che heck in n towards ds an n integrated d aut uthe
play

Che heck-in n towards ds an n integrated d aut uthe - PowerPoint PPT Presentation

Sep 28, 2022 •226 likes •489 views

Che heck-in n towards ds an n integrated d aut uthe hentication n and nd aut utho horisation infrastruc uctur ure for the he EOSC Nicolas L Ni Liampotis Authentication & Authorisation Infrastructure, , GR GRNET Digital

  1. Che heck-in n towards ds an n integrated d aut uthe hentication n and nd aut utho horisation infrastruc uctur ure for the he EOSC Nicolas L Ni Liampotis Authentication & Authorisation Infrastructure, , GR GRNET Digital Infrastructures for Research 2017, Brussels www.egi.eu www This work by EGI.eu is licensed under a Creative Commons Attribution 4.0 International License.

  2. Out utline ne • Overview • Use cases • Current status • Check-in in EOSC-hub Digital Infrastructures for Research 2017, Brussels 30 N 30 Nov, 2017 2017 2

  3. Check-in Overview Digital Infrastructures for Research 2017, Brussels 30 N 30 Nov, 2017 2017 3

  4. In n a nut nutshe hell Check-in provides a reliable and interoperable AAI solution for the EGI service providers federation, and external service providers. It enables single sign-on to services through eduGAIN identity providers and other institutional or social media credentials Check-in has been developed in EGI-Engage, in close collaboration with the • AARC project in order to implement the recommendations of the AARC Blueprint Architecture and Policy Framework Services connected to Check-in can be made available to +2,000 universities • and research institutes with little or no administrative overhead Digital Infrastructures for Research 2017, Brussels 30 N 30 Nov, 2017 2017 4

  5. A A bi bird' d's-ey eye view SAML X.509 X.509 X.509 OIDC OIDC X.509 OIDC SAML X.509 X.509 X.509 Check-in SAML X.509 OIDC Digital Infrastructures for Research 2017, Brussels 30 N 30 Nov, 2017 2017 5

  6. Archi hitectur ure Implementation of the AARC • blueprint architecture All SPs can have one statically • configured IdP No need to run an IdP Discovery • Service on each SP Connected SPs get • consistent/harmonised user identifiers and accompanying attribute sets from different IdPs/AAs that can be interpreted in a uniform way for authorisation purposes External IdPs only deal with a • single EGI SP proxy Digital Infrastructures for Research 2017, Brussels 30 N 30 Nov, 2017 2017 6

  7. Wha hat is ne new or impr proved? ü Secure - operates under the strict security policies of the EGI federation ü Simple - hides the complexity of dealing with multiple authentication providers and sources of authorisation information ü Low overhead - lowers the bureaucratic burden of integrating multiple identity providers and attribute authorities ü Interoperable - implements the AARC blueprint architecture and is compliant with eduGAIN, REFEDS R&S and Sirtfi policies ü Polyglot - translates SAML 2.0, OpenID Connect, OAuth 2.0 and X.509 credentials Digital Infrastructures for Research 2017, Brussels 30 N 30 Nov, 2017 2017 7

  8. Wha hat be bene nefits do does Che heck-in n br bring ng? • Only one account needed for federated access to multiple heterogeneous (web and non-web) service providers using different technologies (SAML, OpenID Connect, OAuth 2.0, X509) • Identity linking enables access to resources using different login credentials (institutional/social) • Assurance information associated to each authenticated identity • Aggregation and harmonisation of authorisation information (VOs/groups, roles) from multiple sources Digital Infrastructures for Research 2017, Brussels 30 N 30 Nov, 2017 2017 8

  9. Reliabl ble and nd secur ure AAI pl platform EGI has always invested in improving and maintaining the reliability and security of the services • EGI has a mature and complete set of security policies and the processes to enforce them – Extended with Check-in specific policies: ü Check-in acceptable usage policy ü Check-in data protection policy ü Agreement documents to integrate non-EGI and non-eduGAIN SPs and IdPs and maintain the compliance Digital Infrastructures for Research 2017, Brussels 30 N 30 Nov, 2017 2017 9

  10. Check-in use cases Digital Infrastructures for Research 2017, Brussels 30 N 30 Nov, 2017 2017 10 10

  11. Who ho can n us use Che heck-in? n? For wha hat? Check-in can provide secure and user-friendly federated authentication and authorisation for: • User communities with different needs: – operating their own full-fledged AAI solution – operating their own group management service – in need of a ready-to-use group management solution • Service Providers – looking to leverage “AAI as a Service” Digital Infrastructures for Research 2017, Brussels 30 Nov, 2017 30 N 2017 11 11

  12. For communi unities ope perating ng the heir own n AAI Social eduGAIN IdPs Institutional IdP Community’s AAI connected to Check-in as an IdP Proxy to allow its users to access EGI services & AAI IdP Proxy resources ü Access EGI services without changing your authentication EGI Check-in workflow EGI Infrastructure Examples: ELIXIR Research Infrastructure - Check-in allows Service Service ELIXIR users to use their ELIXIR IDs to interact with relevant EGI services (Cloud, Configurations database, Applications on Demand Digital Infrastructures for Research 2017, Brussels 30 Nov, 2017 30 N 2017 12 12

  13. For communities operating their own group Fo ma manageme ment servi vice eduGAIN Community managing authorisation information about the users (VO/group Institutional memberships and roles) via their Social IdP own group management service, IdPs which is connected to Check-in as an external attribute authority Virtual Organization ü Check-in will handle the Service configuration of the IdPs and the aggregation of the attributes for the SPs EGI Check-in EGI ü No need to migrate the group Infrastructure management functionality to an EGI-specific attribute authority Service Service Examples: VOMS-managed VOs such as FedCloud Digital Infrastructures for Research 2017, Brussels 30 Nov, 2017 30 N 2017 13 13

  14. For co Fo communities in in need of a ready-to to-use use group up ma manageme ment solution eduGAIN Communities that do not operate their own group management service can leverage Institutional the group management capabilities of the Social IdP Check-in platform IDPs ü Ready-to-use solution ü Avoid overhead of deploying a dedicated group management service Service EGI ü Support for multi-tenancy to allow CheckIn authorised VO admins to manage the information about their users Virtual Organization Service independently EGI ü Easy connect to both EGI and non-EGI Infrastructure services Supported Service technologies: Examples: Training and Long Tail of Science communities CΟmanage Perun Digital Infrastructures for Research 2017, Brussels 30 Nov, 2017 30 N 2017 14 14

  15. For service pr provide ders: AAI as a service Social Check-in as an authentication proxy eduGAIN IdPs Institutional ü Enable login from institutional IdPs in eduGAIN and social media IdPs ü Minimal overhead for the service development ü All the other Check-in features are available for the SP: account linking, EGI Check-in attribute aggregation, .. EGI Infrastructure Prerequisites: • ü Service provider must accept EGI policies on data protection Service Examples: EDISON Community Portal Digital Infrastructures for Research 2017, Brussels 30 Nov, 2017 30 N 2017 15 15

  16. Depl ployment options ns Check-in is offered in 2 deployment models: • As a multi-tenant service: – All the standard Check-in authentication options – Independent community management using COmanage or Perun – Limited customisation of user-facing interfaces (e.g. community-specific themes for enrolment flows, group management) – Limited customisation of AAI proxy behaviour • As a dedicated service (individual components or AAI platform as a whole: – Customisation of user-facing interfaces: WAYF, enrolment, group membership UI – Customisation of AAI proxy behaviour (e.g. attribute aggregation rules, service entitlements) – Easy integration with the main Check-in instance, or other dedicated instances if necessary Digital Infrastructures for Research 2017, Brussels 30 Nov, 2017 30 N 2017 16 16

  17. Check-in Status Digital Infrastructures for Research 2017, Brussels 30 N 30 Nov, 2017 2017 17 17

  18. Check-in Ch in consumes in informatio ion from many div iverse sour so urce ces s Perun SAML IdP OpenID COmanage Connect IdP e/R-Infra AAI VOMS proxy (e.g. ELIXIR) External VO Configuration Management Database (e.g. Unity (GOCDB) IDM) Check-in Digital Infrastructures for Research 2017, Brussels 30 Nov, 2017 30 N 2017 18 18

  19. Che heck-in n ena nabl bles access to several services Applications on Demand Marketplace (AoD) Science Portals DataHub Helpdesk (GGUS) Attribute Management Applications (COmanage & Database Perun) (AppDB) External Configuration Service Database e.g. EDISON (GOCDB) Portal() Check-in Digital Infrastructures for Research 2017, Brussels 30 Nov, 2017 30 N 2017 19 19

Recommend

Massachusetts Creative E Massachusetts Creative E conomy conomy What the Heck THE HECK WHAT ^

Massachusetts Creative E Massachusetts Creative E conomy conomy What the Heck THE HECK WHAT ^

Massachusetts Creative E Massachusetts Creative E conomy conomy What the Heck THE HECK WHAT ^ IS THE CREATIVE ECONOMY? UMMM NON PROFIT NON PROFIT ORGANIZATIONS Industry: Museums Theatres Performance venues Examples: Tanglewood

491 views • 13 slides
BACK GROUND L UT HE R COURT SOCI E T Y T he L uthe r Co urt So c ie ty (L CS) wa s e

BACK GROUND L UT HE R COURT SOCI E T Y T he L uthe r Co urt So c ie ty (L CS) wa s e

LUT HER C O URT SO C IET Y INT ER-G ENERAT IO NAL HO USING PRO JEC T SAANIC H, BC BACK GROUND L UT HE R COURT SOCI E T Y T he L uthe r Co urt So c ie ty (L CS) wa s e sta b lishe d in 1974, o ffspring o f the pa rish o f L

320 views • 17 slides
Diversity and Multiculturalism in Education E uthe mia I Gilma n, E d.M. 1 Quantitative

Diversity and Multiculturalism in Education E uthe mia I Gilma n, E d.M. 1 Quantitative

Diversity and Multiculturalism in Education E uthe mia I Gilma n, E d.M. 1 Quantitative Literacy Value Rubric QL Rub ric Dive rsity & Multic ultura lism I nte rpre ta tio n DE SE Sc ho o l/ Distric t Pro file s Sc ho

226 views • 10 slides
Co mmunity L e a rning Ce nte r (CL C) Gra nt Pro po sa l L uthe r & Purdy E le me nta

Co mmunity L e a rning Ce nte r (CL C) Gra nt Pro po sa l L uthe r & Purdy E le me nta

Co mmunity L e a rning Ce nte r (CL C) Gra nt Pro po sa l L uthe r & Purdy E le me nta ry 2013-2014 Gra nt E lig ib ility CL C e lig ib ility is fo r sc ho o ls tha t ha ve a t le a st 40% o r g re a te r fre e a nd re duc e d

226 views • 6 slides
Mes Messa sage ge Aut uthe hent ntica ication tion Cod Codes es Instructor: Ahmad

Mes Messa sage ge Aut uthe hent ntica ication tion Cod Codes es Instructor: Ahmad

Data and Network Security Lab Sharif University of Technology Department of Computer Engineering Mes Messa sage ge Aut uthe hent ntica ication tion Cod Codes es Instructor: Ahmad Boorghany Most of the slides are obtained from Bellare

1.18k views • 80 slides
Welcome! Che heck your aud audio con onnection to o be be su sure your r sp speakers ar

Welcome! Che heck your aud audio con onnection to o be be su sure your r sp speakers ar

Welcome! Che heck your aud audio con onnection to o be be su sure your r sp speakers ar are e on on and and the the volu lume is s up up. An n On On-Demand rec ecording of of th this is webinar wil will be be avail ilable

908 views • 27 slides
C HECK & I NJECT NY S YRINGE E PINEPHRINE K ITS FOR BLS P ROVIDERS Hello and welcome to the

C HECK & I NJECT NY S YRINGE E PINEPHRINE K ITS FOR BLS P ROVIDERS Hello and welcome to the

Slide 1 C HECK & I NJECT NY S YRINGE E PINEPHRINE K ITS FOR BLS P ROVIDERS Hello and welcome to the Check & Inject New York Training Program. Im Jeremy Cushman, an EMS Physician and Medical Director for the Monroe-Livingston region.

605 views • 46 slides
Or, What in the heck have I done! This Photo by Unknown Author is licensed under CC BY-SA AN

Or, What in the heck have I done! This Photo by Unknown Author is licensed under CC BY-SA AN

Or, What in the heck have I done! This Photo by Unknown Author is licensed under CC BY-SA AN OBJECTIVE VIEW OF CONSTRUCTIVE A CHANCE AT GROWTH EXPOSURE TO NEW A WRITTEN PIECE FEEDBACK AND LEARNING FOR STYLES AND READER AND AUTHOR

143 views • 13 slides
SBA PAYCHE HECK PR PROTECTION PROG OGRA RAM A M AND ND HOW I OW IT AFFE AFFECTS Y YOU

SBA PAYCHE HECK PR PROTECTION PROG OGRA RAM A M AND ND HOW I OW IT AFFE AFFECTS Y YOU

SBA PAYCHE HECK PR PROTECTION PROG OGRA RAM A M AND ND HOW I OW IT AFFE AFFECTS Y YOU DIOCESE OF LA CROSSE PRESENTERS: VERY REV WILLIAM DHEIN V.G., JAMES REIDER, JESSICA KIRCHNER APRIL 16, 2020 WELCOME AND PRAYER TODAYS TOPICS

962 views • 41 slides
What the heck is a DAS / BDA System DC/MD/VA Automatic Fire Alarm Association (AFAA)

What the heck is a DAS / BDA System DC/MD/VA Automatic Fire Alarm Association (AFAA)

What the heck is a DAS / BDA System DC/MD/VA Automatic Fire Alarm Association (AFAA) Presented by, Raymond Skjold BearCom Lets get the acronyms correct There interchangeable terms DAS BDA ERRCS Signal Booster

889 views • 63 slides
Di-Sulfides What the heck is going on in my wine ? Tom Schulz, Winery & Viticulture

Di-Sulfides What the heck is going on in my wine ? Tom Schulz, Winery & Viticulture

Canadian Food and Wine Institute 2015 Amateur Winemakers of Ontario Convention June 5 and 6, 2015 - Toronto H 2 S Mercaptans, Di-Sulfides What the heck is going on in my wine ? Tom Schulz, Winery & Viticulture Technician Program, Niagara

639 views • 17 slides
Su SurC rCheck heck SM SM Presentation by: Tim Bohn, C.P., PMP AGENDA 2 Actions Needed

Su SurC rCheck heck SM SM Presentation by: Tim Bohn, C.P., PMP AGENDA 2 Actions Needed

H-GAC & the Geographic Data Workgroup Su SurC rCheck heck SM SM Presentation by: Tim Bohn, C.P., PMP AGENDA 2 Actions Needed Manager vs Inspector logins Work Zones Pilot review / status / schedule RGB / CIR split for

486 views • 24 slides
Networking Fabric in Hyper-V and VMM Richard Ulfvin Who the heck areya! Might know

Networking Fabric in Hyper-V and VMM Richard Ulfvin Who the heck areya! Might know

Networking Fabric in Hyper-V and VMM Richard Ulfvin Who the heck areya! Might know commands like sh run or sh config might have tried tools like NetSH or Netmon played with Hyper-V or just configured

279 views • 24 slides
What the Heck Do We Do Now? Len M. Nichols, Ph.D. Professor of Health Policy Director, Center

What the Heck Do We Do Now? Len M. Nichols, Ph.D. Professor of Health Policy Director, Center

Health Reform Implementation: What the Heck Do We Do Now? Len M. Nichols, Ph.D. Professor of Health Policy Director, Center for Health Policy Research and Ethics State Network Annual Meeting Portland, OR July 11, 2012 Where Innovation Is

802 views • 54 slides
Big Data with ADAMS Big Data with ADAMS What the heck is ADAMS? Peter Reutemann What is ADAMS?

Big Data with ADAMS Big Data with ADAMS What the heck is ADAMS? Peter Reutemann What is ADAMS?

Big Data with ADAMS Big Data with ADAMS What the heck is ADAMS? Peter Reutemann What is ADAMS? Java, GPLv3 Data mining: MOA, WEKA, MEKA, R Spreadsheets and databases Image and video processing Visualizations (plots, GIS)

671 views • 18 slides
Ex Expe perime rimenta ntal l da data a che heck k of SAN ANS me meas asur uremen

Ex Expe perime rimenta ntal l da data a che heck k of SAN ANS me meas asur uremen

Ex Expe perime rimenta ntal l da data a che heck k of SAN ANS me meas asur uremen ement Akhona Gura 1 , Puseletso Mokoena 2 , Modiehi Tshabalala 2 , Nangamso Nyangiwe 3,5 , Nametso Mongwaketsi 4,5 1.Walter Sisulu University,

1.18k views • 22 slides
WHAT THE HECK IS GOING ON AT THE NLRB? WORKSHOP SESSION 2, OPTION 2 NCCMP ANNUAL CONFERENCE

WHAT THE HECK IS GOING ON AT THE NLRB? WORKSHOP SESSION 2, OPTION 2 NCCMP ANNUAL CONFERENCE

WHAT THE HECK IS GOING ON AT THE NLRB? WORKSHOP SESSION 2, OPTION 2 NCCMP ANNUAL CONFERENCE SEPTEMBER 23, 2019 Richard F. Griffin, Jr. Katie Roberson-Young Of Counsel Associate General Counsel Bredhoff & Kaiser Service Employees

919 views • 25 slides
Contributing to Ansible Developing Ansible Modules ....wait a min....what the heck is Ansible?

Contributing to Ansible Developing Ansible Modules ....wait a min....what the heck is Ansible?

Contributing to Ansible Developing Ansible Modules ....wait a min....what the heck is Ansible? software platform for CM systems Agentless Secure Scalable ....so what can we do with ansible? package installation

497 views • 16 slides
Issuing temporary credentials for MySQL using Hashicorp Vault Walter Heck - CTO at OlinData

Issuing temporary credentials for MySQL using Hashicorp Vault Walter Heck - CTO at OlinData

Issuing temporary credentials for MySQL using Hashicorp Vault Walter Heck - CTO at OlinData Percona Live Europe 2017 Sounds familiar? Hey, Jane Doe from that department youve never heard of wants to do some analysis and she needs

692 views • 21 slides
TITLE I HOPE HOMELESS OUTREACH PROGRAM FOR EDUCATION So uthe rn Ne va da Co ntinuum o f Ca re

TITLE I HOPE HOMELESS OUTREACH PROGRAM FOR EDUCATION So uthe rn Ne va da Co ntinuum o f Ca re

TITLE I HOPE HOMELESS OUTREACH PROGRAM FOR EDUCATION So uthe rn Ne va da Co ntinuum o f Ca re Bo a rd April 11, 2019 Me g Pike Clark County School District Clark County School District th Largest School District 5 th Largest School

356 views • 19 slides
From Ideal Polyhedra to Fundamental Domains in H 3 Rainie Heck Oberlin College January 2019 From

From Ideal Polyhedra to Fundamental Domains in H 3 Rainie Heck Oberlin College January 2019 From

From Ideal Polyhedra to Fundamental Domains in H 3 Rainie Heck Oberlin College January 2019 From Ideal Polyhedra to Fundamental Domains in H 3 Rainie Heck (Oberlin College) January 2019 1 / 13 Overview Research Goal: to connect the geometric

297 views • 13 slides
What the heck is an In-Memory Data Grid? @addisonhuddy How are we going to answer this question?

What the heck is an In-Memory Data Grid? @addisonhuddy How are we going to answer this question?

What the heck is an In-Memory Data Grid? @addisonhuddy How are we going to answer this question? 1. Tell you about my first introduction to IMDGs 2. See some real-world use cases 3. Design an IMDG 4. Implement Use Cases Definition IMDGs

398 views • 38 slides
Bridging between computer-aided assessment and traditional pen-and-paper exams Andr Heck and

Bridging between computer-aided assessment and traditional pen-and-paper exams Andr Heck and

Bridging between computer-aided assessment and traditional pen-and-paper exams Andr Heck and Nataa Brouwer EAMS 2020 online conference, June 22 2020, Newcastle, UK 1 Friday the 13 th of March: university life changes completely

546 views • 20 slides
Persistency of Linear Programming Formulations for the Stable Set Problem guez-Heck 1 , Karl

Persistency of Linear Programming Formulations for the Stable Set Problem guez-Heck 1 , Karl

Persistency of Linear Programming Formulations for the Stable Set Problem guez-Heck 1 , Karl Stickler 1 , Matthias Walter 2 , and Stefan Weltge 3 Elisabeth Rodr 1 RWTH Aachen University, Germany 2 University of Twente, The Netherlands 3

424 views • 15 slides

More recommend