+on+a+face<to<face+meeting. 13

  14. Discussion((Cont’d) • Another(possibility(of(GakuNin crendential application. • Due to the end of GSI support, HPCI needs to reconsider the authentication and authorization system in HPCI to access to supercomputers(and(storages. • Credential(for(Web(services(may(be(changed(by(new(AA(system(in(HPCI. • However(the(GakuNin credential application(to initial identity(vetting(will( remain(almost(unchanged. 14

  15. Related'Works • AARC'Blueprint'Architecture • Snctfi from'AARC’s'policy'work 15

  16. Summary • We)introduced)authentication)infrastructures,)GakuNin and)HPCI. • We)proposed)a)credential)integration)model)in)which)GakuNin credential)(SAML)assertion))can)be)used)to)the)initial)identity)vetting) in)HPCI. • Our)approach)can)be)extended)to more general)case. • Our approach)should)be)corroborated)with)a)trust)framework. 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CREDENTIAL, ADJUNCT AND OVERLOAD PROCESS-ACADEMIC AFFAIRS REQUIREMENTS May 29 th , 2020

CREDENTIAL, ADJUNCT AND OVERLOAD PROCESS-ACADEMIC AFFAIRS REQUIREMENTS May 29 th , 2020

CREDENTIAL, ADJUNCT AND OVERLOAD PROCESS-ACADEMIC AFFAIRS REQUIREMENTS May 29 th , 2020 CREDENTIAL PROCESS May 29 th , 2020 CREDENTIAL STEPS 1. Original Transcripts sent to CAFA (Dr. Taylors Office: Curriculum, Assessment and Faculty

470 views • 16 slides
A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed

A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed

A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research International Symposium on Grids &amp; Clouds 2016 15 March 2016 Academia Sinica, Taipei, Taiwan Eisaku

503 views • 17 slides
Academic Integration What have we learned, where do we need to go? What is the definition of

Academic Integration What have we learned, where do we need to go? What is the definition of

Academic Integration What have we learned, where do we need to go? What is the definition of Integration? The power of contextualization u Increased interest by students with academic concepts u Improvement in academic understandings related to

425 views • 26 slides
SINGLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

SINGLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

SINGLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk, Director Dora Apodaca, Credential Analyst Evelyn Martinez, Office Coordinator Leah Sosnowski, Credential Analyst Meredith West, Credential Analyst

573 views • 14 slides
MULTIPLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

MULTIPLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

MULTIPLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk, Director Dora Apodaca, Credential Analyst Evelyn Martinez, Office Coordinator Leah Sosnowski, Credential Analyst Meredith West, Credential Analyst

502 views • 14 slides
Introduction to Intl Credential Evaluation 10/30/2013 Introduction to International Credential

Introduction to Intl Credential Evaluation 10/30/2013 Introduction to International Credential

Introduction to Intl Credential Evaluation 10/30/2013 Introduction to International Credential Evaluation Shelby L. Cearley Texas Tech University Office of Graduate &amp; International Admissions Todays Session Agenda A brief roadmap

372 views • 5 slides
Case Method and Integration of Academic Activities T. Grandon Gill Professor grandon@usf.edu

Case Method and Integration of Academic Activities T. Grandon Gill Professor grandon@usf.edu

Case Method and Integration of Academic Activities T. Grandon Gill Professor grandon@usf.edu Overview What is the case method? Pedagogy Different types of case study and how they are used Facilitating case discussions in the

731 views • 30 slides
PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A

PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A

RSA LABS PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A credential management service that allows individuals and employees to securely and seamlessly access any app from any device. 2 RHAPSODY

239 views • 9 slides
3D MODEL INTEGRATION FROM DESIGN TO INSPECTION AND CONSTRUCTION Christopher Dietz DLZ

3D MODEL INTEGRATION FROM DESIGN TO INSPECTION AND CONSTRUCTION Christopher Dietz DLZ

3D MODEL INTEGRATION FROM DESIGN TO INSPECTION AND CONSTRUCTION Christopher Dietz DLZ Industrial Surveying, Inc. Todd Harr DTS Digital Tek Service Corp. October 2, 2018 3D Model Integration From Design to Inspection and

229 views • 5 slides
The C Credential D Doc octor or i is In s In: : Ask sk Your Your C Col olleague ues

The C Credential D Doc octor or i is In s In: : Ask sk Your Your C Col olleague ues

The C Credential D Doc octor or i is In s In: : Ask sk Your Your C Col olleague ues TAICEP 30 April 2020 2 To Todays Pre resent nters rs Shereen Mir- Shelby Cearley Barbara Glave Bettina Smegi Jabbar Senior

409 views • 37 slides
The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education

The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education

7/17/2019 The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education Society of Actuaries What it is A credential for those in actuarial support roles Exams because that is what we do Code of

328 views • 6 slides
The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education

The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education

The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education Society of Actuaries What it is A credential for those in actuarial support roles Exams because that is what we do Code of Conduct

304 views • 5 slides
CLARITY-BPA: Data integration, analysis and interpretation of eight academic studies J errol d J.

CLARITY-BPA: Data integration, analysis and interpretation of eight academic studies J errol d J.

CLARITY-BPA: Data integration, analysis and interpretation of eight academic studies J errol d J. Heindel, Scott Belcher, Jodi A. Flaws, Gail S. Prins, Shuk-Mei Ho, Jiude Mao, Heather B. Patisaul, William Ricke, Cheryl S. Rosenfeld, Ana M. Soto,

179 views • 13 slides
Registration and Credential Repository (RCR) Review Matthew Boron, RPh PMB, CTEP, NCI February

Registration and Credential Repository (RCR) Review Matthew Boron, RPh PMB, CTEP, NCI February

Registration and Credential Repository (RCR) Review Matthew Boron, RPh PMB, CTEP, NCI February 25, 2020 Goals and Objectives Describe why the Registration and Credential Repository was implemented Explain requirements and how to access

562 views • 45 slides
California Independent System Operator Renewable Integration Study Clyde Loutan Proposed

California Independent System Operator Renewable Integration Study Clyde Loutan Proposed

California Independent System Operator Renewable Integration Study Clyde Loutan Proposed Transmission Plan for Integration of Renewables Transmission System Analysis - Overview Joint Study between the CAISO and GE Consulting Study

512 views • 20 slides
CTE/ACADEMIC INTEGRATION Scotland County Schools Vision To Graduate All Students College and

CTE/ACADEMIC INTEGRATION Scotland County Schools Vision To Graduate All Students College and

CTE/ACADEMIC INTEGRATION Scotland County Schools Vision To Graduate All Students College and Career Ready DESIRED OUTCOMES By the end of this workshop we will: Understand Lexile Levels in Reading and Quantile Framework for Math

166 views • 16 slides
Social Media apart, together Gabriela Avram Introduction to Digital Media 2017 Social

Social Media apart, together Gabriela Avram Introduction to Digital Media 2017 Social

Social Media apart, together Gabriela Avram Introduction to Digital Media 2017 Social Media p the use of web-based and mobile technologies to turn communication into an interactive dialogue. p &quot;a group of Internet-based

856 views • 51 slides
Co-Protg: Motivation To have a platform to develop an ontology in a collaborative fashion

Co-Protg: Motivation To have a platform to develop an ontology in a collaborative fashion

CO-Protg : A Groupware Tool for Supporting Collaborative Ontology Design with Divergence Alicia Daz 1,2 , Guillermo Baldo 1 1 Lifia, UNLP, La Plata, Argentina 2 Loria, Nancy, France Co-Protg: Motivation To have a platform to develop

426 views • 13 slides
Support the development of object oriented, synchronous, interactive, and complex

Support the development of object oriented, synchronous, interactive, and complex

COAST An Open Source Smalltalk Framework to Build Synchronous Collaborative Applications Jan Schmmer, Till Schmmer, Christian Schuckmann GMD - IPSI, Darmstadt, Germany intelligent views, Darmstadt, Germany

479 views • 30 slides
2019 Leadership Workshop Saturday, July 20 9 AM Central Office Auditorium MCSPO Annual Meeting

2019 Leadership Workshop Saturday, July 20 9 AM Central Office Auditorium MCSPO Annual Meeting

Madison County Schools Parent Organization 2019 Leadership Workshop Saturday, July 20 9 AM Central Office Auditorium MCSPO Annual Meeting Agenda Main Topics Financial Operations Non-profit Status and Requirements Policies and

1.18k views • 81 slides
AA enabling a closed source legacy application Jan Du Caju ICT security officer K.U.Leuven

AA enabling a closed source legacy application Jan Du Caju ICT security officer K.U.Leuven

EuroCAMP 15nov2007 AA enabling a closed source legacy application Jan Du Caju ICT security officer K.U.Leuven Belgium Jan.DuCaju@icts.KULeuven.be EuroCAMP 15nov2007 AA enabling a closed source legacy application Introduction: context

426 views • 26 slides
Meeting tutorial Allen Dutoit dutoit@in.tum.de Technische Universitt Mnchen Institut fr

Meeting tutorial Allen Dutoit dutoit@in.tum.de Technische Universitt Mnchen Institut fr

Meeting tutorial Allen Dutoit dutoit@in.tum.de Technische Universitt Mnchen Institut fr Informatik Lehrstuhl fr Angewandte Softwaretechnik (Prof. Bruegge) Overview: communication, part 2 Now that we use groupware, why meet?

603 views • 13 slides
Reducing GHGs with ICTs Entretien Jacques Cartier November 20th 2012 Myriam Blais, MFE Outlook

Reducing GHGs with ICTs Entretien Jacques Cartier November 20th 2012 Myriam Blais, MFE Outlook

Reducing GHGs with ICTs Entretien Jacques Cartier November 20th 2012 Myriam Blais, MFE Outlook Green ICTs ICTs carbon footprint and ways to reduce it (actions in Smart 2020 report and actions in Quebec) Greening with ITCs

611 views • 36 slides
An Open Source tool helps a global community of professionals

An Open Source tool helps a global community of professionals

An Open Source tool helps a global community of professionals shift from traditional contacts and annual meetings to continuous interaction on the web

505 views • 37 slides

More recommend