eisuke ito eiji abe yoshiaki kasahara kyushu university
play

Eisuke Ito, Eiji Abe, Yoshiaki Kasahara Kyushu University - PowerPoint PPT Presentation

Sep 27, 2022 •236 likes •531 views

APAN29, Sydney 2010 UPKI update from Japan Eisuke Ito, Eiji Abe, Yoshiaki Kasahara Kyushu University ito.eisuke.523@m.kyushuu.ac.jp Outline 1. Introduction 2. Shibboleth SSO 3. Problems of IdP 4. Analysis 5. Conclusion 1 1. Introduction 1.

  1. APAN29, Sydney 2010 UPKI update from Japan Eisuke Ito, Eiji Abe, Yoshiaki Kasahara Kyushu University ito.eisuke.523@m.kyushu‐u.ac.jp

  2. Outline 1. Introduction 2. Shibboleth SSO 3. Problems of IdP 4. Analysis 5. Conclusion 1

  3. 1. Introduction 1. Introduction 2. Shibboleth SSO 3. Problems of IdP 4. Analysis 5. Conclusion 2

  4. 1. Introduction  Protected services in University  E-Learning, e-Syllabi, Researcher activity DB, Student portal, …  E-Journal, Google Apps, Windows Live, …  Shibboleth SSO (Single Sign-on)  Distributed SSO Middleware  Identity Providers (IdP), Service Providers (SP). (and Discovery Service (DS))  Federation  A trust relationship between Identity Providers (IdP) and Service Providers (SP).  NII of Japan deploys Shibboleth SSO Federation  Kyushu University joins this federation 3

  5. History 2005 2006 2007 2008 2009 2010 2011 Joined UPK Kyushu Univ. LDAP Password University authN ID IntegraJon Shibboleth IdP manager plaBorm Join UPKI‐Fed University ID (JP Federa7on) kitenet (Wireless LAN) UPKI UPKI IniJaJve Server Cert. service NII, Japan eduroam.jp GRID UPKI‐Fed SSO trial UPKI‐Fed Trail Federa7on 4

  6. In this presentation,  Show a case study of shibboleth IdP and SP operation in Kyushu University  Report some problems of shibboleth IdP operation.  Report results of two month operation. 5

  7. 2. Shibboleth SSO 1. Introduction 2. Shibboleth SSO 3. Problems of IdP 4. Analysis 5. Conclusion 6

  8. 2. Shibboleth SSO  Before Shibboleth  Kyushu U  Students 18,000  Staffs 7,000 (prof. 2500)  Campus wide authentication system (since 2007.)  IDM and LDAP server  IDM: Identity management system (Meta Directory)  LDAP server is used as password authenticator. 7

  9. Secure 8 Shibboleth SSO SSO Shibboleth System Overview Other Personnel Student worker DB DB Federated SPs ID card E‐Journal IDM IC Card (User ID) Refworks MS DS ref Shibboleth Password Matrix code LDAP IdP (SSO) manager DB Active Active Directory Directory refer refer Enterprise EducaJon system system for officials for students Critical Critical Service Service kitenet Mail WebCT EZproxy MyLibrary (WiFi) Matrix code authN ID/PW, or ID/PW login login Matrix code

  10. Dataflow of IDM Students Student Student Learning System list (PCs, Server, WBT) DB Twice in a Year Staffs Staff Personnel IDM list DB (Identity Management Sys.) LDAP Daily Account activation ID ID Card Card Staff 9

  11. Integrated Services  WebCT (e-Learning)  NetAcademy2 (English study)  kitenet (WiFi)  Campus licensed software  Space management system  Cute.Anyware (E-journal proxy by Library)  Webmail (Primary e-mail service)  Course registration and grade point management sys.,  Researcher activity DB 10

  12. SSO Policy Internal service Out sourced service • Webmail • E‐Journal services Usability • WebCT (e‐Learning) • RefWorks oriented • Software download site • Google Apps Shibbolize! (licensed software) • University portal Security • Financial system • Grade point oriented management system 11

  13. 3. Problems of IdP 1. Introduction 2. Shibboleth SSO 3. Problems of IdP 4. Analysis 5. Conclusion 12

  14. 3. Problems of IdP Attributes Attribute matching filtering IdP SP LDAP 13

  15. Attributes matching Existing schema eduperson mismatch (attributes) schema Open IdP LDAP LDAP (rewrite) Add/Change Attributes Schema Solutions schema Translation Matching attribute-resolver.xml OpenLDAP’s rewrite module 14

  16. Attribute filtering Internal SPs MyLibrary OK SP Serves all attributes SP EZproxy SP WebCT IdP External SPs No SP Against privacy policy SP SP 15

  17. Solutions for attribute filtering problem 2. Two IdPs 1. Write filter rules for each SP. Internal SP IdP rule SP rule SP SPs SP rule IdP rule SP External SP rule IdP SP rule SP SPs 3. Filtering script Open LDAP LDAP IdP (rewrite) rules 16

  18. 4. Analysis 1. Introduction 2. Shibboleth SSO 3. Problems of IdP 4. Analysis 5. Conclusion 17

  19. 4. Analysis Shibboleth IdP and SPs in Kyushu Universiy Internal SPs Open SP MyLibrary LDAP IdP LDAP EZproxy SP (rewrite) SJSDS OpenLDAP, Shibboleth IdP SP WebCT (Solaris) CentOS. Tomcat (CentOS) (VMware) (Windows XP) 18

  20. 19 Kyushu University Library IdP http://www.lib.kyushu‐u.ac.jp/ SP

  21. Results  Two months operation  Just serviced in at Dec. 1, 2009.  No serious trouble.  Some trivial matters.  Some users bookmark the IdP site.  404 Not Found: /idp/Authn/Password 7time(s)  He/She can’t access to the service which he/she wants. 20

  22. Statistics: Unique users at Jan.26,2010. Students 1815 18000 Staffs 467 7000 (2500) Total 2291 25000 21

  23. Statistics: Rank‐Freqency Top 200 users (10% users) occupy 41.2% access. 22

  24. Statistics: Daily access 23

  25. Statistics: Hourly access Most user access at afternoo. 24

  26. 5. Conclusion 1. Introduction 2. Shibboleth SSO 3. Problems of IdP 4. Analysis 5. Conclusion 25

  27. 5. Conclusion  A case study of Shibboleth IdP in a university  Two problems for IdP construction  Attribute matching  Attribute filtering  Two months operation  No serious trouble.  Got statistics  No over load 26

  28. Thank you for your attention. 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Analysis on Wireless LAN protocols HORI Yoshiaki hori@csce.kyushu-u.ac.jp Kyushu

Security Analysis on Wireless LAN protocols HORI Yoshiaki hori@csce.kyushu-u.ac.jp Kyushu

Security Analysis on Wireless LAN protocols HORI Yoshiaki hori@csce.kyushu-u.ac.jp Kyushu University / ISIT ETRI-ISIT 1st joint seminar 1 Contents S e c u r i t y a n a l y s i s o n I E E E 8 0 2 . 1 1 i

331 views • 20 slides
Factorizing a string into squares in linear time Yoshiaki Matsuoka, Shunsuke Inenaga, Hideo

Factorizing a string into squares in linear time Yoshiaki Matsuoka, Shunsuke Inenaga, Hideo

CPM 2016 Factorizing a string into squares in linear time Yoshiaki Matsuoka, Shunsuke Inenaga, Hideo Bannai, Masayuki Takeda (Kyushu U.) Florin Manea (Kiel U.) From string to squares? In this presentation, I talk about decomposition of a

776 views • 41 slides
What makes Kyushu Universitys IR so effective? : Leadership, internal collaborations, and

What makes Kyushu Universitys IR so effective? : Leadership, internal collaborations, and

| 0 What makes Kyushu Universitys IR so effective? : Leadership, internal collaborations, and commitment Makoto ARATONO | Executive Vice President | Kyushu University June 20, 2018 | 1 Section 1 Profile of Kyushu University

818 views • 28 slides
Distributed Constraint Reasoning Makoto Yokoo Kyushu University, Japan yokoo@inf.kyushu-u.ac.jp

Distributed Constraint Reasoning Makoto Yokoo Kyushu University, Japan yokoo@inf.kyushu-u.ac.jp

Distributed Constraint Reasoning Makoto Yokoo Kyushu University, Japan yokoo@inf.kyushu-u.ac.jp http://agent.inf.kyushu-u.ac.jp/~yokoo/ 1 Outline Constraint Satisfaction Problem (CSP) Formalization Algorithms Distributed

1.29k views • 104 slides
An opportunistic text indexing structure based on run length encoding Yuya Tamakoshi, Keisuke

An opportunistic text indexing structure based on run length encoding Yuya Tamakoshi, Keisuke

CIAC 2015 An opportunistic text indexing structure based on run length encoding Yuya Tamakoshi, Keisuke Goto, Shunsuke Inenaga, Hideo Bannai, Masayuki Takeda Kyushu University, Japan Kyushu University, Japan Kyushu University, Japan Kyushu

812 views • 59 slides
Multi-platform Automatic Parallelization and Power Reduction by OSCAR Compiler Hironori Kasahara

Multi-platform Automatic Parallelization and Power Reduction by OSCAR Compiler Hironori Kasahara

Multi-platform Automatic Parallelization and Power Reduction by OSCAR Compiler Hironori Kasahara Professor, Dept. of Computer Science & Engineering Director, Advanced Multicore Processor Research Institute Waseda University, Tokyo, Japan

519 views • 29 slides
Utilizing Pure: The Kyushu University experience Saki LIU | Post-doctoral Fellow | Office of

Utilizing Pure: The Kyushu University experience Saki LIU | Post-doctoral Fellow | Office of

| 0 Utilizing Pure: The Kyushu University experience Saki LIU | Post-doctoral Fellow | Office of Institutional Research, Kyushu University June 20-21, 2018 | 1 Kyushu University (KyushuU)s Office of Institutional Research established to

513 views • 37 slides
High Voltage Aqueous Na/K-ion Batteries Masaru Tanaka of Kyushu University. HOMO/LUMO

High Voltage Aqueous Na/K-ion Batteries Masaru Tanaka of Kyushu University. HOMO/LUMO

ICEnSM 2019, Session 1, 9:30 am-10:00 am, Nov. 30th at Shenzhen Material synthesis and cell performance were measured by Dr. Kosuke Nakamoto, Mr. Ryo Sakamoto, and Prof. Masato Ito of Kyushu University. TG/DSC measurement was supported by

421 views • 14 slides
General Consent to Research Use of Biological Samples and Health Information Eiji Maruyama Kobe

General Consent to Research Use of Biological Samples and Health Information Eiji Maruyama Kobe

General Consent to Research Use of Biological Samples and Health Information Eiji Maruyama Kobe University, Japan Eiji Maruyama 2010WCML@Zagreb 1 Requirement of Informed Consent Obtaining informed consent from the subject or her/his legal

419 views • 17 slides
Genomics in patients with Japanese Ancestry Yoshiaki Uyama, Ph.D. Yoshiaki Uyama, Ph.D.

Genomics in patients with Japanese Ancestry Yoshiaki Uyama, Ph.D. Yoshiaki Uyama, Ph.D.

Genomics in patients with Japanese Ancestry Yoshiaki Uyama, Ph.D. Yoshiaki Uyama, Ph.D. Pharmaceuticals & Medical Devices Agency (PMDA) Pharmaceuticals & Medical Devices Agency (PMDA) Visiting Professor, Graduate School of Medicine,

672 views • 21 slides
Developed for the X-ray CCD Camera onboard the XRISM Satellite Yoshiaki Kanemaru(University of

Developed for the X-ray CCD Camera onboard the XRISM Satellite Yoshiaki Kanemaru(University of

Radiation Hardness of a P-Channel Notch CCD Developed for the X-ray CCD Camera onboard the XRISM Satellite Yoshiaki Kanemaru(University of Miyazaki) mail: kanemaru@astro.miyazaki-u.ac.jp Jin Sato, Koji Mori (University of Miyazaki), Hiroshi

317 views • 21 slides
Direct Numerical Simulation of Drag Reduction with Uniform Blowing over a Rough Wall Eisuke Mori

Direct Numerical Simulation of Drag Reduction with Uniform Blowing over a Rough Wall Eisuke Mori

11 th International ERCOFTAC Symposium on Engineering Turbulence Modelling and Measurement Palermo, Sept. 21-23, 2016 Direct Numerical Simulation of Drag Reduction with Uniform Blowing over a Rough Wall Eisuke Mori 1,2 , Maurizio Quadrio 2 and

1.08k views • 31 slides
Agenda The teleconference system in Kyushu University H.323 TV conference system

Agenda The teleconference system in Kyushu University H.323 TV conference system

MCU (Multi point Control Unit) for H.323 and software Polycom Yasuaki Antoku Kyushu Univ. Hospital / Japan Agenda The teleconference system in Kyushu University H.323 TV conference system MCU(Multi point Control Unit) H.323

815 views • 11 slides
Finding Characteristic Substrings from Compressed Texts Shunsuke Inenaga Kyushu University, Japan

Finding Characteristic Substrings from Compressed Texts Shunsuke Inenaga Kyushu University, Japan

Finding Characteristic Substrings from Compressed Texts Shunsuke Inenaga Kyushu University, Japan Hideo Bannai Kyushu University, Japan Text Mining and Text Compression Text mining is a task of finding some rule and/or knowledge from given textual

719 views • 45 slides
Recognition of Japanese Historical Hand- Written Characters Based on Object Detection Methods

Recognition of Japanese Historical Hand- Written Characters Based on Object Detection Methods

Recognition of Japanese Historical Hand- Written Characters Based on Object Detection Methods Yiping Tang, Kohei Hatano, Eiji Takimoto Kyushu university What is Kuzushiji? Definition(*) Kuzushiji is written with hand- written

346 views • 16 slides
Compact Sealed lithium target for accelerator-driven BNCT system Kazuki Tsuchida, Yoshiaki

Compact Sealed lithium target for accelerator-driven BNCT system Kazuki Tsuchida, Yoshiaki

th High Power Targetry Workshop 4 8 June 201 , FRIB Michigan State University Compact Sealed lithium target for accelerator-driven BNCT system Kazuki Tsuchida, Yoshiaki Kiyanagi Nagoya University 1 B oron N eutron C apture

510 views • 20 slides
Stacey FrohnapfelHasson Chief Office of Prevention Services Bobbie J Boyer

Stacey FrohnapfelHasson Chief Office of Prevention Services Bobbie J Boyer

12/13/2019 Stacey FrohnapfelHasson Chief Office of Prevention Services Bobbie J Boyer Deputy Director Office of Prevention Services 1 12/13/2019 Overview Process Overview Functionality Investments and Priorities

453 views • 14 slides
P2P Web Search: Make It Light, Make It Fly Matthias Bender , Tom Crecelius, Sebastian Michel,

P2P Web Search: Make It Light, Make It Fly Matthias Bender , Tom Crecelius, Sebastian Michel,

Motivation MINERVA System Model Demo P2P Web Search: Make It Light, Make It Fly Matthias Bender , Tom Crecelius, Sebastian Michel, Josiane Xavier Parreira Max-Planck-Institut f ur Informatik Saarbr ucken, Germany Jan 8, 2007 Matthias

392 views • 16 slides
eCRV County and City Upgrade WebEx July 16, 2019 1 Agenda Project overview County/City

eCRV County and City Upgrade WebEx July 16, 2019 1 Agenda Project overview County/City

eCRV County and City Upgrade WebEx July 16, 2019 1 Agenda Project overview County/City Application Preview Rollout Schedule Help items Q and A Introductions Anabell Aragon, Supervisor, Operations Unit Lisa Dejoras,

428 views • 25 slides
Performance in XSLT John Lumley Michael Kay j L Research Saxonica Saxonica XMLLondon 2015

Performance in XSLT John Lumley Michael Kay j L Research Saxonica Saxonica XMLLondon 2015

Improving Pattern Matching Performance in XSLT John Lumley Michael Kay j L Research Saxonica Saxonica XMLLondon 2015 - John Lumley 27 May, 2015 Synopsis Some XSLT frameworks use lots of Investigation by Saxonica Ltd. generic pattern

674 views • 35 slides
Optimisation Constraint Problems Combinatorial Optimisation Modelling (in MiniZinc) Solving

Optimisation Constraint Problems Combinatorial Optimisation Modelling (in MiniZinc) Solving

Topic 1: Introduction 1 (Version of 1st November 2020) Pierre Flener and Jean-No el Monette Optimisation Group Department of Information Technology Uppsala University Sweden Course 1DL441: Combinatorial Optimisation and Constraint

1.31k views • 99 slides
Remote Visualization of Large Multi-dimensional Radio Astronomy Data Sets Pavol Federl

Remote Visualization of Large Multi-dimensional Radio Astronomy Data Sets Pavol Federl

Remote Visualization of Large Multi-dimensional Radio Astronomy Data Sets Pavol Federl Institute for Space Imaging Science University of Calgary Thursday 26 January 2012 CyberSKA www.cyberska.org develop (cyber)

562 views • 22 slides
Personalized Page Genera/on using Data, Science, and Algorithms

Personalized Page Genera/on using Data, Science, and Algorithms

Mathema/cs in Data Science Workshop Personalized Page Genera/on using Data, Science, and Algorithms Jus&n Basilico Page Algorithms Engineering July 30,

588 views • 45 slides
Building a Data-Powered Sales Intelligence Platform Durgam Vahia Data Products, LinkedIn

Building a Data-Powered Sales Intelligence Platform Durgam Vahia Data Products, LinkedIn

Building a Data-Powered Sales Intelligence Platform Durgam Vahia Data Products, LinkedIn To change the background image To change the speaker picture, right-click on the photo and select change picture... Select the

717 views • 25 slides

More recommend