RCauth.eu / MasterPortal update
|
|
|
- Lenard Atkins
- 5 years ago
- Views:
Transcription
1 RCauth.eu / MasterPortal update Mischa Sallé msalle@nikhef.nl 5 th AARC face-to-face meeting, Aθηνα 21 March 2017 Mischa Sallé (Nikhef) 1 / 11
2 Reminder of motivation Access to X.509 resources made easy 1 Science Gateway scenario (browser-central) need simple api to get user certificates Compared to US Europe decentralized/multi-federated: need layered setup intermediaries: MasterPortals between central CA and O(many) science gateways similar position as IdP/SP proxies in einfras/researchinfras 1 Introduction Mischa Sallé (Nikhef) 2 / 11
3 Ingredients Single RCauth.eu single, fully IGTF accredited online CA edugain + R&S + Sirtfi Few Master Portals Scalable trust model Handling the complexity (end-entity-cert to proxy-cert) Caches the credentials VOMS integration Many Science gateways / VO portals Easy integration using OIDC authz flows access Architecture Mischa Sallé (Nikhef) 3 / 11
4 Architecture Architecture Mischa Sallé (Nikhef) 4 / 11
5 Software status Use new upstream code, now (also) on github (used both in MasterPortal and RCauth.eu itself) Upstream has improved OIDC support (towards CIlogon-2) signed id token /.well-known/openid-configuration Generic MasterPortal ansible scripts now also on github Status update Mischa Sallé (Nikhef) 5 / 11
6 Sustainability & Support Software support: Try to push back our patches joint RCauth proposal (EGI, EUDAT, GÉANT...?): e.g. HA setups Integration Master Portals (next slides) Training in AARC2? Status update Mischa Sallé (Nikhef) 6 / 11
7 Position in the Blue Print Architecture R Reputation Service AA: OTHER AA: OIDC AA:SAML Step up AuthN SAML SP X.509 SP National federations (edugain) OIDC SP OAuth2 SP Authenticated User X.509 OIDC SAML SAML X.509 Other SP X.509 OIDC Token Translation Service OIDC OAuth2 SAML NonWeb Other Other Social ID Other Other egovid Other AARC Blueprint Architecture User Unauthenticated User Authenticated User Authorisation Information Flow Attribute Information Flow User Identitiy User Attribute Services Identity Access Management Authorisation "Proxy" Community Authorisation Policy Repository End Services Attribute Authorities Status update Mischa Sallé (Nikhef) 7 / 11
8 Infrastructure integration (MasterPortals) MasterPortal TTS, close to or inside IdP/SP proxy Infra Integrations (order of appearance): ELIXIR is running our implementation of a MasterPortal EGI is also running our implementation: next to CheckIn, looking e.g. at HA INDIGO is integrating MasterPortal within WaTTS 2 EUDAT is testing our implementation, considering integration within Unity-IdM 3 PRACE: ongoing discussions, need to look at the use-cases. 2 Demo/talk Uros 3 Demo from Shiraz/Nicolas Status update Mischa Sallé (Nikhef) 8 / 11
9 VOMS integration MasterPortal can already return VOMS proxies, but user must be provisioned Need user attributes, but also DN IdP/SP proxy is ideal location acting as OIDC client to RCauth (like a MasterPortal) get cert subject dn VOMS proxy: create e.g. a COmanage plugin useful discussions and planning with Benn, Peter, Nicolas at plugfest basic provisioning/deprovisioning plugin planned soon (before end AARC1?) no changes needed to existing VOMS servers, but do need VO-admin mapping of e.g. Role is not yet fully clear Status update Mischa Sallé (Nikhef) 9 / 11
10 Open issue: account linking How to deal with multiple identities in RCauth? (Different IdP gives different DN: epuid DN token translation) could link DNs at every SP (bad) could link DNs inside VOMS (ok but depends on how) could link all epuids (or similar) in central IdP/SP proxy: use preferred IdP as default idphint for RCauth can do VOMS provisioning for all identities alternative: linking in MasterPortal: idphint-per-user list multiple identities are known and sufficient for returning proxy cert but one is preferred and used for end-entity cert creation Status update Mischa Sallé (Nikhef) 10 / 11
11 Some References Demos: me your RCauth DN for provisioning into rcdemo.aarc-project.eu test VO Blog post: Our setup: also contains links to CIlogon code, MyProxy protocol etc. Pilot ICA 1 (e.g. CP/CPS): VOMS: e.g. Status update Mischa Sallé (Nikhef) 11 / 11
12 More open issues Need IOTA support on production X.509 resources: compute: EMI: LCMAPS ok, Argus unofficially ok, ARC: needs to implement storage: dcache partially, DPM needs to implement Might need support for OIDC IdPs at central RCauth CA Mischa Sallé (Nikhef) 12 / 11
SA1 CILogon pilot - motivation and setup
SA1 CILogon pilot - motivation and setup Tamas Balogh & Mischa Sallé tamasb@nikhef.nl msalle@nikhef.nl AARC General Meeting, Milan 4 November 2015 Tamas Balogh & Mischa Sallé (Nikhef) 1 / 11 Outline 1
Deliverable DSA1.4: Pilots to improve access to R&E-relevant resources
07-05-2017 : Deliverable: DSA1.4 Contractual Date: 31-03-2017 Actual Date: 07-05-2017 Grant Agreement No.: 653965 Work Package: SA1 Task Item: Task 3 Lead Partner: PSNC Document Code: DSA1.4 Authors: M.
Guidelines on non-browser access
Published Date: 13-06-2017 Revision: 1.0 Work Package: Document Code: Document URL: JRA1 AARC-JRA1.4F https://aarc-project.eu/wp-content/uploads/2017/03/aarc-jra1.4f.pdf 1 Table of Contents 1 Introduction
Best practices and recommendations for attribute translation from federated authentication to X.509 credentials
Best practices and recommendations for attribute translation from federated authentication to X.509 credentials Published Date: 13-06-2017 Revision: 1.0 Work Package: Document Code: Document URL: JRA1
EGI Check-in service. Secure and user-friendly federated authentication and authorisation
EGI Check-in service Secure and user-friendly federated authentication and authorisation EGI Check-in Secure and user-friendly federated authentication and authorisation Check-in provides a reliable and
The EGI AAI CheckIn Service
The EGI AAI CheckIn Service Kostas Koumantaros- GRNET On behalf of EGI-Engage JRA1.1 www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number
AARC. Christos Kanellopoulos AARC Architecture WP Leader GRNET. Authentication and Authorisation for Research and Collaboration
Authentication and Authorisation for Research and Collaboration AARC Christos Kanellopoulos AARC Architecture WP Leader GRNET Open Day Event: Towards the European Open Science Cloud January 20, 2016 AARC
2. HDF AAI Meeting -- Demo Slides
2. HDF AAI Meeting -- Demo Slides Steinbuch Centre for Computing Marcus Hardt KIT University of the State of Baden-Wuerttemberg and National Research Center of the Helmholtz Association www.kit.edu Introduction
Recommendations on the grouping of entities and their deployment mechanisms in scalable policy negotiation
30-04-2017 entities and their deployment mechanisms in scalable policy negotiation Deliverable DNA3.4 Contractual Date: 30-04-2017 Actual Date: 30-04-2017 Grant Agreement No.: 653965 Work Package: Task
AARC Blueprint Architecture
AARC Blueprint Architecture Published Date: 18-04-2017 Revision: 1.0 Work Package: Document Code: Document URL: JRA1 AARC-BPA-2017 https://aarc-project.eu/blueprint-architecture AARC Blueprint Architecture
WP JRA1: Architectures for an integrated and interoperable AAI
Authentication and Authorisation for Research and Collaboration WP JRA1: Architectures for an integrated and interoperable AAI Christos Kanellopoulos Agenda Structure and administrative matters Objectives
Deliverable DJRA1.1. Use-Cases for Interoperable Cross- Infrastructure AAI
20-09-2018 Deliverable DJRA1.1 Contractual Date: 28-02-2018 Actual Date: 220-09-2018 Grant Agreement No.: 653965 Work Package: JRA1 Task Item: 1.1 Lead Partner: EGI Authors: Diego Scardaci (EGI Foundation),
INDIGO-Datacloud Identity and Access Management Service
INDIGO-Datacloud Identity and Access Management Service RIA-653549 Presented by Andrea Ceccanti (INFN) andrea.ceccanti@cnaf.infn.it WLCG AuthZ WG Meeting Dec, 14th 2017 IAM overview INDIGO IAM The Identity
WP3: Policy and Best Practice Harmonisation
Authentication and Authorisation for Research and Collaboration WP3: Policy and Best Practice Harmonisation David Groep AARC2 2018 AL/TL meeting 12-13 September, 2018 Amsterdam 0.4 Policy and best practice
INDIGO AAI An overview and status update!
RIA-653549 INDIGO DataCloud INDIGO AAI An overview and status update! Andrea Ceccanti (INFN) on behalf of the INDIGO AAI Task Force! indigo-aai-tf@lists.indigo-datacloud.org INDIGO Datacloud An H2020 project
EGI AAI Platform Architecture and Roadmap
EGI AAI Platform Architecture and Roadmap Christos Kanellopoulos - GRNET Nicolas Liampotis - GRNET On behalf of EGI-Engage JRA1.1 www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme
The challenges of (non-)openness:
The challenges of (non-)openness: Trust and Identity in Research and Education. DEI 2018, Zagreb, April 2018 Ann Harding, SWITCH/GEANT @hardingar Who am I? Why am I here? Medieval History, Computer Science
Policy and Best Practice Harmonisation ( NA3 ) from the present to the future
Authentication and Authorisation for Research and Collaboration Policy and Best Practice Harmonisation ( NA3 ) from the present to the future David Groep NA3 activity coordinator Nikhef AARC2 Kick-Off
Evolving the trust fabric with AARC and EGI
Authentication and Authorisation for Research and Collaboration Evolving the trust fabric with AARC and EGI The AARC CILogon pilot and redistributed responsibility David Groep AARC NA3 Activity Lead Nikhef,
AARC Overview. Licia Florio, David Groep. 21 Jan presented by David Groep, Nikhef.
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef AARC? Authentication and Authorisation for Research and Collaboration support the collaboration model across institutional
Higher Education external Attribute Authority. Mihály Héder István Tétényi (MTA SZTAKI) 19-May-2015
Higher Education external Attribute Authority Mihály Héder István Tétényi (MTA SZTAKI) 19-May-2015 Problems in Collaboration Problems in Collaboration Problems in Collaboration Why we need Attribute Authorities?
Can R&E federations trust Research Infrastructures? - The Snctfi Trust Framework
Can R&E federations trust Research Infrastructures? - The Snctfi Trust Framework 1a, David Groep b, Licia Florio c, Christos Kanellopoulos c, Mikael Linden d, Ian Neilson a, Stefan Paetow e, Wolfgang Pempe
Scalable Negotiator for a Community Trust Framework in Federated Infrastructures (Snctfi)
Scalable Negotiator for a Community Trust Framework in Federated Infrastructures (Snctfi) Licia Florio (GÉANT), David Groep (Nikhef), Christos Kanellopoulos (GÉANT), David Kelsey (STFC), Mikael Linden
Federated Authentication with Web Services Clients
Federated Authentication with Web Services Clients in the context of SAML based AAI federations Thomas Lenggenhager thomas.lenggenhager@switch.ch Mannheim, 8. March 2011 Overview SAML n-tier Delegation
EGI-InSPIRE. GridCertLib Shibboleth authentication for X.509 certificates and Grid proxies. Sergio Maffioletti
EGI-InSPIRE GridCertLib Shibboleth authentication for X.509 certificates and Grid proxies Sergio Maffioletti Grid Computing Competence Centre, University of Zurich http://www.gc3.uzh.ch/
Goal. TeraGrid. Challenges. Federated Login to TeraGrid
Goal Federated Login to Jim Basney Terry Fleury Von Welch Enable researchers to use the authentication method of their home organization for access to Researchers don t need to use -specific credentials
SLCS and VASH Service Interoperability of Shibboleth and glite
SLCS and VASH Service Interoperability of Shibboleth and glite Christoph Witzig, SWITCH (witzig@switch.ch) www.eu-egee.org NREN Grid Workshop Nov 30th, 2007 - Malaga EGEE and glite are registered trademarks
AAI in EGI Current status
AAI in EGI Current status Peter Solagna EGI.eu Operations Manager www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 User authentication
Pilots to support guest users solutions
08-12-2016 Deliverable DSA1.1 Contractual Date: 31-07-2016 Actual Date: 08-12-2016 Grant Agreement No.: 653965 Work Package: SA1 Task Item: SA1.1 Pilot on Guest Identities Partner: GARR Document Code:
In Section 4 we discuss the proposed architecture and analyse how it can match the identified 2
AARC: First draft of the Blueprint Architecture for Authentication and Authorisation Infrastructures A. Biancini 12, L. Florio 1, M. Haase 2, M. Hardt 3, M. Jankowsi 13, J. Jensen 4, C. Kanellopoulos 5,
DARIAH Update. 9th FIM4R Workshop. Vienna, Novemer 30, Peter Gietz, DAASI International GmbH.
DARIAH Update 9th FIM4R Workshop Vienna, Novemer 30, 2015 Peter Gietz, DAASI International GmbH www.dariah.eu What is DARIAH? DARIAH: Digital Research Infrastructure for the Arts and Humanities One of
Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)
Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML) 1. Overview This document is intended to guide users on how to integrate their institution s Dell Cloud Access Manager
Best Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,
Best Practices: Authentication & Authorization Infrastructure Massimo Benini HPCAC - April, 03 2019 Agenda - Common Vocabulary - Keycloak Overview - OAUTH2 and OIDC - Microservices Auth/Authz techniques
EUDAT. Towards a pan-european Collaborative Data Infrastructure
EUDAT Towards a pan-european Collaborative Data Infrastructure Giuseppe Fiameni (g.fiameni@cineca.it) Claudio Cacciari SuperComputing, Application and Innovation CINECA Johannes Reatz RZG, Germany Damien
EUDAT - Open Data Services for Research
EUDAT - Open Data Services for Research Johannes Reetz EUDAT operations Max Planck Computing & Data Centre Science Operations Workshop 2015 ESO, Garching 24-27th November 2015 EUDAT receives funding from
Management der Virtuellen Organisation DARIAH im Rahmen von Shibboleth- basierten Föderationen. 58. DFN- Betriebstagung, Berlin, 12.3.
Management der Virtuellen Organisation DARIAH im Rahmen von Shibboleth- basierten Föderationen 58. DFN- Betriebstagung, Berlin, 12.3.2013 Peter Gietz, DAASI International GmbH DARIAH EU VCC 1 e-infrastructure
Moonshot. Workshop on Federated Identity and (OpenStack) Cloud Services - SWITCH
Moonshot Workshop on Federated Identity and (OpenStack) Cloud Services - SWITCH 2 ABFAB - Federated access beyond web Why?» You ve heard of eduroam Federated network access» You ve heard of Shibboleth,
Beyond X.509: Token-based Authentication and Authorization with the INDIGO Identity and Access Management Service
Beyond X.509: Token-based Authentication and Authorization with the INDIGO Identity and Access Management Service Andrea Ceccanti andrea.ceccanti@cnaf.infn.it Workshop CCR Rimini, June 12th 2018 INDIGO
DARIAH-AAI. DASISH AAI Meeting. Nijmegen, March 9th,
DARIAH-AAI DASISH AAI Meeting Nijmegen, March 9th, 2014 www.dariah.eu What is DARIAH? DARIAH: Digital Research Infrastructure for the Arts and Humanities One of the few ESFRI research infrastructures for
ArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
Authentication & Authorization systems developed for CTA
Authentication & Authorization systems developed for CTA Mathieu Servillat Observatoire de Paris Paris Astronomical Data Centre IVOA Cape Town meeting 1 Context: the CTA Science Gateway @ David Sanchez,
GÉANT Community Programme
GÉANT Community Programme Building the community Klaas Wierenga Chief Community Support Officer GÉANT Information day, Tirana, 5 th April 1 Membership Association = very large community to serve GÉANT
INDIGO-DataCloud Architectural Overview
INDIGO-DataCloud Architectural Overview RIA-653549 Giacinto Donvito (INFN) INDIGO-DataCloud Technical Director 1 st INDIGO-DataCloud Periodic Review Bologna, 7-8 November 2016 Outline General approach
Géant-TrustBroker Project Overview
Géant-TrustBroker Project Overview Daniela Pöhn 7 th FIM4R meeting Frascati, Italy April 24 th, 2014 Géant-TrustBroker [GNTB]: The basic idea Our goal (SP perspective): SPs connected to user s identity
Géant-TrustBroker Dynamic inter-federation identity management
Géant-TrustBroker Dynamic inter-federation identity management Daniela Pöhn TNC2014 Dublin, Ireland May 19 th, 2014 Agenda Introduction Motivation GNTB Overview GNTB in Details Workflow Initiation of GNTB
Integrating YuJa Active Learning into Google Apps via SAML
Integrating YuJa Active Learning into Google Apps via SAML 1. Overview This document is intended to guide users on how to integrate YuJa as a Service Provider (SP) using Google as the Identity Provider
Introduction to SciTokens
Introduction to SciTokens Brian Bockelman, On Behalf of the SciTokens Team https://scitokens.org This material is based upon work supported by the National Science Foundation under Grant No. 1738962. Any
SELF SERVICE INTERFACE CODE OF CONNECTION
SELF SERVICE INTERFACE CODE OF CONNECTION Definitions SSI Administration User Identity Management System Identity Provider Service Policy Enforcement Point (or PEP) SAML Security Patch Smart Card Token
irods Security Aspects Willem Elbers CLARIN-ERIC, Netherlands
irods Security Aspects Willem Elbers CLARIN-ERIC, Netherlands Utrecht,28-29 April 2014 Contents Client / Server connections Authentication Within Zone Across Zone Authorization EUDAT B2ACCESS Client /
Google SAML Integration
YuJa Enterprise Video Platform Google SAML Integration Overview This document is intended to guide users on how to integrate the YuJa Enterprise Video Platform as a Service Provider (SP) using Google as
User Management. Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, September 25 th 2017
User Management Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, September 25 th 2017 Agenda Introduction User Management Federation Objectives 1 Introduction NextGEOSS High-Level Architecture DataHub harvest
LCG User Registration & VO management
LCG User Registration & VO management Spring HEPiX Edinburgh 1Maria Dimou- cern-it-gd Presentation Outline Why is LCG Registration worth talking about. How do we register users today. What needs to be
openid connect all the things
openid connect all the things @pquerna CTO, ScaleFT CoreOS Fest 2017-2017-07-01 Problem - More Client Devices per-human - Many Cloud Accounts - More Apps: yay k8s - More Distributed Teams - VPNs aren
ShibVomGSite: A Framework for Providing Username and Password Support to GridSite with Attribute based Authorization using Shibboleth and VOMS
ShibVomGSite: A Framework for Providing Username and Password Support to GridSite with Attribute based Authorization using Shibboleth and VOMS Joseph Olufemi Dada & Andrew McNab School of Physics and Astronomy,
Warm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
Challenges in Authenticationand Identity Management
Sep 05 ISEC INFOSECURITY TOUR 2017 05.09.2017, Buenos Aires, Argentina Challenges in Authenticationand Identity Management CAMINANTE NO HAY CAMINO, SE HACE CAMINO AL ANDAR 2016 SecurIT Who is MerStar?
Integrating Federations in the International Grid Trust Fabric
Integrating Federations in the International Grid Trust Fabric David Groep Nikhef Dutch national institute for sub-atomic physics Grids, Eduroam, Federations Different terms, same issues How to provide
globus online Globus Nexus Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory
globus online Globus Nexus Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory Computation Institute (CI) Apply to challenging problems Accelerate by building the research
Grid Authentication and Authorisation Issues. Ákos Frohner at CERN
Grid Authentication and Authorisation Issues Ákos Frohner at CERN Overview Setting the scene: requirements Old style authorisation: DN based gridmap-files Overview of the EDG components VO user management:
FeduShare Update. AuthNZ the SAML way for VOs
FeduShare Update AuthNZ the SAML way for VOs FeduShare Goals: Provide transparent sharing of campus resources in support of (multiinstitutional) collaboration Support both HTTP and non-web access using
Identity Management In Red Hat Enterprise Linux. Dave Sirrine Solutions Architect
Identity Management In Red Hat Enterprise Linux Dave Sirrine Solutions Architect Agenda Goals of the Presentation 2 Identity Management problem space What Red Hat Identity Management solution is about?
LionShare: A Hybrid Secure Network for Academic Collaboration. Michael J. Halm, Marek Hatala, Derek Morr and Alex Valentine
LionShare: A Hybrid Secure Network for Academic Collaboration Michael J. Halm, Marek Hatala, Derek Morr and Alex Valentine Presentation Overview Brief LionShare Overview LionShare Security Overview Connecting
A Simplified Access to Grid Resources for Virtual Research Communities
Consorzio COMETA - Progetto PI2S2 UNIONE EUROPEA A Simplified Access to Grid Resources for Virtual Research Communities Roberto BARBERA (1-3), Marco FARGETTA (3,*) and Riccardo ROTONDO (2) (1) Department
Configuration Guide - Single-Sign On for OneDesk
Configuration Guide - Single-Sign On for OneDesk Introduction Single Sign On (SSO) is a user authentication process that allows a user to access different services and applications across IT systems and
TCS SAML demo background
TCS SAML demo background https://www.digicert.com/sso David Groep TCS PMA and Nikhef TCS TNC2015 Workshop June 16, 2015 SAML Issuance via the DigiCert SSO portal Graphic courtesy Jan Meijer, Uninett, 2009(!)
Configuring Single Sign-on from the VMware Identity Manager Service to Marketo
Configuring Single Sign-on from the VMware Identity Manager Service to Marketo VMware Identity Manager JANUARY 2016 V1 Configuring Single Sign-On from VMware Identity Manager to Marketo Table of Contents
Introducing Shibboleth. Sebastian Rieger
Introducing Shibboleth Sebastian Rieger sebastian.rieger@gwdg.de Gesellschaft für wissenschaftliche Datenverarbeitung mbh Göttingen, Germany CLARIN AAI Hands On Workshop, 25.02.2009, Oxford eresearch Center
CIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products
CIAM: Need for Identity Governance & Assurance Yash Prakash VP of Products Key Tenets of CIAM Solution Empower consumers, CSRs & administrators Scale to millions of entities, cloud based service Security
APM Proxy with Workspace One
INTEGRATION GUIDE APM Proxy with Workspace One 1 Version History Date Version Author Description Compatible Versions Mar 2018 1.0 Matt Mabis Initial Document VMware Identity Manager 3.2.x and Above (1)
Federated Identities and Services: the CHAIN-REDS vision
Co-ordination & Harmonisation of Advanced e-infrastructures for Research and Education Data Sharing Federated Identities and Services: the CHAIN-REDS vision Federico Ruggieri, GARR/INFN Joint CHAIN-REDS/ELCIRA
Configuring Single Sign-on from the VMware Identity Manager Service to Trumba
Configuring Single Sign-on from the VMware Identity Manager Service to Trumba VMware Identity Manager JULY 2016 V1 Table of Contents Overview... 2 Adding Trumba to VMware Identity Manager Catalog... 2
Globus Online: File Transfer Made Easy!
Globus Online: File Transfer Made Easy! Matteo Lanati matteo.lanati@lrz.de Initiative for Globus in Europe Leibniz Supercomputing Centre Outline Introduction and acknowledgments Motivation Demo session
ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith
ArcGIS Enterprise Security: An Introduction Gregory Ponto & Jeff Smith Agenda ArcGIS Enterprise Security Model Portal for ArcGIS Authentication Authorization Building the Enterprise Encryption Collaboration
Sirtfi for Security Incidents in a Federated Context. Tom Barton, UChicago & Internet2
Sirtfi for Security Incidents in a Federated Context Tom Barton, UChicago & Internet2 1 The Whole Elephant Recall why compromises on campus should be reported to the campus IT security team They determine
Federated Services and Data Management in PRACE
Federated Services and Data Management in PRACE G. Erbacci, (CINECA and PRACE) Collaborative Services for e-infrastructure Commons e-irg Workshop, Bratislava 15-16 November 2016 Partnership for Advanced
ForgeRock Access Management Core Concepts AM-400 Course Description. Revision B
ForgeRock Access Management Core Concepts AM-400 Course Description Revision B ForgeRock Access Management Core Concepts AM-400 Description This structured course comprises a mix of instructor-led lessons
SAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
DSIT WP1 WP2. Federated AAI and Federated Storage Report for the Autumn 2014 All Hands Meeting
DSIT WP1 WP2 Federated AAI and Federated Storage Report for the Autumn 2014 All Hands Meeting Content WP1 GSI: GSI Web Services accessible via IdP credentials GSI: Plan to integrate with UNITY (setting
Identity Harmonisation. Nicole Harris REFEDS Coordinator GÉANT.
Identity Harmonisation Nicole Harris REFEDS Coordinator GÉANT http://www.aaiedu.hr/dan2015.html the voice that articulates the mutual needs of research and education identity federations worldwide refeds.org
Administering Jive Mobile Apps
Administering Jive Mobile Apps Contents 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios... 3 Custom App Wrapping for ios... 4 Native App Caching: Android...4 Native App
Connect. Communicate. Collaborate. GN2 JRA5 update. Jürgen Rauschenbach (DFN), JRA5 team 04/02/08 Marseille. JRA5 Team
GN2 JRA5 update Jürgen Rauschenbach (DFN), JRA5 team 04/02/08 Marseille eduroam Working on the eduroam database and a new dissemination look (maps) RadSec release 1.0 Beta is out - reasonable stable and
Integrating the YuJa Enterprise Video Platform with ADFS (SAML)
Integrating the YuJa Enterprise Video Platform with ADFS (SAML) Overview This document is intended to guide users on how to setup a secure connection between the YuJa Enterprise Video Platform referred
Securing ArcGIS for Server. David Cordes, Raj Padmanabhan
Securing ArcGIS for Server David Cordes, Raj Padmanabhan Agenda Security in the context of ArcGIS for Server User and Role Considerations Identity Stores Authentication Securing web services Protecting
Identity Provider for SAP Single Sign-On and SAP Identity Management
Implementation Guide Document Version: 1.0 2017-05-15 PUBLIC Identity Provider for SAP Single Sign-On and SAP Identity Management Content 1....4 1.1 What is SAML 2.0.... 5 SSO with SAML 2.0.... 6 SLO with
CILogon Project
CILogon Project GlobusWORLD 2010 Jim Basney jbasney@illinois.edu National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by
O365 Solutions. Three Phase Approach. Page 1 34
O365 Solutions Three Phase Approach msfttechteam@f5.com Page 1 34 Contents Use Cases... 2 Use Case One Advanced Traffic Management for WAP and ADFS farms... 2 Use Case Two BIG-IP with ADFS-PIP... 3 Phase
Federated Services for Scientists Thursday, December 9, p.m. EST
IAM Online Federated Services for Scientists Thursday, December 9, 2010 1 p.m. EST Rachana Ananthakrishnan Argonne National Laboratory & University of Chicago Jim Basney National Center for Supercomputing
SafeNet Authentication Manager
SafeNet Authentication Manager INTEGRATION GUIDE Using SAM as an Identity Provider for Remedyforce Contents Support Contacts... 2 Description... 3 Single Sign-On Dataflow... 3 Configuring SAM as an Identity
VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1
VMware Workspace ONE Quick Configuration Guide VMware AirWatch 9.1 A P R I L 2 0 1 7 V 2 Revision Table The following table lists revisions to this guide since the April 2017 release Date April 2017 June
eidas cross-sector interoperability
eidas cross-sector interoperability Christos Kanellopoulos GRNET edugain SG October 13 th, 2016 Background information 2013 - STORK-2 collaboration (GN3Plus) 2014-07 Adoption of the eidas Regulation 2014-09
GN2 JRA5: Roaming and Authorisation
GN2 JRA5: Roaming and Authorisation Jürgen Rauschenbach, DFN TF-NGN Athens 03/11/05 Introduction JRA5 builds a European Roaming Infrastructure (eduroamng) taking into account existing experience from the
Authentication for Virtual Organizations: From Passwords to X509, Identity Federation and GridShib BRIITE Meeting Salk Institute, La Jolla CA.
Authentication for Virtual Organizations: From Passwords to X509, Identity Federation and GridShib BRIITE Meeting Salk Institute, La Jolla CA. November 3th, 2005 Von Welch vwelch@ncsa.uiuc.edu Outline
Access Manager Appliance 4.4 Service Pack 2 Release Notes
Access Manager Appliance 4.4 Service Pack 2 Release Notes June 2018 Access Manager Appliance 4.4 Service Pack (4.4.2) includes enhancements, improves usability, and resolves several previous issues. Many
Integrating YuJa Active Learning with ADFS (SAML)
Integrating YuJa Active Learning with ADFS (SAML) 1. Overview This document is intended to guide users on how to setup a secure connection between the YuJa Active Learning Platform referred to as the Service
Distributing Secrets. Securely? Simo Sorce. Presented by. Red Hat, Inc.
Distributing Secrets Securely? Presented by Simo Sorce Red Hat, Inc. Flock 2015 Historically Monolithic applications on single servers potentially hooked to a central authentication system. Idm Distributing
education federation CUC 2005, Dubrovnik High-quality Internet for higher education and research
eduroam: towards a pan-european research and education federation CUC 2005, Dubrovnik Klaas.Wierenga@surfnet.nl Contents Introduction to federations Federations for education Network access: eduroam Application
IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.
IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS VMware Identity Manager February 2017 V1 1 2 Table of Contents Overview... 5 Benefits of BIG-IP APM and Identity
TextExpander Okta SCIM Configuration
TextExpander Okta SCIM Configuration This integration with Okta is currently available to customers. Contact TextExpander support to learn more. http://smle.us/support Supported Features TextExpander supports
dcache: challenges and opportunities when growing into new communities Paul Millar on behalf of the dcache team
dcache: challenges and opportunities when growing into new Paul Millar communities on behalf of the dcache team EMI is partially funded by the European Commission under Grant Agreement RI-261611 Orientation:
The SciTokens Authorization Model: JSON Web Tokens & OAuth
The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney Brian Bockelman This material is based upon work supported by the National Science