Management der Virtuellen Organisation DARIAH im Rahmen von Shibboleth- basierten Föderationen. 58. DFN- Betriebstagung, Berlin, 12.3.

Similar documents
DARIAH Update. 9th FIM4R Workshop. Vienna, Novemer 30, Peter Gietz, DAASI International GmbH.

DARIAH-AAI. DASISH AAI Meeting. Nijmegen, March 9th,

Annual Report 2011 DARIAH- EU Coordination Office Spring 2012

New trends in Identity Management

2. HDF AAI Meeting -- Demo Slides

The EGI AAI CheckIn Service

Options for Joining edugain. Lukas Hämmerle, SWITCH DARIAH Workshop, Köln 18 October 2013

Attribute Release. Contractual Matters

Next-Generation Identity Federations. Andreas Åkre Solberg

EUDAT & AAI. Daan Broeder MPI for Psycholinguistics

EGI Check-in service. Secure and user-friendly federated authentication and authorisation

WP JRA1: Architectures for an integrated and interoperable AAI

Attributes for Apps How mobile Apps can use SAML Authentication and Attributes

Introduction of Identity & Access Management Federation. Motonori Nakamura, NII Japan

Best Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,

Goal. TeraGrid. Challenges. Federated Login to TeraGrid

The AAF - Supporting Greener Collaboration

EGI-InSPIRE. GridCertLib Shibboleth authentication for X.509 certificates and Grid proxies. Sergio Maffioletti

INDIGO-Datacloud Identity and Access Management Service

EUDAT. Towards a pan-european Collaborative Data Infrastructure

Shibboleth authentication for Sync & Share - Lessons learned

CLARIN s central infrastructure. Dieter Van Uytvanck CLARIN-PLUS Tools & Services Workshop 2 June 2016 Vienna

RCauth.eu / MasterPortal update

AARC Blueprint Architecture

Federated access to e-infrastructures worldwide

EGI federated e-infrastructure, a building block for the Open Science Commons

Pilots to support guest users solutions

INDIGO AAI An overview and status update!

Best practices and recommendations for attribute translation from federated authentication to X.509 credentials

FeduShare Update. AuthNZ the SAML way for VOs

Introducing Shibboleth. Sebastian Rieger

bwsync&share: A cloud solution for academia in the state of Baden-Württemberg

AARC Overview. Licia Florio, David Groep. 21 Jan presented by David Groep, Nikhef.

Deliverable DSA1.4: Pilots to improve access to R&E-relevant resources

This talk aims to introduce the Shibboleth web authentication/authorization framework and its intended deployment in the UK academic community and

Géant-TrustBroker Dynamic inter-federation identity management

EGI AAI Platform Architecture and Roadmap

EUREKA European Network in international R&D Cooperation

Developing a social science data platform. Ron Dekker Director CESSDA

AAI in EGI Current status

Deliverable DJRA1.1. Use-Cases for Interoperable Cross- Infrastructure AAI

EUDAT - Open Data Services for Research

Deliverable D3.5 Harmonised e-authentication architecture in collaboration with STORK platform (M40) ATTPS. Achieving The Trust Paradigm Shift

LionShare: A Hybrid Secure Network for Academic Collaboration. Michael J. Halm, Marek Hatala, Derek Morr and Alex Valentine

Coupled Computing and Data Analytics to support Science EGI Viewpoint Yannick Legré, EGI.eu Director

Authentication & Authorization systems developed for CTA

Using Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee

Joining forces to fight botnets. Dan Tofan Head of the Technical Division CERT-RO 17/02/2014

User Management. Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, September 25 th 2017

irods Security Aspects Willem Elbers CLARIN-ERIC, Netherlands

Canadian Access Federation: Trust Assertion Document (TAD)

Service withdrawal: Selected IBM ServicePac offerings

The Challenges of User Consent

A Simplified Access to Grid Resources for Virtual Research Communities

SAML-Based SSO Solution

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Federated Authentication with Web Services Clients

EUDAT. Towards a Collaborative Data Infrastructure. Ari Lukkarinen CSC-IT Center for Science, Finland NORDUnet 2012 Oslo, 18 August 2012

The challenges of (non-)openness:

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD)

SAML-Based SSO Solution

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD)

Networking European Digital Repositories

Can R&E federations trust Research Infrastructures? - The Snctfi Trust Framework

EUDAT and Cloud Services

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD)

ISA 767, Secure Electronic Commerce Xinwen Zhang, George Mason University

Networking European Digital Repositories

The Future of Indoor Plumbing. Dr Ken Klingenstein Director, Internet2 Middleware and Security

Integrating Identity Management Aspirations and Issues

Greek Research and Technology Network. Authentication & Authorization Infrastructure. Faidon Liambotis. grnet

Oman Research & Education Network (OMREN)

Now SAML takes it all:

globus online Globus Nexus Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory

Facilitating the Attribute Economy. David W Chadwick George Inman, Kristy Siu 2011 University of Kent

Analysis of the Interoperability Possibilities of Implemented Governmental e-services EU15

Diamond Moonshot Pilot Participation

1. Federation Participant Information DRAFT

STORK Secure Identity Across Borders Linked

HPC IN EUROPE. Organisation of public HPC resources

From The European Library to The European Digital Library. Jill Cousins Inforum, Prague, May 2007

ORCID UPDATE. JISC Workshop, 16 June 2017

Canadian Access Federation: Trust Assertion Document (TAD)

AARC. Christos Kanellopoulos AARC Architecture WP Leader GRNET. Authentication and Authorisation for Research and Collaboration

Attribute Release Update

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Topology of Dynamic Metadata Exchange via a Trusted Third Party

Towards Horizon The Enabling Users

Allowing the user to define the attribute release 21 May 2014

The Trusted Attribute Aggregation Service (TAAS)

dcache: challenges and opportunities when growing into new communities Paul Millar on behalf of the dcache team

Liberty Alliance Project

Open Science Commons: A Participatory Model for the Open Science Cloud

Jeremy Olsen (Francis Crick Institute), Jens Jensen (STFC), Steven Newhouse (EBI), Darren

EUDAT. Towards a pan-european Collaborative Data Infrastructure - A Nordic Perspective? -

Authentication for Virtual Organizations: From Passwords to X509, Identity Federation and GridShib BRIITE Meeting Salk Institute, La Jolla CA.

Transcription:

Management der Virtuellen Organisation DARIAH im Rahmen von Shibboleth- basierten Föderationen 58. DFN- Betriebstagung, Berlin, 12.3.2013 Peter Gietz, DAASI International GmbH DARIAH EU VCC 1 e-infrastructure / DARIAH-DE

Agenda Intro DARIAH DARIAH AAI European Role model for DARIAH-EU

What is DARIAH? DARIAH: Digital Research Infrastructure for the Arts and Humanities One of the few ESFRI research infrastructures for the humanities DARIAH s mission - To develop, maintain and operate an infrastructure in support of ICT-based research practices Working with communities of practice - To ensure that best practices, metholodological and technical standards are followed

Countries participating in DARIAH Austria Croatia Denmark France (Host Country) Germany (Coordinator) Greece Ireland The Netherlands (Coordinator) Slovenia Serbia

DARIAH collaboration Affiliated projects CENDARI, DASISH, EHRI, NeDiMAH Sibling initiatives BAMBOO, CLARIN, TEI Cultural heritage initiatives Europeana, DC-Net Technological initiatives EGI, EUDAT

DARIAH Virtual Competency Centres (VCCs) To establish a shared technology platform for Arts and Humanities research To expose and share researcher's knowledge, methodologies and expertise To facilitate the exposure and sharing of scholarly content To interface with key influencers in and for the Arts and Humanities

Advocacy e-infrastruktur Promotion et diffusion Forschung und Lehre e-infrastructure Forschungsdaten Liaison education et recherche Management des contenus DARIAH-EU DARIAH-FR VCC Advocacy VCC Research and Education Advocacy Advocacy e-infrastruktur Forschung und Lehre Forschungsdaten VCC e-infrastructure VCC Scholarly Content Management e-infrastructure Research and Education Scholarly Content Management DARIAH-IE DARIAH-AT Advocacy Research and Education Advocacy Research and Education e-infrastructure Scholarly Content Management e-infrastructure Scholarly Content Management weitere Länder DARIAH-nn 7 20 June 2012

AAI requirements The AAI service must be easy to use, ideally using their own institutional credentials (if available) Single sign-on to all (DARIAH) resources, tools and services in an idea world, researchers could use the same credential in any 'academic' context. Authorisation granularity e.g. access to 'sensitive data : EHRI (European Holocaust Research Infrastructure)

DARIAH AAI Practice Current AAI set-up: a first version of an AA infrastructure has been deployed, based on two standards: LDAP for authentication and authorization attributes deploying Open Source Software OpenLDAP SAML for AAI within a federation including Web Single Sign-On feature deploying Open Source Software Shibboleth

Current Set-Up

Authorization features Use of the Higher-Education SAML-based federations No change to campus IdPs except trust / attribute filters Standard Shibboleth SP to protect applications, however with special configuration: aggregates attributes from campus and central IdP require miminum set of attributes, otherwise redirect to registration application at central SP Central LDAP with authz groups managed by admin portal Central IdP gets data from central LDAP and releases both user attributes and entitlements (based on groups) to SPs Central Registration SP writes manually completed user attributes to central LDAP 11 of 20 (c) March 2013 - DAASI International GmbH

VO Management and FIM in DARIAH

Current Challenges Not every institution signs federation contracts Not every Identity Provider releases personal attributes Not every resource provider allows anonymous usage A European humanities federation is just at its start (CLARIN federation, DASISH activities)

IdPs that do not release eppn Due to data protection and privacy issues, some IdP maintainers decide to only release a pseudonymous ID that is cryptic unique for that particular user and SP combination e.g. edupersontargetedid (eptid) or persistentid We have a solution where user self-asserts any attribute at the DARIAH registration SP Use a mapping table SP1' ID1 maps to Registration SP IDX SP2' ID2 maps to Registration SP IDX as well When SP2 sends an Attribute Query for ID2, IdP maps ID2 to IDX, where all user attributes can be found This is work in progress! 14 of 20 (c) March 2013 - DAASI International GmbH

IdPs that do not release eppn 15 of 20 (c) March 2013 - DAASI International GmbH

Demo Admin Portal Admiun Portal: https://auth.dariah.eu/cgi-bin/admin/ldapportal.pl 16 of 20 (c) March 2013 - DAASI International GmbH

Plans It is planned to include technologies like OAuth2 and OpenID Connect into the DARIAH SAML based infrastructure It is possible to have a SAML based Authentication within an OAuthInfrastructure as well as To have an OpenID based authentication in a SAML based infrastructure. Experiments on these technologies have been performed successfully Main aim is that an application developer only has to support one API for AAI. Develop and implement a hierarchical role model

Role model

Role model

Thank You for Your Attention! Questions? DARIAH www.dariah.eu DAASI International GmbH www.daasi.de 20 of 20 (c) March 2013 - DAASI International GmbH

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback