centralized authorization in non uniform federation
play

Centralized Authorization in Non-Uniform Federation Communities of - PowerPoint PPT Presentation

Aug 28, 2023 •347 likes •498 views

FERMILAB-SLIDES-18-105-CD Centralized Authorization in Non-Uniform Federation Communities of Interest Olga Terlyga NLIT 2018 May 22, 2018 This manuscript has been authored by Fermi Research Alliance, LLC under Contract No. DE-AC02-07CH11359

  1. FERMILAB-SLIDES-18-105-CD Centralized Authorization in Non-Uniform Federation Communities of Interest Olga Terlyga NLIT 2018 May 22, 2018 This manuscript has been authored by Fermi Research Alliance, LLC under Contract No. DE-AC02-07CH11359 with the U.S. Department of Energy, Office of Science, Office of High Energy Physics. This manuscript has been authored by Fermi Research Alliance, LLC under Contract No. DE-AC02-07CH11359 with the U.S. Department of Energy, Office of Science, Office of High Energy Physics.

  2. Centralized Authorization • Why do we care? • What should we do? ----------------------------- OFermilab 2 5/22/2018 Olga Terlyga | NLIT 2018

  3. (Semi) Open Science Scientific process is based on free exchange of ideas. Scientific collaborations require us to be more open than ever, while emphasis on cyber security puts pressure to become more closed off . The role of IT is to enable exchange of ideas and data balanced with security concerns. Non-Scientific resources Exchange of information happens and is necessary in many other areas of Laboratory operations ----------------------------- OFermilab 3 5/22/2018 Olga Terlyga | NLIT 2018

  4. Global collaboration era 9 Centro Bras il eiro de Pesquisa .. . 9 Aligarh Mus li m Uni ve rsi ty Hor .. . 9 Fermilab 9 Universi ty of Florida 9 Universi ty of Geneva 9 Universidad De Guanajuato 9 Hampton Uni ve rsi ty 9 Massachusetts Co ll ege Of Li .. . 9 Indian Inst i tute of Sc ience Ed .. . 9 Northwestern Uni ve rsi ty 9 Oregon State Uni ve rsi ty 9 Otte rbein Uni ve rsi ty North Ar/antic 9 Pontifica l Catho li c Universi ty .. Oce1n 9 Uni ve rsi ty of Pi ttsbu r gh 9 Uni ve rsi ty of Rochester 9 Rutger s-New Br unsw i ck 9 Tufts Uni ve rsi ty 9 Universi ty of Minnesota Dul uth 9 National Uni ve rsi ty of Engine .. . 9 Universidad Tecnica Feder ico Sourh .. . Pacific 9 Ewell Ha ll Ocean Sc ulhA frtca 9 Universi ty of Oxford 9 Universi ty of Mississippi 9 Universi ty of Pennsylvania 9 Universi ty ofW roct aw Southern MINERVA collaboration OFermilab 4 5/22/2018 Olga Terlyga | NLIT 2018

  5. Global collaboration era OSG Computing Grid \ Extreme Science and Englnei!rlng Discovery Environment OFermilab 5 5/22/2018 Olga Terlyga | NLIT 2018

  6. Access = Authentication + Authorization Accountability Access always needs to be managed Even open science is not 100% open OFermilab 6 5/22/2018 Olga Terlyga | NLIT 2018

  7. On Premise => More Control ...... , • On premise authentication – Typically Single Sign-On – Maybe LDAP – … • On premise authorization – Active Directory Security groups – Individual Service Provider’s Database – Identity Management – … -------------------------- OFermilab 7 5/22/2018 Olga Terlyga | NLIT 2018

  8. On Premise => Constraints • Users don’t want to maintain another set of credentials – Passwords – Usernames – Registration process • Admins don’t want to maintain another set of credentials – Expirations dates – Source of truth – HR involved in registration process – Short lived accounts – Price? ----------------------------- OFermilab 8 5/22/2018 Olga Terlyga | NLIT 2018

  9. Federation O Federati ons 1 11 eduGA I N Me mbers 51 Each person is uniquely identified within organization and within Federation Vo ting- on ly 5 Me mbers 13 Candidates Federation A Metadata Service ldPs 2711 SPs 1 947 Standalone AAs 6 Federation C Service Provider ----------------------------- OFermilab 9 5/22/2018 Olga Terlyga | NLIT 2018

  10. Federation 0 Invaluable collaboration tool! IdP Federation A Metadata • Placing every SP in federation is not practical • Each SP maintains authorization data? • Not every IdP is in Federation Service Provider Federation C C) IdP 0 IdP Are there possibilities here for centralized authorization? OFermilab 10 5/22/2018 Olga Terlyga | NLIT 2018

  11. Identity and Access Management products Typically "°""- + l•VSJNHSSUIITl - • Portal style - . ,~I Roamb i ORACLE t3 workday sen,,cem,w • Combine Authentication and Authorization -- splun k> - Go, ig le EJ G Mail J!:i Calendar • More useful in self contained C. a 0ne0nve Ill• Outlook P' c1TR1x l:nc organizations Go i le L. ,.,, "' o," Some do integrate with federations Y<JIRA EGN * TE Yammer· " Do \A , G .> gl Password fare Pi.1 G Cisco ex OFermilab 11 5/22/2018 Olga Terlyga | NLIT 2018

  12. Federation Hub This looks more centralized from Authentication point of view. External On-premise SP IdP External On-premise SP On-premise IdP IdP External On-premise SP IdP ----------------------------- OFermilab Are there possibilities here for centralized authorization? 12 5/22/2018 Olga Terlyga | NLIT 2018

  13. Centralized Authorization in Non-Uniform Federation Communities of Interest What should we do? ----------------------------- OFermilab 13 5/22/2018 Olga Terlyga | NLIT 2018

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without authorization Authorization in Oxford Advanced Learner's Dictionary Object-oriented Databases authorization is the concept of allowing

70 views • 6 slides
Curriculum on The Cadet Corps Uniform Class A Uniform Class A Uniform Agenda C1. Class A

Curriculum on The Cadet Corps Uniform Class A Uniform Class A Uniform Agenda C1. Class A

Curriculum on The Cadet Corps Uniform Class A Uniform Class A Uniform Agenda C1. Class A Uniform CLASS A UNIFORM C1. Wear the Class A Uniform to standard. Class A Uniform Known as Black Service Uniform or Class A Worn mainly

502 views • 14 slides
Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably Authorization answers the question who is allowed to do what ? A first step in the development of an access control system is the

651 views • 53 slides
1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel

1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel

1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel Expense 4. Travel Regulations 2 Travel Authorization (See Next Slide for Detailed Steps) 2. Trip Information goes here 1. Budgetary Coding goes

319 views • 11 slides
Curriculum on The Cadet Corps Uniform Wear It WIth honor Class C Uniform Class C Uniform

Curriculum on The Cadet Corps Uniform Wear It WIth honor Class C Uniform Class C Uniform

Curriculum on The Cadet Corps Uniform Wear It WIth honor Class C Uniform Class C Uniform Agenda B1. Class C Uniform CLASS C UNIFORM B1. Wear the Class C Uniform to standard. Class C Uniform Fully described in CR 1-8, Chp. 8 Headgear

185 views • 14 slides
Winter Uniform If out of uniform students must present a note of explanation to their Year Level

Winter Uniform If out of uniform students must present a note of explanation to their Year Level

Student Presentation Policy February 01, 2018 Summer Uniform If out of uniform students must present a note of explanation to their Year Level Coordinator who will issue a uniform pass. Summer Uniform (Terms 1&amp;4) - Academic The summer

421 views • 3 slides
OVERVIEW 1 What is the Uniform Guidance? Rules that set uniform standards for the award and

OVERVIEW 1 What is the Uniform Guidance? Rules that set uniform standards for the award and

Uniform Guidance Procurement Requirements for NC Local Governments Norma Houston NC State Treasurers Conference June 26, 2018 OVERVIEW 1 What is the Uniform Guidance? Rules that set uniform standards for the award and expenditure of

731 views • 28 slides
Uniform Guidance aka UG, UniGui HUGE: CSU Harnessing Uniform Guidance Effectively An update

Uniform Guidance aka UG, UniGui HUGE: CSU Harnessing Uniform Guidance Effectively An update

Uniform Guidance aka UG, UniGui HUGE: CSU Harnessing Uniform Guidance Effectively An update for SFSU Faculty and Staff Uniform Guidance Most significant change in research administration in 50 years Uniform Guidance Reform History Feb

673 views • 33 slides
Non-Uniform Computation Lecture 10 Non-Uniform Computational Models: Circuits 1 Non-Uniform

Non-Uniform Computation Lecture 10 Non-Uniform Computational Models: Circuits 1 Non-Uniform

Non-Uniform Computation Lecture 10 Non-Uniform Computational Models: Circuits 1 Non-Uniform Computation 2 Non-Uniform Computation Uniform: Same program for all (the infinitely many) inputs 2 Non-Uniform Computation Uniform: Same program

1.36k views • 107 slides
Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It

Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It

Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It is designed to : Assist in benefit determination Prevent unanticipated denials of coverage Create a collaborative approach to

187 views • 18 slides
MAZENOD COLLEGE STUDENT PRESENTATION POLICY SUMMER UNIFORM If out of uniform students must

MAZENOD COLLEGE STUDENT PRESENTATION POLICY SUMMER UNIFORM If out of uniform students must

MAZENOD COLLEGE STUDENT PRESENTATION POLICY SUMMER UNIFORM If out of uniform students must present a note of explanation to their Year Level Coordinator who will issue a uniform pass. Summer Uniform (Terms 1 &amp; 4) - Academic The summer

305 views • 3 slides
Work Authorization Documents Work Authorization Document Control Account Information Control

Work Authorization Documents Work Authorization Document Control Account Information Control

Work Authorization Documents https://cametoolbox.fnal.gov/Project/WADReports?ProjectName=HL-L... Work Authorization Documents Work Authorization Document Control Account Information Control Account Manager: 10629N Nobrega, Fred Control

56 views • 5 slides
UNIFORM PROPOSAL CONTENTS 4 UNIFORM REFLECTIVE TAPE 12 11 10 9 8 6 5 3 UNIFORM

UNIFORM PROPOSAL CONTENTS 4 UNIFORM REFLECTIVE TAPE 12 11 10 9 8 6 5 3 UNIFORM

Veronica Namane Director Cell: 0828212177 veronica @afriuniforms.co.za www.afriuniforms.co.za national number: 0861-4-32433 Admin and training: Blyvooruitzicht 116, LR Farm, Portion 4, Western Deep Levels, Carletonville UNIFORM PROPOSAL

139 views • 12 slides
European Ranger Federation Under the umbrella of the IRF The European Ranger Federation

European Ranger Federation Under the umbrella of the IRF The European Ranger Federation

European Ranger Federation Under the umbrella of the IRF The European Ranger Federation was formed in May 2017 to network rangers across Europe. European Ranger Federation current ERF members include: Albania Austria Croatia

411 views • 13 slides
Centralized Customer Service System Update Centralized Customer Service System (CCSS) C a p t u r

Centralized Customer Service System Update Centralized Customer Service System (CCSS) C a p t u r

Centralized Customer Service System Update Centralized Customer Service System (CCSS) C a p t u r e P r o c e s s Lane R e c o r d Customer Account Industry Forum April 25 th 26 th Marriott Hotel, Tampa International Airport Agenda April

517 views • 15 slides
Remote File Access: Problems and Solutions Authentication and authorization Performance

Remote File Access: Problems and Solutions Authentication and authorization Performance

Remote File Access: Problems and Solutions Authentication and authorization Performance Synchronization Robustness Lecture 13 CS 111 Page 1 Summer 2013 Authorization and Authentication Authorization is determined if someone

886 views • 41 slides
1.

1.

1. Focus+Context Taken Literally Kosara, R., Miksch, S., and Hauser, H. Focus+Context Taken Literally, IEEE Computer Graphics and Application. Jan/Feb

98 views • 8 slides
Affine hypersurfaces with warped product structure Miroslava Anti c University of Belgrade

Affine hypersurfaces with warped product structure Miroslava Anti c University of Belgrade

Affine hypersurfaces with warped product structure Miroslava Anti c University of Belgrade joint work with Franki Dillen, Kristof Schoels and Luc Vrancken p. 1/37 M n +1 hypersurface in the affine space R n +1 D

557 views • 37 slides
jlint Group 5: David Bangerter Matt Laroche Melissa Ludowise Ben McCann Overview Two

jlint Group 5: David Bangerter Matt Laroche Melissa Ludowise Ben McCann Overview Two

jlint Group 5: David Bangerter Matt Laroche Melissa Ludowise Ben McCann Overview Two parts: antic checks syntax jlint checks semantics Binaries available for Windows, source provided Didnt compile initially on

553 views • 6 slides
Concept and life of a National Focal Point Libra Librarian Work orkshop / / Libr Libraria

Concept and life of a National Focal Point Libra Librarian Work orkshop / / Libr Libraria

Concept and life of a National Focal Point Libra Librarian Work orkshop / / Libr Libraria ians as as Inst Institutional l Foc Focal al Poin Points TUES TU ESDAY 28 28 MARCH, , Uni niversit F Flix ix Hou ouphout Boi

465 views • 14 slides
n

n

!&quot;#$% n &amp;

193 views • 3 slides
Acknowledgments: One of the most dense objects in Universe: Neutron stars R~10km and M~1.5 M

Acknowledgments: One of the most dense objects in Universe: Neutron stars R~10km and M~1.5 M

The crust-core transition and the stellar matter equation of state Helena Pais CFisUC, University of Coimbra, Portugal Nuclear Physics, Compact Stars, and Compact Star Mergers YITP, Kyoto, Japan, October 17-28, 2016 In collaboration with C.

384 views • 27 slides
On Path-Centric Navigation and Search Techniques for Personal Knowledge Stored in Topic Maps

On Path-Centric Navigation and Search Techniques for Personal Knowledge Stored in Topic Maps

On Path-Centric Navigation and Search Techniques for Personal Knowledge Stored in Topic Maps Outline Introduction Preconditions and the Model Navigation inside Topic Maps Search based on Topic Selection 2 Jens Heider TMRA 07

557 views • 29 slides
Schema Matching in a Large Scale Schema Matching in a Large Scale Personal Schema Based Querying

Schema Matching in a Large Scale Schema Matching in a Large Scale Personal Schema Based Querying

Schema Matching in a Large Scale Schema Matching in a Large Scale Personal Schema Based Querying Personal Schema Based Querying Marko Smiljani , Maurice van Keulen, Willem Jonker Dutch Dutch-Belgian Database Day Belgian Database Day -

442 views • 25 slides

More recommend