identity and access management for federated resource
play

Identity and Access Management for Federated Resource Sharing: - PowerPoint PPT Presentation

Mar 20, 2023 •171 likes •430 views

APAN, Tokyo, 2006 Identity and Access Management for Federated Resource Sharing: Shibboleth Stories http://arch.doit.wisc.edu/keith/apan/ apanShib-060122-01.ppt Keith Hazelton (hazelton@doit.wisc.edu) Sr. IT Architect, University of

  1. APAN, Tokyo, 2006 Identity and Access Management for Federated Resource Sharing: Shibboleth Stories http://arch.doit.wisc.edu/keith/apan/ apanShib-060122-01.ppt Keith Hazelton (hazelton@doit.wisc.edu) Sr. IT Architect, University of Wisconsin-Madison Internet2 Middleware Architecture Committee for Education (MACE) APAN, Tokyo, 22-Jan-06 Internet2 MACE

  2. Topics APAN, Tokyo, 2006 • http://arch.doit.wisc.edu/keith/apan /apanShib-060122-01.ppt • Thesis: Growing adoption of SAML for AuthNZ between parties in Education & Research • SAML & Shibboleth • Evidence for thesis – NRENs and licensed resource providers – Beijing University / Harvard / U Wisconsin: Collaborative Development of the China History Biographical Database • Shibboleth, SAML, WS-*, Grids: Coming developments 2 Internet2 MACE

  3. APAN, Tokyo, 2006 Security Assertion Markup Language • SAML (OASIS Security Services TC) – 1.1 and 2.0 ratified • Support for end-to-end, application-level security – Complements transport- and message-level security – XML schema around authentication and authorization • Addresses a key requirement in federated environments – One (or more) Identity Provider (IdP) parties asserting Authentication/Attribute/Authorization information – Different party, a service provider (SP), relying on this information to provide a service or access to a resource 3 Internet2 MACE

  4. APAN, Tokyo, 2006 The federated access scenario SWITCH AuthN/AuthZ Infrastructure (AAI) Site 4 Internet2 MACE

  5. APAN, Tokyo, 2006 Shibboleth: A SAML Implementation for Research & Education • Developed by Internet2 with assistance from NSF • Current version: Shibboleth 1.3, supports SAML 1.1 • Shibboleth is a software suite implementing SAML • It is also a profile of SAML (profiles support interop.) • It is also an active global community engaged in open source development and support • http://shibboleth.internet2.edu 5 Internet2 MACE

  6. APAN, Tokyo, 2006 Evidence for the thesis: SHIB / Athens • Athens: UK-wide service – Managing higher ed <=> vendor licenses for access to digital resources – Providing a shared authentication service for all UK higher ed users; • Joint Information Services Committee (JISC) decision to shift from proprietary AuthN to Shib 6 Internet2 MACE

  7. APAN, Tokyo, 2006 Evidence for the Thesis: SHIB / Athens • EduServ service provider currently offers an Athens-Shib gateway (bi-directional) • JISC rewriting contracts: Vendors must be shib service providers at contract renewal. • Transition to be complete by 1/1/2007 7 Internet2 MACE

  8. APAN, Tokyo, 2006 Evidence for the Thesis: BECTA • Supports IT needs of K-12 in UK • 3,000,000 users • Now recommending adoption of Shibboleth for Federated Identity and Access Management • http://www.becta.org.uk/corporate/display.cfm ?section=22&id=4665 8 Internet2 MACE

  9. APAN, Tokyo, 2006 More evidence: Europe/Australia/US NREN consortium: Vendor resources as Shibboleth SPs • Finland, Denmark, Germany Switzerland Netherlands, Belgium France Spain UK, Australia, US; Discussions w. Greece, Hungary, • NREN-scale Shib feds in test or production • Coordinating approaches to vendors on “Shibbing” their resources 9 Internet2 MACE

  10. APAN, Tokyo, 2006 Beijing University / Harvard / U Wisconsin: China History Biographical Database • Well-established international collaborative to maintain and expand a database of tens of thousands of historical figures from China's imperial past. • Currently exploring possible shift from file exchange model to federated application model • Exploratory Shibboleth pilot project underway 10 Internet2 MACE

  11. APAN, Tokyo, 2006 Beijing University / Harvard / U Wisconsin: China History Biographical Database • In pilot, content experts at Beijing University ( 北大 , PKU) would access: • Shib-protected Web applications at Harvard that query/update the database • PKU would be the Identity Provider • Service Provider would be Harvard – PHP/MySQL app running under Apache/Tomcat 11 Internet2 MACE

  12. APAN, Tokyo, 2006 Shibboleth at Beijing University (PKU) • Slides courtesy of PKU sponsor, Prof. ZHANG Bei ( 张蓓 ) • Initial contacts at APAN in Taipei in August • Work began in earnest after CANS meeting in December in Shenzhen 12 Internet2 MACE

  13. A glance at PKU Shibboleth APAN, Tokyo, 2006 InQueue internet2.edu WAYF Client PKU Campus Network I dentity Provider Service Provider { foo} .pku.edu.cn { bar} .pku.edu.cn Attribute Repository { dir} .pku.edu.cn (LDAP server) 13 Internet2 MACE

  14. APAN, Tokyo, 2006 PKU in InQueue • Both our IdP and SP have joined InQueue of Internet2 • Our IdP has been successfully tested with https://wayf.internet2.edu/InQueue/sample.jsp • To authenticate with our IdP, choose “Peking University Test Install” on the InQueue WAYF service page • The redirection of client from SP to IdP can go with/without WAYF • Currently working on fully utilizing the attribute exchange mechanisms provided by Shibboleth 14 Internet2 MACE

  15. APAN, Tokyo, 2006 Future steps at PKU • Configure IdP to authenticate end-users with our Web SSO solution • Deploy Shibboleth within PKU • Co-operate with other educational institutions • Establish a federation within CERNET – Provide membership management – Set up our own WAYF service 15 Internet2 MACE

  16. APAN, Tokyo, 2006 • Shibboleth, SAML, WS-*, Grids: Coming attractions • Initial MS federation support available in Active Directory Federation Services (ADFS) • Essentially a WS-Sec, WS-Fed profile, but not published • A Shib-ADFS gateway is in Beta – Shib adds an end-point in IdP that can interoperate with a MS ADFS system – Communicates via WS-Security – ADFS components comparable to Shib IdP & SP – Use Shib IdP in conjunction with ADFS SP & vice- versa 16 Internet2 MACE

  17. 17 APAN, Tokyo, 2006 Internet2 MACE

  18. 18 APAN, Tokyo, 2006 Internet2 MACE

  19. APAN, Tokyo, 2006 • Shibboleth, SAML, WS-*, Grids: Coming attractions • Shib 2.0 – Beta expected in May, 2006 – Formal release by end of summer • Will support SAML 2.0 • Will address the N-Tier problem – Constrained delegation model – Seeking to work with various standards bodies 19 Internet2 MACE

  20. APAN, Tokyo, 2006 • Shibboleth, SAML, WS-*, Grids: Coming attractions • OpenSAML 2.0 well underway • Shib 2.0 will have an AuthN engine because it is necessary to meet SAML 2.0 requirements – Watch shibboleth-dev@internet2.edu mailing list for a list of features • Linking attributes from multiple identity providers • Shib 2.0 code will support Shib 1.3 endpoints • Will include a pure Java implementation – Takes Shib beyond simple web app scenarios 20 Internet2 MACE

  21. APAN, Tokyo, 2006 • Shibboleth, SAML, WS-* • SAML 1.1 profile included in WS-Sec • Interfederation gateway products available, more coming • Demoed at Catalyst 2005 • SAML tokens included in WS-Sec payloads to carry AuthNZ information 21 Internet2 MACE

  22. APAN, Tokyo, 2006 The state of play with WS-* • SAML in wide use in production environments • WS-Sec is out & in use, but what of WS-*? – WS Trust, WS Federation in particular – Complexity is their hallmark 22 Internet2 MACE

  23. APAN, Tokyo, 2006 The state of play with WS-* • WS-* Still in flux • Open source implementations lacking • True inter-vendor interoperability not yet within reach – Specifications don't provide it – Only profiles of specifications can – WS-* profiles don't yet exist 23 Internet2 MACE

  24. Q & A 24 APAN, Tokyo, 2006 Internet2 MACE

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lets get a federated identity Do you have access to your email? Youll need a valid email

Lets get a federated identity Do you have access to your email? Youll need a valid email

Lets get a federated identity Do you have access to your email? Youll need a valid email address Intro to Federated Identity Do you have an account from Protect Network or Twitter You can skip ahead! EuroCAMP Training for

104 views • 7 slides
Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase Automation and Security. Identity Management (IAM, IdM) defining and managing the roles and access privileges of individual network users, and the

2.89k views • 13 slides
EUDAT: Towards a pan-European Collaborative Data Infrastructure Federated Identity Management and

EUDAT: Towards a pan-European Collaborative Data Infrastructure Federated Identity Management and

EUDAT: Towards a pan-European Collaborative Data Infrastructure Federated Identity Management and Access Control Mark van de Sanden SARA, The Netherlands Terena VAMP workshop Utrecht, 6-7 September 2012 Outline Project Core Services

435 views • 16 slides
Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto,

Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto,

Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto, 2005-11-07 Ingrid Melve, FEIDE manager From campus identity management to a federated solution Case: FEIDE Campus Identity Management 2

655 views • 30 slides
2nd Meeting of ICAC Federated Identity Status &amp; Plans Mine Altunay October 15, 2019 Current

2nd Meeting of ICAC Federated Identity Status &amp; Plans Mine Altunay October 15, 2019 Current

2nd Meeting of ICAC Federated Identity Status &amp; Plans Mine Altunay October 15, 2019 Current Status Adoption of Federated Identity and Access Control is one of the top priorities for the lab Crucial for our success with DUNE,

403 views • 13 slides
FIM4L Federated Identity Management for Libraries Nick Roy 40th REFEDS Meeting Tallinn, Estonia

FIM4L Federated Identity Management for Libraries Nick Roy 40th REFEDS Meeting Tallinn, Estonia

FIM4L Federated Identity Management for Libraries Nick Roy 40th REFEDS Meeting Tallinn, Estonia 1 The Beginning Project AARC presentation at LIBER 2018 conference in Lille, by Peter Gietz (DAASI international), Jiri Pavlik (Moravian

736 views • 11 slides
Identity and Access Management with the INDIGO IAM service Andrea Ceccanti

Identity and Access Management with the INDIGO IAM service Andrea Ceccanti

Identity and Access Management with the INDIGO IAM service Andrea Ceccanti andrea.ceccanti@cnaf.infn.it EOSC-Hub AAI Tech Talk Europe, Earth, June 15th 2018 INDIGO Identity and Access Management service Flexible authentication support (SAML,

430 views • 24 slides
Conference 2018 Shift into the future with predictions for Identity &amp; Access Management BCNET

Conference 2018 Shift into the future with predictions for Identity &amp; Access Management BCNET

Conference 2018 Shift into the future with predictions for Identity &amp; Access Management BCNET Identity &amp; Access Management Community of Practice Panelists: Corey Scholefield Vera Merkusheva Isabel Wong Sabrina da Silva 2 Conference

622 views • 19 slides
Agenda Identity &amp; Access management About company midPoint Clients &amp;

Agenda Identity &amp; Access management About company midPoint Clients &amp;

Agenda Identity &amp; Access management About company midPoint Clients &amp; partners Conclusion Identity management System Requester Users admin Approver Application Application Provisioning system Identity A

826 views • 45 slides
Federated Access to Multimedia Content Ajay Daryanani Middleware Engineer RedIRIS Zurich, 30th

Federated Access to Multimedia Content Ajay Daryanani Middleware Engineer RedIRIS Zurich, 30th

Federated Access to Multimedia Content Ajay Daryanani Middleware Engineer RedIRIS Zurich, 30th January 2009 1st Media Management and Distribution Workshop 1 Outline 1. Federated access to content Requirements Approaches 2. Additions

257 views • 25 slides
Resource Resource Management Management RESOURCE MANAGEMENT RESOURCE MANAGEMENT We have a

Resource Resource Management Management RESOURCE MANAGEMENT RESOURCE MANAGEMENT We have a

Moreno Baricevic Stefano Cozzini CNR-IOM DEMOCRITOS Trieste, ITALY Resource Resource Management Management RESOURCE MANAGEMENT RESOURCE MANAGEMENT We have a pool of users and a pool of resources, then what? some software that controls

538 views • 22 slides
Identity and Access Management IAM Lifecycle Committee Jan. 12, 2015 | Monday | 10:30 a.m.-12

Identity and Access Management IAM Lifecycle Committee Jan. 12, 2015 | Monday | 10:30 a.m.-12

Identity and Access Management IAM Lifecycle Committee Jan. 12, 2015 | Monday | 10:30 a.m.-12 p.m. | 561 Smith Center Agenda Short Program Status Update User Name Progress Discussion Topics: Sponsored people tool will be

613 views • 22 slides
Identity &amp; Access Management IAM Lifecycle Committee Feb. 29, 2016 Monday 10:00-11:30 a.m.

Identity &amp; Access Management IAM Lifecycle Committee Feb. 29, 2016 Monday 10:00-11:30 a.m.

Identity &amp; Access Management IAM Lifecycle Committee Feb. 29, 2016 Monday 10:00-11:30 a.m. 561 Smith Center Agenda Introductions Meeting Purposes and Intended Outcomes Status Update Discussion: SSN Remediation Plans

219 views • 21 slides
PEOPLE.UTC.EDU The Problem with People IDENTITY AND ACCESS MANAGEMENT CHALLENGES Age

PEOPLE.UTC.EDU The Problem with People IDENTITY AND ACCESS MANAGEMENT CHALLENGES Age

PEOPLE.UTC.EDU The Problem with People IDENTITY AND ACCESS MANAGEMENT CHALLENGES Age Appearance Accuracy PEOPLE eGuide no longer supported Data Source eDirectory Updated by events and by user PROPOSAL Continue to

270 views • 10 slides
Fair Resource Allocation in Federated Learning Tian Li (CMU) , Maziar Sanjabi (Facebook AI), Ahmad

Fair Resource Allocation in Federated Learning Tian Li (CMU) , Maziar Sanjabi (Facebook AI), Ahmad

Fair Resource Allocation in Federated Learning Tian Li (CMU) , Maziar Sanjabi (Facebook AI), Ahmad Beirami (Facebook AI), Virginia Smith (CMU) tianli@cmu.edu 1 Federated Learning 2 2 Federated Learning Privacy-preserving training in

1.19k views • 55 slides
External and Federated Identities on the Web Jan Pazdziora Sr. Principal Software Engineer

External and Federated Identities on the Web Jan Pazdziora Sr. Principal Software Engineer

External and Federated Identities on the Web Jan Pazdziora Sr. Principal Software Engineer Identity Management Special Projects, Red Hat 1 st October 2015 Scope and problem statement Applications get deployed in large organizations and

542 views • 24 slides
COMPANY PROFILE 1H18 PT Toba Bara Sejahtra Tbk Jakarta, September 2018 Strictly Private &amp;

COMPANY PROFILE 1H18 PT Toba Bara Sejahtra Tbk Jakarta, September 2018 Strictly Private &amp;

COMPANY PROFILE 1H18 PT Toba Bara Sejahtra Tbk Jakarta, September 2018 Strictly Private &amp; Confidential Strictly Private &amp; Confidential www.tobabara.com TOBA Overview 1H18 Performance Update on Power Plant Projects | 1

502 views • 25 slides
The Public Higher Learning in Imperial China Lili Yang (CGHE) Higher Education in China

The Public Higher Learning in Imperial China Lili Yang (CGHE) Higher Education in China

The Public Higher Learning in Imperial China Lili Yang (CGHE) Higher Education in China Rapid development of higher education in China Overall scale Research capacity Table 1. ARWU top 300 universities in Mainland China 8000000

544 views • 22 slides
A Year Abroad in China Christian P. Rivera October 25, 2018 1 Returning After 6 Years Peking

A Year Abroad in China Christian P. Rivera October 25, 2018 1 Returning After 6 Years Peking

A Year Abroad in China Christian P. Rivera October 25, 2018 1 Returning After 6 Years Peking University, 2016 Great Wall, 2010 2 Sights and Culture Heavenly Temple Forbidden City Chinese New Year 3 Food 4 APPs for Everyday USE Pleco

237 views • 12 slides
Reduction in Social Inequalities in Health and the Burden of Disease Supported by the

Reduction in Social Inequalities in Health and the Burden of Disease Supported by the

EEA and Norwegian Financial Mechanisms 2014 2021 Reduction in Social Inequalities in Health and the Burden of Disease Supported by the peoples of Iceland, Liechtenstein and Norway through the EEA Grants Programme Title: EEA and

585 views • 20 slides
MOTIVATIONAL ELEMENTS IN USER INSTRUCTIONS Joyce Karreman User instructions Goal of user

MOTIVATIONAL ELEMENTS IN USER INSTRUCTIONS Joyce Karreman User instructions Goal of user

MOTIVATIONAL ELEMENTS IN USER INSTRUCTIONS Joyce Karreman User instructions Goal of user instructions? Instrumental versus rhetorical discourse. Moore (1997, p.166): Rhetorical communications and salespeople may persuade consumers to buy

460 views • 26 slides
2018 final results 13 March 2019 1 Provident Financial plc 2018 final results Todays

2018 final results 13 March 2019 1 Provident Financial plc 2018 final results Todays

Provident Financial plc Provident Financial plc 2018 final results 2018 final results 13 March 2019 1 Provident Financial plc 2018 final results Todays presentation Highlights and operational progress Malcolm Le May Financial

615 views • 28 slides
Life-cycle environmental and economic assessment of electric vehicle lithium-ion batteries using

Life-cycle environmental and economic assessment of electric vehicle lithium-ion batteries using

Life-cycle environmental and economic assessment of electric vehicle lithium-ion batteries using difgerent recycling methods in a closed loop supply chain Yu Meihan Engineering Laboratory of Energy Conservation and Emission Reduction Data and

755 views • 30 slides
Unpaired Sentiment-to-Sentiment Translation: A Cycled Reinforcement Learning Approach Jingjing

Unpaired Sentiment-to-Sentiment Translation: A Cycled Reinforcement Learning Approach Jingjing

Unpaired Sentiment-to-Sentiment Translation: A Cycled Reinforcement Learning Approach Jingjing Xu, Xu Sun, Qi Zeng, Xuancheng Ren, Xiaodong Zhang, Houfeng Wang, Wenjie Li MOE Key Lab of Computational Linguistics, School of EECS, Peking University

699 views • 34 slides

More recommend