Establishing an AAI service in DFN Ulrich Khler, DFN-Verein - - PowerPoint PPT Presentation

establishing an aai service in dfn
SMART_READER_LITE
LIVE PREVIEW

Establishing an AAI service in DFN Ulrich Khler, DFN-Verein - - PowerPoint PPT Presentation

May 18, 2023 284 likes •408 views

Establishing an AAI service in DFN Ulrich Khler, DFN-Verein kaehler@dfn.de Jrgen Rauschenbach, DFN-Verein jrau@dfn.de Events and plans March 2006: 1. Meeting of an advisory group and early adopters: Libraries, GRIDs, eLearning,

slide-1
SLIDE 1

Establishing an AAI service in DFN

Ulrich Kähler, DFN-Verein kaehler@dfn.de Jürgen Rauschenbach, DFN-Verein jrau@dfn.de

slide-2
SLIDE 2

Events and plans

  • March 2006:
  • 1. Meeting of an advisory group and early adopters:

Libraries, GRIDs, eLearning, service provider

  • April – September 2006

f2f meetings and videoconf´s on different items

  • November 2006:

basic documents ready (Policy, contracts, service agreements, etc)

  • Autumn 2006:

establishment of central services, pilot operation

  • Spring 2007:

Contracts and start of service

slide-3
SLIDE 3

Seite 3

Drivers

  • REDI (AAR) project University Freiburg, very

much focussed on Shibboleth

  • Grid (German Grid D-Grid), in the trend to move

towards Shibboleth

  • eLearning portal (Saxonia), Shibboleth based, all

HS in Saxonia

slide-4
SLIDE 4

Tasks of the DFN-Verein

  • Providing guidelines (Policy)
  • Contract preparation and conclusion
  • Central operations
  • Public Relations
  • International representation of the DFN-AAI

community

slide-5
SLIDE 5

central operational tasks

  • Metadata administration (under construction)
  • Test system (operational)
  • WAYF-Server (under construction)
  • Certification Authority (DFN-PKI) (operational)
  • Consulting, training (starts 2007)
  • Support provided by DFN-NOC
slide-6
SLIDE 6

Seite 6

DFN-Verein

  • Is the central contract partner for all

participants of DFN- AAI.

  • All contracts are service contracts.

DFN-AAI

S1 A1 A... A2 An Sn S2 DFN S...

slide-7
SLIDE 7

DFN-Frame contract DFNAAI

Service agreement

DFNFernsprechen DFNInternet Policy

  • techn. precondition IdM

Attribute schema Operational components

contractual concept

Attachments:

Certificates (fees)

slide-8
SLIDE 8

Quality preconditions for IdM

  • Quality requirements
  • Reliability

security levels, avoidance of abuse

  • Actuality

changes close to the real event

  • Traceability

Documentation, Logging

  • Resilience

back-up systems

  • Consistence with national legal rules
  • data protection rules
slide-9
SLIDE 9

Seite 9

DFN-AAI schema discussion

  • Agreement on just a few „basic“ attributes for

now, (others have the state „recommended“):

– sn (surname) (from Person) – email (from inetOrgPerson) – eduPersonPrincipalName (from eduPerson) – eduPersonScopedAffiliation – eduPersonEntitlement – eduPersonTargetedID

  • Basic attributes need to be present in the IdM or

could be mapped

slide-10
SLIDE 10

Seite 10

Usage of certificates

  • Certificates are used in 3 areas in DFN-AAI:

– Operation of Shibboleth – Authentification of the web servers offering these services – Authentification of users

slide-11
SLIDE 11

Seite 11

Zertifikate in der DFN-PKI

400 800 1.200 1.600 2.000 11.05 12.05 01.06 02.06 03.06 04.06 05.06 06.06 07.06 08.06 09.06 10.06 A n z a h l Z e r t i f i k a t e Summe Zertifikate Classic Zertifikate Grid Zertifikate

slide-12
SLIDE 12

Seite 12

Kontakt

Questions around DFN-AAI: E-Mail: aai@dfn.de

? ?

?