de provisioning necessity even in proxy idp sp
play

De-provisioning - necessity even in proxy IdP/SP architecture Slvek - PowerPoint PPT Presentation

Jul 29, 2023 •49 likes •169 views

De-provisioning - necessity even in proxy IdP/SP architecture Slvek Licehammer slavek@ics.muni.cz EGI Conference 2019 06. 05. 2019 AARC Blueprint Architecture 2 Proxy architecture Easy way to connect services Persistent identity

  1. De-provisioning - necessity even in proxy IdP/SP architecture Slávek Licehammer slavek@ics.muni.cz EGI Conference 2019 06. 05. 2019

  2. AARC Blueprint Architecture 2

  3. Proxy architecture ● Easy way to connect services ● Persistent identity for each user ● Harmonized attributes ● Authorization on proxy level ● Approval of AUP, data release, etc. ● All is done during sign in of a user 3

  4. Services with extra requirements ● Some services needs to know user upfront or know when the user is no longer authorized ● Mailing list ● Cloud platforms ● Data storages ● VOMS ● Collaborative tools ● ... 4

  5. Provisioning & deprovisioning ● Method to deliver user information to services ○ Access rights ○ Authorization informations (groups, roles) ○ User attributes (name, e-mail, …) ● Triggered without direct user interaction ● Services react accordingly ○ Creating accounts ○ Updating local user information ○ Disabling or deleting account 5

  6. Benefits of (de-)provisioning ● Database of access rights for all users and services ● Database of which data released to services ○ GDPR ● Deprovisioning can be used to disable account when it have been compromised ● Provision access tokens for non-web access ○ SSH keys 6

  7. Implementation ● Transfer model ○ Periodic pull ○ Push model ● Transferred dataset ○ Changeset only ■ Need to ensure consistency ○ Full state ■ May have performance issues ● Protocols ○ LDAP, VOOT, SCIM, JSON, XML, OIDC, ... 7

  8. Identity and access management ● Identity and access management ○ source for (de-)provisioned data ● Support for user life-cycle ○ Registration / import, expiration, renewal ○ Support also on service side ● Support for access management ○ Group, entitlements, capabilities management ○ Configurable provisioning to services 8

  9. AARC Blueprint Architecture 9

  10. ● Identity and access management ● (De-)provisioning engine ● Open-source (https://perun-aai.org) ● Major deployment: ELIXIR, EGI, GÉANT ● EGI instance integrated with EGI Check-in ● (De-)provisioning connectors available for many services ○ Easy to develop new connectors 10

  11. Summary ● Provisioning and deprovisioning notify services about changes in user attributes or state ● Deprovisioning is crucial for services with persistent user resources ● Can be handled with external identity and access management system ● Is aligned with AARC Blueprint Architecture 11

  12. Thank you for attention Slávek Licehammer slavek@ics.muni.cz

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

I n t e r n s L i g h t n i n g T a l k s Proxy editing PiTiVi Proxy editing

I n t e r n s L i g h t n i n g T a l k s Proxy editing PiTiVi Proxy editing

I n t e r n s L i g h t n i n g T a l k s Proxy editing PiTiVi Proxy editing Anton Belka, antonbelka@gmail.com GUADEC 2013 The TM Conference GUADEC Proxy editing What is proxy editing? Proxy editing is the ability to

1.75k views • 143 slides
First-Order Necessity and Validity First-Order Necessity and Validity Mark Criley IWU

First-Order Necessity and Validity First-Order Necessity and Validity Mark Criley IWU

First-Order Necessity and Validity First-Order Necessity and Validity Mark Criley IWU BackOf, Between, Small, etc. predicates other than =. necessity does. But FO-necessity pays attention to a little bit less than Logical

107 views • 9 slides
MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers

MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers

MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers forward requests to backends and can transform, handle or block them released under the GPL see http://forge.mysql.com/wiki/MySQL_Proxy

945 views • 27 slides
Resource provisioning requirements are very diverse Existing resource provisioning solutions

Resource provisioning requirements are very diverse Existing resource provisioning solutions

Resource provisioning requirements are very diverse Existing resource provisioning solutions tend to be specialized for specific scenarios. There is no resource provisioning model that supports all of these usage scenarios simultaneously

397 views • 14 slides
The QoE Provisioning-Delivery- g y -- Hysteresis and its Importance for Service Provisioning

The QoE Provisioning-Delivery- g y -- Hysteresis and its Importance for Service Provisioning

NGI 2011 The QoE Provisioning-Delivery- g y -- Hysteresis and its Importance for Service Provisioning in the F t Future Internet I t t Tobias Hofeld, Markus Fiedler and Thomas Zinner Hysteresis Hysteresis Hysteresis refers to

251 views • 10 slides
Medical Necessity of Medical Necessity of Cardiac Implants: p The New Enforcement Priority

Medical Necessity of Medical Necessity of Cardiac Implants: p The New Enforcement Priority

Medical Necessity of Medical Necessity of Cardiac Implants: p The New Enforcement Priority Morgan, Lewis & Bockius, LLP Scott A. Memmott Albert W. Shay B Background k d Increased efforts over the last two years to combat

782 views • 43 slides
TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop

TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop

GLIF Tech Winter meeting Hong-Kong, China 24 February, 2011 Peter Szegedi, PDO szegedi@terena.org www terena org www.terena.org TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop series About

587 views • 25 slides
Provisioning Hardware for Cluster Applications 2 Friday, February 17, 12 Provisioning Hardware

Provisioning Hardware for Cluster Applications 2 Friday, February 17, 12 Provisioning Hardware

scc : Cluster Storage Provisioning Informed by Application Characteristics and SLAs Harsha V. Madhyastha*, John C. McCullough , George Porter, Rishi Kapoor, Stefan Savage, Alex C. Snoeren, and Amin Vahdat UC Riverside* and UC San Diego Bourns

1.26k views • 96 slides
Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning

Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning

Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning & WAP primer Forging Messages Demo: Remote provisioning Provisioning: Process and Issues Attack scenario and exploiting Final

713 views • 59 slides
C# Design Patterns: Proxy APPLYING THE PROXY PATTERN Steve Smith FORCE MULTIPLIER FOR DEV TEAMS

C# Design Patterns: Proxy APPLYING THE PROXY PATTERN Steve Smith FORCE MULTIPLIER FOR DEV TEAMS

C# Design Patterns: Proxy APPLYING THE PROXY PATTERN Steve Smith FORCE MULTIPLIER FOR DEV TEAMS @ardalis | ardalis.com | weeklydevtips.com t h s What problems does proxy solve? Objectives How is the proxy pattern structured? Apply the

779 views • 23 slides
Web Application Proxy (WAP) Remote Access Gateway Proxy for Web Applications 1 If youre

Web Application Proxy (WAP) Remote Access Gateway Proxy for Web Applications 1 If youre

Web Application Proxy (WAP) Remote Access Gateway Proxy for Web Applications 1 If youre WAPpy and you know it. UAG ? WAP ? eGov ? 2 Topics This Why the County invested in WAP presentation will share: Capabilities

427 views • 20 slides
January 29, 2018 Proxy Statements under Maryland Law 2018 The 2018 proxy season is here.

January 29, 2018 Proxy Statements under Maryland Law 2018 The 2018 proxy season is here.

January 29, 2018 Proxy Statements under Maryland Law 2018 The 2018 proxy season is here. Based on our experience reviewing proxy statements for Maryland public companies, we would like to call your attention to certain matters of Maryland

272 views • 12 slides
Entwurfsmuster und Frameworks Proxy Oliver Haase Oliver Haase Emfra Proxy 1/14

Entwurfsmuster und Frameworks Proxy Oliver Haase Oliver Haase Emfra Proxy 1/14

Entwurfsmuster und Frameworks Proxy Oliver Haase Oliver Haase Emfra Proxy 1/14 Description I Classification : Object-based structural pattern Also known as : Surrogate Purpose : Control access to a subject through

435 views • 14 slides
The Squid caching proxy Chris Wichura caw@cawtech.com What is Squid? A caching proxy for

The Squid caching proxy Chris Wichura caw@cawtech.com What is Squid? A caching proxy for

The Squid caching proxy Chris Wichura caw@cawtech.com What is Squid? A caching proxy for HTTP, HTTPS (tunnel only) FTP Gopher WAIS (requires additional software) WHOIS (Squid version 2 only) Supports transparent

592 views • 35 slides
MySQL Proxy meets: binlogs Jan Kneschke MySQL Enterprise Tools mailto: jan@mysql.com What is

MySQL Proxy meets: binlogs Jan Kneschke MySQL Enterprise Tools mailto: jan@mysql.com What is

MySQL Proxy meets: binlogs Jan Kneschke MySQL Enterprise Tools mailto: jan@mysql.com What is MySQL Proxy Started Feb 2007 Current: MySQL Proxy 0.7.0 Source available on launchpad.net $ bzr branch lp:mysql-proxy Foundation of

308 views • 17 slides
GLM Proxy Data Monte Bateman Proxy Data Creator Introduction GLM is an optical instrument

GLM Proxy Data Monte Bateman Proxy Data Creator Introduction GLM is an optical instrument

GLM Proxy Data Monte Bateman Proxy Data Creator Introduction GLM is an optical instrument Closest analog is LIS LIS is LEO; has a limited time on station for a particular storm Have several ground-based, 24x7 networks;

133 views • 10 slides
t r rtrt t

t r rtrt t

t r rtrt t tr Pts t r sst srs t s

492 views • 17 slides
APPRAISER SELECT, LLC Owner: Allen Arnold Office: 407-900-2187 Cell:407-923-6464

APPRAISER SELECT, LLC Owner: Allen Arnold Office: 407-900-2187 Cell:407-923-6464

APPRAISER SELECT, LLC Owner: Allen Arnold Office: 407-900-2187 Cell:407-923-6464 Allen@AppraiserSelect.Net www.AppraiserSelect.Net Company background

304 views • 18 slides
FreshWater Insights 2013 Public Opinion in British Columbia . Summary Overview Released February

FreshWater Insights 2013 Public Opinion in British Columbia . Summary Overview Released February

FreshWater Insights 2013 Public Opinion in British Columbia . Summary Overview Released February 2014 Nobody started it, nobody is going to stop it. It will talk as long as it wants, this rain. As long as it talks I am going to listen.

574 views • 24 slides
THE PECOS RIVER: Lessons Learned Brent Bullock Water Resource Specialist Discussing Water

THE PECOS RIVER: Lessons Learned Brent Bullock Water Resource Specialist Discussing Water

THE PECOS RIVER: Lessons Learned Brent Bullock Water Resource Specialist Discussing Water Rights, A Western Past Time COMPACT DELIVERY CRISIS POTENTIAL PRIORITY ADMINISTRATION ISC appoints ad hoc committee Key water users Political

556 views • 18 slides
2 SAMUEL PURSUING GODS HEART Open Your Bible To: 2 Samuel 11 D OWNLOAD T HIS P RESENTATION: L

2 SAMUEL PURSUING GODS HEART Open Your Bible To: 2 Samuel 11 D OWNLOAD T HIS P RESENTATION: L

2 SAMUEL PURSUING GODS HEART Open Your Bible To: 2 Samuel 11 D OWNLOAD T HIS P RESENTATION: L IVING W ATER C ORONA . COM / SLIDES 2 Samuel 11 Pursue Gods Heart Away From Sin 2 Samuel 11 Pursue Gods Heart Away From Sin 1. Keep Your

564 views • 23 slides
From rural Kenya to a PhD in Physics Material Science; How my parents made it possible

From rural Kenya to a PhD in Physics Material Science; How my parents made it possible

From rural Kenya to a PhD in Physics Material Science; How my parents made it possible Winfred Mueni Mulwa T: +27616609913| mulwawm@qwa.ufs.ac.za | www.ufs.ac.za 3rd Career Development Workshop for Women in Physics 9 - 13 Oct. 2017

284 views • 9 slides
Kernel methods for hypothesis testing and inference MLSS T ubingen, 2015 Arthur Gretton

Kernel methods for hypothesis testing and inference MLSS T ubingen, 2015 Arthur Gretton

Kernel methods for hypothesis testing and inference MLSS T ubingen, 2015 Arthur Gretton Gatsby Unit, CSML, UCL Some motivating questions... Detecting differences in brain signals The problem: Do local field potential (LFP) signals change

371 views • 23 slides
Cybercri rcrime S Support rt N Network rk o of West Mich chigan Stakeholder Meeting DC

Cybercri rcrime S Support rt N Network rk o of West Mich chigan Stakeholder Meeting DC

Cybercri rcrime S Support rt N Network rk o of West Mich chigan Stakeholder Meeting DC 2/6/18 1:00 p.m. Introductions 1:15 p.m. CSN Overview 1:30 p.m. Pilot Outline/Timeline 2:00 p.m. Stakeholder needs and resources 2:30 a.m.

301 views • 16 slides

More recommend