Consigna 1 : federated filesharing federation as an afterthought - - PowerPoint PPT Presentation

consigna 1 federated filesharing
SMART_READER_LITE
LIVE PREVIEW

Consigna 1 : federated filesharing federation as an afterthought - - PowerPoint PPT Presentation

Aug 12, 2023 338 likes •787 views

Consigna 1 : federated filesharing federation as an afterthought Victoriano Giralt 1 Luis Melendez 2 1 Central Computing Facility University of Malaga 2 Central Computing Facility University of Cordoba TERENA EuroCAMP Dubrovnik November 14th

slide-1
SLIDE 1

Consigna1: federated filesharing

federation as an afterthought Victoriano Giralt1 Luis Melendez2

1Central Computing Facility University of Malaga 2Central Computing Facility University of Cordoba

TERENA EuroCAMP Dubrovnik November 14th 2007

1

1Consigna is Spanish for left luggage

slide-2
SLIDE 2

Motivation Development Demo Implementation Summary

Outline

1

Motivation

Victoriano Giralt, Luis Melendez Federated applications

slide-3
SLIDE 3

Motivation Development Demo Implementation Summary

Outline

1

Motivation

2

Development

Victoriano Giralt, Luis Melendez Federated applications

slide-4
SLIDE 4

Motivation Development Demo Implementation Summary

Outline

1

Motivation

2

Development

3

Demo

Victoriano Giralt, Luis Melendez Federated applications

slide-5
SLIDE 5

Motivation Development Demo Implementation Summary

Outline

1

Motivation

2

Development

3

Demo

4

Implementation

Victoriano Giralt, Luis Melendez Federated applications

slide-6
SLIDE 6

Motivation Development Demo Implementation Summary

Why a file sharing application?

e-mail is not the best method for exchanging files

Our users need a simple method for file exchange

Victoriano Giralt, Luis Melendez Federated applications

slide-7
SLIDE 7

Motivation Development Demo Implementation Summary

Why a file sharing application?

e-mail is not the best method for exchanging files

Our users need a simple method for file exchange It should be useable by members and non members

Victoriano Giralt, Luis Melendez Federated applications

slide-8
SLIDE 8

Motivation Development Demo Implementation Summary

Why a file sharing application?

e-mail is not the best method for exchanging files

Our users need a simple method for file exchange It should be useable by members and non members It should not be a “black hole”

Victoriano Giralt, Luis Melendez Federated applications

slide-9
SLIDE 9

Motivation Development Demo Implementation Summary

Why a file sharing application?

e-mail is not the best method for exchanging files

Our users need a simple method for file exchange It should be useable by members and non members It should not be a “black hole” It should be easy and unobstrusive

Victoriano Giralt, Luis Melendez Federated applications

slide-10
SLIDE 10

Motivation Development Demo Implementation Summary

Why a file sharing application?

e-mail is not the best method for exchanging files

Our users need a simple method for file exchange It should be useable by members and non members It should not be a “black hole” It should be easy and unobstrusive The browser is THE interface

Victoriano Giralt, Luis Melendez Federated applications

slide-11
SLIDE 11

Motivation Development Demo Implementation Summary

The way to a federated application

from local users to federation

We have evolved the application through several access control methods

Victoriano Giralt, Luis Melendez Federated applications

slide-12
SLIDE 12

Motivation Development Demo Implementation Summary

The way to a federated application

from local users to federation

We have evolved the application through several access control methods User/password AuthN/AuthR at the application level

  • Heavy administration
  • Impedes usage by non members

+ May be used from any location

Victoriano Giralt, Luis Melendez Federated applications

slide-13
SLIDE 13

Motivation Development Demo Implementation Summary

The way to a federated application

from local users to federation

We have evolved the application through several access control methods User/password IP based Location based AuthR

It has the concepts of Inside (organization’s IP space) may upload and download Outside (rest of the Internet) may upload or download Files are password protected

Victoriano Giralt, Luis Melendez Federated applications

slide-14
SLIDE 14

Motivation Development Demo Implementation Summary

The way to a federated application

from local users to federation

We have evolved the application through several access control methods User/password IP based Location based AuthR

+ Low administtative burden + Easy for non members

  • Unuseable for roaming members

Victoriano Giralt, Luis Melendez Federated applications

slide-15
SLIDE 15

Motivation Development Demo Implementation Summary

The way to a federated application

from local users to federation

We have evolved the application through several access control methods User/password IP based WebSSO Centralized AuthN/AuthR

+ Maybe added to IP based control + roaming members location become inside

Victoriano Giralt, Luis Melendez Federated applications

slide-16
SLIDE 16

Motivation Development Demo Implementation Summary

The way to a federated application

from local users to federation

We have evolved the application through several access control methods User/password IP based WebSSO Federated Shibboleth based AuthN/AuthR

+ Lazy sessions allow old behaviour + Collaborating members from

  • ther institutions can be treated

like local members. + Abuse can be traced + Richer AuthR posibilities

Victoriano Giralt, Luis Melendez Federated applications

slide-17
SLIDE 17

Motivation Development Demo Implementation Summary

Best seen than told

  • r one image is worth a thousand words

Let’s see it working

Victoriano Giralt, Luis Melendez Federated applications

slide-18
SLIDE 18

Motivation Development Demo Implementation Summary

The gory details

adding code to connect to the federation

We have based our development on QuiXplorer altering several parts, though not many:

Victoriano Giralt, Luis Melendez Federated applications

slide-19
SLIDE 19

Motivation Development Demo Implementation Summary

The gory details

adding code to connect to the federation

We have based our development on QuiXplorer altering several parts, though not many: IP control added by the University of Basque Country

Victoriano Giralt, Luis Melendez Federated applications

slide-20
SLIDE 20

Motivation Development Demo Implementation Summary

The gory details

adding code to connect to the federation

We have based our development on QuiXplorer altering several parts, though not many: IP control added by the University of Basque Country Interface hints: the green and red dots

Victoriano Giralt, Luis Melendez Federated applications

slide-21
SLIDE 21

Motivation Development Demo Implementation Summary

The gory details

adding code to connect to the federation

We have based our development on QuiXplorer altering several parts, though not many: IP control added by the University of Basque Country Interface hints: the green and red dots Login links

Victoriano Giralt, Luis Melendez Federated applications

slide-22
SLIDE 22

Motivation Development Demo Implementation Summary

The gory details

adding code to connect to the federation

We have based our development on QuiXplorer altering several parts, though not many: IP control added by the University of Basque Country Interface hints: the green and red dots Login links Session info for authenticated access

Victoriano Giralt, Luis Melendez Federated applications

slide-23
SLIDE 23

Motivation Development Demo Implementation Summary

The gory details

Apache configuration

We have used Shibboleth lazy sessions in order to allow for unauthenticated access

Victoriano Giralt, Luis Melendez Federated applications

slide-24
SLIDE 24

Motivation Development Demo Implementation Summary

The gory details

Apache configuration

We have used Shibboleth lazy sessions in order to allow for unauthenticated access <Location /consigna> AuthType shibboleth ShibRequireSession Off require shibboleth </Location>

Victoriano Giralt, Luis Melendez Federated applications

slide-25
SLIDE 25

Motivation Development Demo Implementation Summary

The gory details

Attribute release

We require minimal identity information

Victoriano Giralt, Luis Melendez Federated applications

slide-26
SLIDE 26

Motivation Development Demo Implementation Summary

The gory details

Attribute release

We require minimal identity information Whatever is in REMOTE_USER, as user ID

Victoriano Giralt, Luis Melendez Federated applications

slide-27
SLIDE 27

Motivation Development Demo Implementation Summary

The gory details

Attribute release

We require minimal identity information Whatever is in REMOTE_USER, as user ID If common name is available, we show it

Victoriano Giralt, Luis Melendez Federated applications

slide-28
SLIDE 28

Motivation Development Demo Implementation Summary

The gory details

Code changes and additions

We have modified several files

Victoriano Giralt, Luis Melendez Federated applications

slide-29
SLIDE 29

Motivation Development Demo Implementation Summary

The gory details

Code changes and additions

We have modified several files index.php Inclusion of our function definitions Call of our access control funcion New action definitions for launching login

Victoriano Giralt, Luis Melendez Federated applications

slide-30
SLIDE 30

Motivation Development Demo Implementation Summary

The gory details

Code changes and additions

We have modified several files .include/init.php Added code for session initialization Added code for loading session data into global array

Victoriano Giralt, Luis Melendez Federated applications

slide-31
SLIDE 31

Motivation Development Demo Implementation Summary

The gory details

Code changes and additions

We have modified several files .include/header.php Added code for checking credentials Added code for showing user information Added code for displaying login links

Victoriano Giralt, Luis Melendez Federated applications

slide-32
SLIDE 32

Motivation Development Demo Implementation Summary

The gory details

Code changes and additions

We have modified several files .include/fun_*.php Cosmetic changes Added code for checking credential Added code for checking AuthR Added code for saving credentials in the database

Victoriano Giralt, Luis Melendez Federated applications

slide-33
SLIDE 33

Motivation Development Demo Implementation Summary

The gory details

Code changes and additions

and we have added one file for all our functions .include/luis.php IP address checking Download authorization Checking authentication Displaying AuthR privileges Logout (testing)

Victoriano Giralt, Luis Melendez Federated applications

slide-34
SLIDE 34

Motivation Development Demo Implementation Summary

Summary

At the application level, functionality is improved

Victoriano Giralt, Luis Melendez Federated applications

slide-35
SLIDE 35

Motivation Development Demo Implementation Summary

Summary

At the application level, functionality is improved Normal location related control preserved

Victoriano Giralt, Luis Melendez Federated applications

slide-36
SLIDE 36

Motivation Development Demo Implementation Summary

Summary

At the application level, functionality is improved Normal location related control preserved Identity is optional ⇒ public service

Victoriano Giralt, Luis Melendez Federated applications

slide-37
SLIDE 37

Motivation Development Demo Implementation Summary

Summary

At the application level, functionality is improved Normal location related control preserved Identity is optional ⇒ public service Shibboleth session ⇒ additional privileges

Victoriano Giralt, Luis Melendez Federated applications

slide-38
SLIDE 38

Motivation Development Demo Implementation Summary

Summary

Relating to the integration work

Victoriano Giralt, Luis Melendez Federated applications

slide-39
SLIDE 39

Motivation Development Demo Implementation Summary

Summary

Relating to the integration work Access to the code is definitely a plus

Victoriano Giralt, Luis Melendez Federated applications

slide-40
SLIDE 40

Motivation Development Demo Implementation Summary

Summary

Relating to the integration work Access to the code is definitely a plus Lazy sessions have been great

Victoriano Giralt, Luis Melendez Federated applications

slide-41
SLIDE 41

Motivation Development Demo Implementation Summary

Summary

Relating to the integration work Access to the code is definitely a plus Lazy sessions have been great The task has been both easy

Victoriano Giralt, Luis Melendez Federated applications

slide-42
SLIDE 42

Motivation Development Demo Implementation Summary

Summary

Relating to the integration work Access to the code is definitely a plus Lazy sessions have been great The task has been both easy and fun

Victoriano Giralt, Luis Melendez Federated applications

slide-43
SLIDE 43

Motivation Development Demo Implementation Summary

Summary

Relating to the integration work Access to the code is definitely a plus Lazy sessions have been great The task has been both easy and fun Help accepted at https://forja.rediris.es/projects/tfconsigna

Victoriano Giralt, Luis Melendez Federated applications