SlideShare une entreprise Scribd logo

OpenConext: Authentication & Authorization Infrastructure for Virtual Research Communities

O
openconext

EGI Community Forum 2014 Paul van Dijk presented at the EGI Community Forum in Helsinki how OpenConext can be deployed to support and enhance scientific cooperation. Among other things he went into the wishes and requirements of scientific collaboration in the field of authentication and authorization. OpenConext is particularly suitable for centralized management of users of cooperative organizations.

LogicielsTechnologieFormation
1  sur  23
Télécharger pour lire hors ligne
Authentication & Authorization Infrastructure for Virtual Research Communities Paul van Dijk, SURFnet Alexandre Bonvin, WeNMR
SURFnet: the Dutch NREN •  SURFnet is the Dutch National Research & Education Network (NREN) -  Services, innovation, knowledge -  Not for profit -  Task organisation of Stichting SURF = ICT collaboration of higher education & research •  A small operation serving a large community: -  85 employees -  160 connected institutions -  1 million end-users -  Turnover 35 million Euro; 1/3 innovation subsidies
Connecting people and devices collaborate and share – how to facilitate VRCs
The wenmr virtual research community! eScience hub for NMR and structural biology!
the wenmr VRC! A Drupal powered rich web based experience ! Knowledge! Help Center! Tutorials,Wiki! Consultancy! Services! Portals! VRC! Third-party aggregation! Grid! Exposure! Marketplace! Blogs, news,! events..! Facebook!
or...! Done ✔!
WeNMR VRC" How to deal with Authentication?! For the end-user! •  How to provide as easy as possible access! •  Use institutional account! •  Single Sign-On to all kind of NMR resources! For WeNMR administrators! •  How to verify users? (albert.einstein@gmail.com) ! •  How to deal with burden of account management?! •  How to bridge authentication across domains and resources?!
AAI for research observations, questions, challenges •  AAI one of the cornerstones (or at least a key starting point) for international collaboration and system integration •  Ever growing space.......with many issues •  More than technique and engineering ! policies, procedures and a lot of human interaction (!) •  Can we build on existing building blocks?
The Netherlands: research apps SURFconext ecosystem Drive WeNMR Portal Identity Providers >200 Service Providers commercial / non-commercial SURFconext Authentication Hub Trust FrameworkUniversity Dirk Stap dirkstap@vu.nl Staff member ID#: 2989289283921 SP stores attributes
No-brainer Connect WeNMR portal to SURFconext Knowledge! Help Center! Tutorials,Wiki! Consultancy! Services! Portals! Third-party aggregation! Grid! SAML SAML SAML SAML SAML SAML SAML Identity Providers Service ProvidersSURFconext Authentication Hub WeNMR! VRC portal! SAML
WeNMR SSO Drupal module see: bit.ly/1oc3Gu3 provides a closed and self-contained solution for everything related to authentication, authorization and accounting for a service, without any need for additional modules or external services.
Crossing national borders via eduGAIN Knowledge! Help Center! Tutorials, Wiki! Consultancy! Services! Portals! Third-party aggregation! Grid! SAML SAML SAML SAML SAML SAML SAML Identity Providers Service ProvidersSURFconext Authentication Hub WeNMR! VRC! SAML SAML SAML
It (almost) works
or... Done ✔
Can we take it one step further? AI ! AAI Can we organize AuthZ in a centralized (and generic) way?
Needed: additional attributes Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 CO- admin CO- researcher UVK @university @Collab Org @Dirk Stap +31(6) 120202020 Skype: DirkStap LinkedIn: DirkHStap Self asserted Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 CO- admin CO- researcher
Needed: attribute source(s) Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 CO- admin CO- researcher
Needed: attribute release management Self Asserted +31(6) 120202020 Skype: DirkStap LinkedIn: DirkHStap University Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 CO- admin CO- researcher TC VidConf UVK Storage Google APPS Dirk Stap dirkstap@uvk.nl ID#: 2989289283921 Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 +31(6) 120202020 Skype: DirkStap Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 Collab Organisation CO- admin CO- researcher
OpenConext for Collaborative Organisations •  Groups •  Distributes Services •  Attributes, roles and rights Groups are core to collaboration Any collaboration is based on groups. In eScience these groups are dynamic and international Distributed Services COs collaborate around distributes services. Managing and maintaining many SP - IdP interconnections is tough Attributes, roles and rights Roles and rights are based on Attributes. COs need very different attributes as compared to the attributes provided by the IdPs
How OpenConext helps •  Groups •  Distributed Services •  Attributes, roles and rights Centralized and external group providers OpenConext provides a centralized group provider and allows linking external group providers Manage services CO SP and IdP connections can be managed centrally, including Access Policies and Attribute Release Policies Attributes Can be transformed and filtered both at logon as well as when queried out-of-band
PoC EGI and SURFnet (Q2/Q3) in a SAML world A CO manager •  Verifies authenticity •  Adds attributes •  Provides workflows Self Asserted +31(6) 120202020 Skype: DirkStap LinkedIn: DirkHStap Collab Organisation CO- admin CO- researcher Self Asserted +31(6) 120202020 Skype: DirkStap LinkedIn: DirkHStap Collab Organisation CO- admin CO- researcher University Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 keystone •  Aggregate attributes •  Forward with ARP to SP add. attr. at logon add. attr. by query University Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 UVK •  Authenticate •  Add attributes
Conclusion Authentication infrastructure •  Identity federations: Works well on a national level ! run-of- the-mill in many countries, UX could be better •  Interfederation: will it scale? requires a lot of effort ! streamline and harmonize procedures, improve discovery of endpoint representatives ! on the radar of organizations like REFEDS and GEANT (eduGAIN) Authorization infrastructure •  Still in development, some solutions/approaches available ! collaborate, just do it, run PoCs with community & improve
paul.vandijk[at]surfnet.nl or niels.vandijk[at]surfnet for OpenConext @paulcwvandijk paulcwvandijk www.surfnet.nl +31 30 2 305 305 Creative Commons “Attribution” license: http://creativecommons.org/licenses/by/3.0/ W

Recommandé

Sur fnet open-conext-apereo2014
Sur fnet open-conext-apereo2014Sur fnet open-conext-apereo2014
Sur fnet open-conext-apereo2014Niels van Dijk
 
OpenConext Workshop TNC2014
OpenConext Workshop TNC2014OpenConext Workshop TNC2014
OpenConext Workshop TNC2014openconext
 
Is Webrtc Transforming Collaboration
Is Webrtc Transforming CollaborationIs Webrtc Transforming Collaboration
Is Webrtc Transforming CollaborationErik Lagerway
 
Eclipse IoT presentation
Eclipse IoT presentation Eclipse IoT presentation
Eclipse IoT presentation Ian Skerrett
 
Strategy english
Strategy englishStrategy english
Strategy englishTarja Javanainen
 
Analisis de Encuestas
Analisis de EncuestasAnalisis de Encuestas
Analisis de EncuestasVanessa Sanjur
 
CURSO DE SUPERACIÓN LENGUA CASTELLANA Y CIENCIAS NATURALES
CURSO DE SUPERACIÓN LENGUA CASTELLANA Y CIENCIAS NATURALES CURSO DE SUPERACIÓN LENGUA CASTELLANA Y CIENCIAS NATURALES
CURSO DE SUPERACIÓN LENGUA CASTELLANA Y CIENCIAS NATURALES Mary Barrera Muñoz
 
Mobistealth pro version
Mobistealth pro versionMobistealth pro version
Mobistealth pro versionfragrom
 

Recommandé

Sur fnet open-conext-apereo2014
Sur fnet open-conext-apereo2014Sur fnet open-conext-apereo2014
Sur fnet open-conext-apereo2014Niels van Dijk
 
OpenConext Workshop TNC2014
OpenConext Workshop TNC2014OpenConext Workshop TNC2014
OpenConext Workshop TNC2014openconext
 
Is Webrtc Transforming Collaboration
Is Webrtc Transforming CollaborationIs Webrtc Transforming Collaboration
Is Webrtc Transforming CollaborationErik Lagerway
 
Eclipse IoT presentation
Eclipse IoT presentation Eclipse IoT presentation
Eclipse IoT presentation Ian Skerrett
 
Strategy english
Strategy englishStrategy english
Strategy englishTarja Javanainen
 
Analisis de Encuestas
Analisis de EncuestasAnalisis de Encuestas
Analisis de EncuestasVanessa Sanjur
 
CURSO DE SUPERACIÓN LENGUA CASTELLANA Y CIENCIAS NATURALES
CURSO DE SUPERACIÓN LENGUA CASTELLANA Y CIENCIAS NATURALES CURSO DE SUPERACIÓN LENGUA CASTELLANA Y CIENCIAS NATURALES
CURSO DE SUPERACIÓN LENGUA CASTELLANA Y CIENCIAS NATURALES Mary Barrera Muñoz
 
Mobistealth pro version
Mobistealth pro versionMobistealth pro version
Mobistealth pro versionfragrom
 
Rich poor
Rich poorRich poor
Rich poorBaiju Goradia
 
Happy life 8
Happy life 8Happy life 8
Happy life 8Baiju Goradia
 
Je
JeJe
JeGaby Mayra
 
Именуем ресурсы для Windows 8 правильно
Именуем ресурсы для Windows 8 правильноИменуем ресурсы для Windows 8 правильно
Именуем ресурсы для Windows 8 правильноslavabobik
 
Hitch hiking journalclub
Hitch hiking journalclubHitch hiking journalclub
Hitch hiking journalclubKevin Thornton
 
Vivo vitrothingamajig
Vivo vitrothingamajigVivo vitrothingamajig
Vivo vitrothingamajigKevin Thornton
 
Food stamps
Food stampsFood stamps
Food stampsfragrom
 
Green Hope Reserve, Nicaragua
Green Hope Reserve, NicaraguaGreen Hope Reserve, Nicaragua
Green Hope Reserve, NicaraguaIUCNGPAP
 
Hlášky 4.A
Hlášky 4.AHlášky 4.A
Hlášky 4.Azluva
 
Prezentace, která se měla promítat na stužkováku (14.11.2013)
Prezentace, která se měla promítat na stužkováku (14.11.2013)Prezentace, která se měla promítat na stužkováku (14.11.2013)
Prezentace, která se měla promítat na stužkováku (14.11.2013)zluva
 
Seminar2015
Seminar2015Seminar2015
Seminar2015Kevin Thornton
 
Halloween powerpoint
Halloween powerpointHalloween powerpoint
Halloween powerpointStefano Falsini
 
OpenConext Apereo2014
OpenConext Apereo2014OpenConext Apereo2014
OpenConext Apereo2014openconext
 
CreatiFI Call1 presentation
CreatiFI Call1 presentationCreatiFI Call1 presentation
CreatiFI Call1 presentationCreatiFI
 
Presentatie Code Jam Niels van Dijk
Presentatie Code Jam Niels van DijkPresentatie Code Jam Niels van Dijk
Presentatie Code Jam Niels van Dijkkirstenveelo
 
Real-World, Open Source, End-to-End JavaScript in IoT
Real-World, Open Source, End-to-End JavaScript in IoTReal-World, Open Source, End-to-End JavaScript in IoT
Real-World, Open Source, End-to-End JavaScript in IoTAll Things Open
 
Building The Next Generation of Connected Smart Contracts
Building The Next Generation of Connected Smart ContractsBuilding The Next Generation of Connected Smart Contracts
Building The Next Generation of Connected Smart ContractsArthur Micoulet
 
Asset Monitoring with Beacons, Lora, NodeJS and IoT Cloud
Asset Monitoring with Beacons, Lora, NodeJS and IoT CloudAsset Monitoring with Beacons, Lora, NodeJS and IoT Cloud
Asset Monitoring with Beacons, Lora, NodeJS and IoT CloudRobert van Mölken
 
Ultimate list of 50 Best IoT platforms of 2019
Ultimate list of 50 Best IoT platforms of 2019Ultimate list of 50 Best IoT platforms of 2019
Ultimate list of 50 Best IoT platforms of 2019ThingsCloud
 
Alfresco Summit 2014 London - Customer Case CIRB_CIBG
Alfresco Summit 2014 London - Customer Case CIRB_CIBGAlfresco Summit 2014 London - Customer Case CIRB_CIBG
Alfresco Summit 2014 London - Customer Case CIRB_CIBGFilip Lannoye
 
Digital platforms to drive innovation - platform-thinking and design-thinking
Digital platforms to drive innovation - platform-thinking and design-thinkingDigital platforms to drive innovation - platform-thinking and design-thinking
Digital platforms to drive innovation - platform-thinking and design-thinkingFrancis D'Silva
 
Building Peru interactive-collaboration
Building Peru interactive-collaborationBuilding Peru interactive-collaboration
Building Peru interactive-collaborationEnrique Mesones
 

Contenu connexe

En vedette

Именуем ресурсы для Windows 8 правильно
Именуем ресурсы для Windows 8 правильноИменуем ресурсы для Windows 8 правильно
Именуем ресурсы для Windows 8 правильноslavabobik
 
Hitch hiking journalclub
Hitch hiking journalclubHitch hiking journalclub
Hitch hiking journalclubKevin Thornton
 
Food stamps
Food stampsFood stamps
Food stampsfragrom
 
Green Hope Reserve, Nicaragua
Green Hope Reserve, NicaraguaGreen Hope Reserve, Nicaragua
Green Hope Reserve, NicaraguaIUCNGPAP
 
Hlášky 4.A
Hlášky 4.AHlášky 4.A
Hlášky 4.Azluva
 
Prezentace, která se měla promítat na stužkováku (14.11.2013)
Prezentace, která se měla promítat na stužkováku (14.11.2013)Prezentace, která se měla promítat na stužkováku (14.11.2013)
Prezentace, která se měla promítat na stužkováku (14.11.2013)zluva
 

En vedette (12)

Rich poor
Rich poorRich poor
Rich poor
 
Happy life 8
Happy life 8Happy life 8
Happy life 8
 
Je
JeJe
Je
 
Именуем ресурсы для Windows 8 правильно
Именуем ресурсы для Windows 8 правильноИменуем ресурсы для Windows 8 правильно
Именуем ресурсы для Windows 8 правильно
 
Hitch hiking journalclub
Hitch hiking journalclubHitch hiking journalclub
Hitch hiking journalclub
 
Vivo vitrothingamajig
Vivo vitrothingamajigVivo vitrothingamajig
Vivo vitrothingamajig
 
Food stamps
Food stampsFood stamps
Food stamps
 
Green Hope Reserve, Nicaragua
Green Hope Reserve, NicaraguaGreen Hope Reserve, Nicaragua
Green Hope Reserve, Nicaragua
 
Hlášky 4.A
Hlášky 4.AHlášky 4.A
Hlášky 4.A
 
Prezentace, která se měla promítat na stužkováku (14.11.2013)
Prezentace, která se měla promítat na stužkováku (14.11.2013)Prezentace, která se měla promítat na stužkováku (14.11.2013)
Prezentace, která se měla promítat na stužkováku (14.11.2013)
 
Seminar2015
Seminar2015Seminar2015
Seminar2015
 
Halloween powerpoint
Halloween powerpointHalloween powerpoint
Halloween powerpoint
 

Similaire à OpenConext: Authentication & Authorization Infrastructure for Virtual Research Communities

OpenConext Apereo2014
OpenConext Apereo2014OpenConext Apereo2014
OpenConext Apereo2014openconext
 
CreatiFI Call1 presentation
CreatiFI Call1 presentationCreatiFI Call1 presentation
CreatiFI Call1 presentationCreatiFI
 
Presentatie Code Jam Niels van Dijk
Presentatie Code Jam Niels van DijkPresentatie Code Jam Niels van Dijk
Presentatie Code Jam Niels van Dijkkirstenveelo
 
Real-World, Open Source, End-to-End JavaScript in IoT
Real-World, Open Source, End-to-End JavaScript in IoTReal-World, Open Source, End-to-End JavaScript in IoT
Real-World, Open Source, End-to-End JavaScript in IoTAll Things Open
 
Building The Next Generation of Connected Smart Contracts
Building The Next Generation of Connected Smart ContractsBuilding The Next Generation of Connected Smart Contracts
Building The Next Generation of Connected Smart ContractsArthur Micoulet
 
Asset Monitoring with Beacons, Lora, NodeJS and IoT Cloud
Asset Monitoring with Beacons, Lora, NodeJS and IoT CloudAsset Monitoring with Beacons, Lora, NodeJS and IoT Cloud
Asset Monitoring with Beacons, Lora, NodeJS and IoT CloudRobert van Mölken
 
Ultimate list of 50 Best IoT platforms of 2019
Ultimate list of 50 Best IoT platforms of 2019Ultimate list of 50 Best IoT platforms of 2019
Ultimate list of 50 Best IoT platforms of 2019ThingsCloud
 
Alfresco Summit 2014 London - Customer Case CIRB_CIBG
Alfresco Summit 2014 London - Customer Case CIRB_CIBGAlfresco Summit 2014 London - Customer Case CIRB_CIBG
Alfresco Summit 2014 London - Customer Case CIRB_CIBGFilip Lannoye
 
Digital platforms to drive innovation - platform-thinking and design-thinking
Digital platforms to drive innovation - platform-thinking and design-thinkingDigital platforms to drive innovation - platform-thinking and design-thinking
Digital platforms to drive innovation - platform-thinking and design-thinkingFrancis D'Silva
 
Building Peru interactive-collaboration
Building Peru interactive-collaborationBuilding Peru interactive-collaboration
Building Peru interactive-collaborationEnrique Mesones
 
2016 04-28-fiware@eclipse-io t-event
2016 04-28-fiware@eclipse-io t-event2016 04-28-fiware@eclipse-io t-event
2016 04-28-fiware@eclipse-io t-eventGilles Privat
 
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...TheInevitableCloud
 
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...TheInevitableCloud
 
CW13 The Rising Stack- How & Why OpenStack is changing IT by Mark Collier
CW13 The Rising Stack- How & Why OpenStack is changing IT by Mark CollierCW13 The Rising Stack- How & Why OpenStack is changing IT by Mark Collier
CW13 The Rising Stack- How & Why OpenStack is changing IT by Mark Collierinevitablecloud
 
EOSC Digital Innovation Hub (EOSC DIH)
EOSC Digital Innovation Hub (EOSC DIH)EOSC Digital Innovation Hub (EOSC DIH)
EOSC Digital Innovation Hub (EOSC DIH)EOSC-hub project
 
Sparrow Platform - Call for code submission
Sparrow Platform - Call for code submissionSparrow Platform - Call for code submission
Sparrow Platform - Call for code submissionJay Lohokare
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Voxxed Athens 2018 - Eventing, Serverless, and the Extensible Enterprise
Voxxed Athens 2018 - Eventing, Serverless, and the Extensible EnterpriseVoxxed Athens 2018 - Eventing, Serverless, and the Extensible Enterprise
Voxxed Athens 2018 - Eventing, Serverless, and the Extensible EnterpriseVoxxed Athens
 
Touchwood Technologies Pvt. Ltd.
Touchwood Technologies Pvt. Ltd.Touchwood Technologies Pvt. Ltd.
Touchwood Technologies Pvt. Ltd.RakeshMukhi2
 
Introducing OpenAthens Cloud for content providers
Introducing OpenAthens Cloud for content providersIntroducing OpenAthens Cloud for content providers
Introducing OpenAthens Cloud for content providersOpenAthens
 

Similaire à OpenConext: Authentication & Authorization Infrastructure for Virtual Research Communities (20)

OpenConext Apereo2014
OpenConext Apereo2014OpenConext Apereo2014
OpenConext Apereo2014
 
CreatiFI Call1 presentation
CreatiFI Call1 presentationCreatiFI Call1 presentation
CreatiFI Call1 presentation
 
Presentatie Code Jam Niels van Dijk
Presentatie Code Jam Niels van DijkPresentatie Code Jam Niels van Dijk
Presentatie Code Jam Niels van Dijk
 
Real-World, Open Source, End-to-End JavaScript in IoT
Real-World, Open Source, End-to-End JavaScript in IoTReal-World, Open Source, End-to-End JavaScript in IoT
Real-World, Open Source, End-to-End JavaScript in IoT
 
Building The Next Generation of Connected Smart Contracts
Building The Next Generation of Connected Smart ContractsBuilding The Next Generation of Connected Smart Contracts
Building The Next Generation of Connected Smart Contracts
 
Asset Monitoring with Beacons, Lora, NodeJS and IoT Cloud
Asset Monitoring with Beacons, Lora, NodeJS and IoT CloudAsset Monitoring with Beacons, Lora, NodeJS and IoT Cloud
Asset Monitoring with Beacons, Lora, NodeJS and IoT Cloud
 
Ultimate list of 50 Best IoT platforms of 2019
Ultimate list of 50 Best IoT platforms of 2019Ultimate list of 50 Best IoT platforms of 2019
Ultimate list of 50 Best IoT platforms of 2019
 
Alfresco Summit 2014 London - Customer Case CIRB_CIBG
Alfresco Summit 2014 London - Customer Case CIRB_CIBGAlfresco Summit 2014 London - Customer Case CIRB_CIBG
Alfresco Summit 2014 London - Customer Case CIRB_CIBG
 
Digital platforms to drive innovation - platform-thinking and design-thinking
Digital platforms to drive innovation - platform-thinking and design-thinkingDigital platforms to drive innovation - platform-thinking and design-thinking
Digital platforms to drive innovation - platform-thinking and design-thinking
 
Building Peru interactive-collaboration
Building Peru interactive-collaborationBuilding Peru interactive-collaboration
Building Peru interactive-collaboration
 
2016 04-28-fiware@eclipse-io t-event
2016 04-28-fiware@eclipse-io t-event2016 04-28-fiware@eclipse-io t-event
2016 04-28-fiware@eclipse-io t-event
 
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...
 
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...
 
CW13 The Rising Stack- How & Why OpenStack is changing IT by Mark Collier
CW13 The Rising Stack- How & Why OpenStack is changing IT by Mark CollierCW13 The Rising Stack- How & Why OpenStack is changing IT by Mark Collier
CW13 The Rising Stack- How & Why OpenStack is changing IT by Mark Collier
 
EOSC Digital Innovation Hub (EOSC DIH)
EOSC Digital Innovation Hub (EOSC DIH)EOSC Digital Innovation Hub (EOSC DIH)
EOSC Digital Innovation Hub (EOSC DIH)
 
Sparrow Platform - Call for code submission
Sparrow Platform - Call for code submissionSparrow Platform - Call for code submission
Sparrow Platform - Call for code submission
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Voxxed Athens 2018 - Eventing, Serverless, and the Extensible Enterprise
Voxxed Athens 2018 - Eventing, Serverless, and the Extensible EnterpriseVoxxed Athens 2018 - Eventing, Serverless, and the Extensible Enterprise
Voxxed Athens 2018 - Eventing, Serverless, and the Extensible Enterprise
 
Touchwood Technologies Pvt. Ltd.
Touchwood Technologies Pvt. Ltd.Touchwood Technologies Pvt. Ltd.
Touchwood Technologies Pvt. Ltd.
 
Introducing OpenAthens Cloud for content providers
Introducing OpenAthens Cloud for content providersIntroducing OpenAthens Cloud for content providers
Introducing OpenAthens Cloud for content providers
 

Dernier

Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 

Dernier (20)

Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 

OpenConext: Authentication & Authorization Infrastructure for Virtual Research Communities

  • 1. Authentication & Authorization Infrastructure for Virtual Research Communities Paul van Dijk, SURFnet Alexandre Bonvin, WeNMR
  • 2. SURFnet: the Dutch NREN •  SURFnet is the Dutch National Research & Education Network (NREN) -  Services, innovation, knowledge -  Not for profit -  Task organisation of Stichting SURF = ICT collaboration of higher education & research •  A small operation serving a large community: -  85 employees -  160 connected institutions -  1 million end-users -  Turnover 35 million Euro; 1/3 innovation subsidies
  • 3. Connecting people and devices collaborate and share – how to facilitate VRCs
  • 4. The wenmr virtual research community! eScience hub for NMR and structural biology!
  • 5. the wenmr VRC! A Drupal powered rich web based experience ! Knowledge! Help Center! Tutorials,Wiki! Consultancy! Services! Portals! VRC! Third-party aggregation! Grid! Exposure! Marketplace! Blogs, news,! events..! Facebook!
  • 7. WeNMR VRC" How to deal with Authentication?! For the end-user! •  How to provide as easy as possible access! •  Use institutional account! •  Single Sign-On to all kind of NMR resources! For WeNMR administrators! •  How to verify users? (albert.einstein@gmail.com) ! •  How to deal with burden of account management?! •  How to bridge authentication across domains and resources?!
  • 8. AAI for research observations, questions, challenges •  AAI one of the cornerstones (or at least a key starting point) for international collaboration and system integration •  Ever growing space.......with many issues •  More than technique and engineering ! policies, procedures and a lot of human interaction (!) •  Can we build on existing building blocks?
  • 9. The Netherlands: research apps SURFconext ecosystem Drive WeNMR Portal Identity Providers >200 Service Providers commercial / non-commercial SURFconext Authentication Hub Trust FrameworkUniversity Dirk Stap dirkstap@vu.nl Staff member ID#: 2989289283921 SP stores attributes
  • 10. No-brainer Connect WeNMR portal to SURFconext Knowledge! Help Center! Tutorials,Wiki! Consultancy! Services! Portals! Third-party aggregation! Grid! SAML SAML SAML SAML SAML SAML SAML Identity Providers Service ProvidersSURFconext Authentication Hub WeNMR! VRC portal! SAML
  • 11. WeNMR SSO Drupal module see: bit.ly/1oc3Gu3 provides a closed and self-contained solution for everything related to authentication, authorization and accounting for a service, without any need for additional modules or external services.
  • 12. Crossing national borders via eduGAIN Knowledge! Help Center! Tutorials, Wiki! Consultancy! Services! Portals! Third-party aggregation! Grid! SAML SAML SAML SAML SAML SAML SAML Identity Providers Service ProvidersSURFconext Authentication Hub WeNMR! VRC! SAML SAML SAML
  • 15. Can we take it one step further? AI ! AAI Can we organize AuthZ in a centralized (and generic) way?
  • 16. Needed: additional attributes Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 CO- admin CO- researcher UVK @university @Collab Org @Dirk Stap +31(6) 120202020 Skype: DirkStap LinkedIn: DirkHStap Self asserted Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 CO- admin CO- researcher
  • 17. Needed: attribute source(s) Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 CO- admin CO- researcher
  • 18. Needed: attribute release management Self Asserted +31(6) 120202020 Skype: DirkStap LinkedIn: DirkHStap University Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 CO- admin CO- researcher TC VidConf UVK Storage Google APPS Dirk Stap dirkstap@uvk.nl ID#: 2989289283921 Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 +31(6) 120202020 Skype: DirkStap Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 Collab Organisation CO- admin CO- researcher
  • 19. OpenConext for Collaborative Organisations •  Groups •  Distributes Services •  Attributes, roles and rights Groups are core to collaboration Any collaboration is based on groups. In eScience these groups are dynamic and international Distributed Services COs collaborate around distributes services. Managing and maintaining many SP - IdP interconnections is tough Attributes, roles and rights Roles and rights are based on Attributes. COs need very different attributes as compared to the attributes provided by the IdPs
  • 20. How OpenConext helps •  Groups •  Distributed Services •  Attributes, roles and rights Centralized and external group providers OpenConext provides a centralized group provider and allows linking external group providers Manage services CO SP and IdP connections can be managed centrally, including Access Policies and Attribute Release Policies Attributes Can be transformed and filtered both at logon as well as when queried out-of-band
  • 21. PoC EGI and SURFnet (Q2/Q3) in a SAML world A CO manager •  Verifies authenticity •  Adds attributes •  Provides workflows Self Asserted +31(6) 120202020 Skype: DirkStap LinkedIn: DirkHStap Collab Organisation CO- admin CO- researcher Self Asserted +31(6) 120202020 Skype: DirkStap LinkedIn: DirkHStap Collab Organisation CO- admin CO- researcher University Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 keystone •  Aggregate attributes •  Forward with ARP to SP add. attr. at logon add. attr. by query University Dirk Stap dirkstap@uvk.nl Staff member ID#: 2989289283921 UVK •  Authenticate •  Add attributes
  • 22. Conclusion Authentication infrastructure •  Identity federations: Works well on a national level ! run-of- the-mill in many countries, UX could be better •  Interfederation: will it scale? requires a lot of effort ! streamline and harmonize procedures, improve discovery of endpoint representatives ! on the radar of organizations like REFEDS and GEANT (eduGAIN) Authorization infrastructure •  Still in development, some solutions/approaches available ! collaborate, just do it, run PoCs with community & improve
  • 23. paul.vandijk[at]surfnet.nl or niels.vandijk[at]surfnet for OpenConext @paulcwvandijk paulcwvandijk www.surfnet.nl +31 30 2 305 305 Creative Commons “Attribution” license: http://creativecommons.org/licenses/by/3.0/ W