Géant-TrustBroker Project Overview

Similar documents
GÉANT-TrustBroker project overview

Géant-TrustBroker Dynamic inter-federation identity management

Géant-TrustBroker: Dynamic, Scalable Management of SAML-Based Inter-federation Authentication and Authorization Infrastructures

Options for Joining edugain. Lukas Hämmerle, SWITCH DARIAH Workshop, Köln 18 October 2013

Connect. Communicate. Collaborate. GN2 JRA5 update. Jürgen Rauschenbach (DFN), JRA5 team 04/02/08 Marseille. JRA5 Team

REFEDS Minutes, 22 April 2012

Deliverable D14.1 (DJ3.0.1) Report on the Achievements and Recommendations for any Future Work

Topology of Dynamic Metadata Exchange via a Trusted Third Party

Pilots to support guest users solutions

Open Call Deliverable OCJ-DS4.1.1 GÉANT-TrustBroker Implementation with Documentation (GÉANT-TrustBroker)

GÉANT Community Programme

eidas cross-sector interoperability

Community Connection Service for escience. Ronald van der Pol, SURFnet TNC May 2014

DARIAH-AAI. DASISH AAI Meeting. Nijmegen, March 9th,

JRA5: Roaming and Authorisation

SAML2 Metadata Exchange & Tagging

Qualys SAML 2.0 Single Sign-On (SSO) Technical Brief

The AAF - Supporting Greener Collaboration

EAPlab the ultimate EAP testing facility developed within the SENSE project

RCauth.eu / MasterPortal update

SLCS and VASH Service Interoperability of Shibboleth and glite

GÉANT: Supporting R&E Collaboration

2010 Kerberos Conference

FeduShare Update. AuthNZ the SAML way for VOs

GÉANT Time Compendium Project and Service Updates

AARC Overview. Licia Florio, David Groep. 21 Jan presented by David Groep, Nikhef.

Attribute Release Update

Configuration Guide - Single-Sign On for OneDesk

New trends in Identity Management

Identity Harmonisation. Nicole Harris REFEDS Coordinator GÉANT.

The challenges of (non-)openness:

GN2 JRA5: Roaming and Authorisation

GN3 Plus NA3-T3 Greening of ICT Services. Andrew Mackarel GN3+ NA3 T3 15th September 2014 Workshop Budapest

IAM for Workday: How to Embrace an 800 Pound Gorilla. Michael Brogan & Jonathan Pass UW-IT, Identity & Access Management

Higher Education external Attribute Authority. Mihály Héder István Tétényi (MTA SZTAKI) 19-May-2015

Introduction of Identity & Access Management Federation. Motonori Nakamura, NII Japan

Google Auto User Provisioning

Greek Research and Technology Network. Authentication & Authorization Infrastructure. Faidon Liambotis. grnet

Shibboleth Plumbing: Implementation and Architecture

Multi-Domain VPN service, a seamless infrastructure for Regional Network, NRENs and GEANT

Investigating the Recursive InterNetwork Architecture as the next generation GÉANT and NREN network architecture

Add OKTA as an Identity Provider in EAA

Moonshot. Workshop on Federated Identity and (OpenStack) Cloud Services - SWITCH

SAML Metadata Signing gpolicy and Aggregation Practice Statement

Trust and Identity Services an introduction

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

EGI Check-in service. Secure and user-friendly federated authentication and authorisation

SAML-Based SSO Solution

Attribute Release. Contractual Matters

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

Single Logout with the SWITCH edu-id IdP

eduroam und andere Themen in GN2-JRA5

ComponentSpace SAML v2.0 Okta Integration Guide

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014

1. General requirements

AARC. Christos Kanellopoulos AARC Architecture WP Leader GRNET. Authentication and Authorisation for Research and Collaboration

BELNET R&E federation Technical policy

The Future of Indoor Plumbing. Dr Ken Klingenstein Director, Internet2 Middleware and Security

WP JRA1: Architectures for an integrated and interoperable AAI

National R&E Networks: Engines for innovation in research

Integration Documentation. Automated User Provisioning Common Logon, Single Sign On or Federated Identity Local File Repository Space Pinger

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

Extending Services with Federated Identity Management

DARIAH Update. 9th FIM4R Workshop. Vienna, Novemer 30, Peter Gietz, DAASI International GmbH.

Shibboleth authentication for Sync & Share - Lessons learned

Attributes for Apps How mobile Apps can use SAML Authentication and Attributes

INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

ilight/gigapop eduroam Discussion Campus Network Engineering

SAML Admin Guide. Version 1.0

Identity and capability management and federation

National Identity Exchange Federation. Terminology Reference. Version 1.0

Cyber Partnership Blueprint: An Outline

Using Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee

Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...

Sustainability in Federated Identity Services - Global and Local

Liferay Fundamentals Course Overview

GÉANT : e-infrastructure connectivity for the data deluge

TF-WebRTC. 12/15/14 Paris / France. Mihály Mészáros

David Simonsen, Jacob-Steen Madsen, Mads Freek Petersen, Jacob Christiansen WAYF login 1

Authentication in Galaxy : let's use what is out there - (National) Identity Providers

TRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model

Auto-Connect via Dynamic Federation

NRENum.net Update. Rui Ribeiro, FCT FCCN educonf training 13 March, 2014

REFEDS Year End Report 2015

Current Research and Standards for Security Automation An overview of US Government efforts to support and promote security automation

WP3: Policy and Best Practice Harmonisation

SAML-Based SSO Solution

Salesforce External Identity Implementation Guide

PingOne. How to Set Up a PingFederate Connection to the PingOne Dock. Quick Start Guides. Version 1.1 December Created by: Ping Identity Support

What happens...when a current affiliation ends?

CNI Spring Taskforce

GÉANT: A Defense in Depth Approach

Introduction to Identity Management Systems

Managing the lifecycle of XACML delegation policies in federated environments

Attribute Release in SWITCHaai

University of British Columbia Library. Persistent Digital Collections Implementation Plan. Final project report Summary version

The Challenges of User Consent

Authentication in the Cloud. Stefan Seelmann

RESTful Health Exchange (RHEx)

EUDAT- Towards a Global Collaborative Data Infrastructure

Transcription:

Géant-TrustBroker Project Overview Daniela Pöhn 7 th FIM4R meeting Frascati, Italy April 24 th, 2014

Géant-TrustBroker [GNTB]: The basic idea Our goal (SP perspective): SPs connected to user s identity provider (IDP) Independent of federation borders Establishing technical trust and configuration Without involving manual setup work by SP and IDP admins 2

Géant-TrustBroker [GNTB]: The basic idea More technical: GNTB facilitates the user-triggered, on-demand exchange of IDP and SP metadata as basis for SAML-based AuthNZ GNTB therefore complements existing NREN and community federations inter-federations (e.g., edugain) GNTB will automate the setup of IDP-SP communication including user attribute conversion excluding organizational aspects GNTB will extend Shibboleth by IDP/SP plugins in order to integrate the central metadata repository automatically use attribute conversion rules update the configurations of IDPs/SPs 3

Background: Where are we today without GNTB? Current situation: Two types of federations: National federations operated by NRENs Community federations operated by research communities / projects The resulting problem: SP and the user s IDP need to be members of the same federation (or inter-federation) 4

Background: Where are we today without GNTB? Current situation: edugain approach: federation-of-federations-style inter-federation Issues: Additional contracts increase the overall complexity. Inter-federation schema is only the common denominator of NREN federations SPs may not get all required attributes Set up technical stuff, e.g., attribute filters/release policies, manually. IDPs have to trust SPs SPs might not get all required attributes 5

Géant-TrustBroker s scope GNTB is a metadata registry: SPs and IDPs upload their metadata. a user attribute conversion rule repository: conversion rules can be shared and re-used by other IDPs. a virtual IDP and SP: The GNTB workflow seamlessly integrates into standard SAML workflows to connect SPs and IDPs on demand. 6

Géant-TrustBroker s scope GNTB automates the technical setup of IDP-SP communication as far as possible. GNTB does not handle organizational aspects, such as the demand for written contracts with commercial SPs. edugain and GNTB complement each other: edugain is the organizationally profound, long-term solution GNTB allows for the quick setup of all technical aspects 7

Géant-TrustBroker s workflow GNTB workflows: Management workflows: IDP/SP metadata conversion rules Core workflow: technical trust establishment 8

The GNTB project GN3+ Open Call project (10/2013 03/2015) Internet-Draft to IETF in summer 2014 Shibboleth-based prototype Pilot operations hopefully start early 2015 9

The GNTB project A milestone document describing GNTB s technical workflows available on the GN intranet. Presenting GNTB at TNC2014 GNTB includes some more features, such as AccountChooser functionality. May be interesting for other use cases, e.g., rapid provisioning. Please contact us or check out the GNTB documents for details. 10

For more details, please see the documents published on TrustBroker s Géant Intranet website: https://intranet.geant.net/jra0/geant-trustbroker To contact the project team, please email geant-trustbroker@lists.lrz.de www.geant.net www.twitter.com/geantnews www.facebook.com/geantnetwork www.youtube.com/geanttv 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback