de provisioning necessity even in proxy idp sp
play

De-provisioning - necessity even in proxy IdP/SP architecture Slvek - PowerPoint PPT Presentation

Jul 29, 2023 •49 likes •169 views

De-provisioning - necessity even in proxy IdP/SP architecture Slvek Licehammer slavek@ics.muni.cz EGI Conference 2019 06. 05. 2019 AARC Blueprint Architecture 2 Proxy architecture Easy way to connect services Persistent identity

  1. De-provisioning - necessity even in proxy IdP/SP architecture Slávek Licehammer slavek@ics.muni.cz EGI Conference 2019 06. 05. 2019

  2. AARC Blueprint Architecture 2

  3. Proxy architecture ● Easy way to connect services ● Persistent identity for each user ● Harmonized attributes ● Authorization on proxy level ● Approval of AUP, data release, etc. ● All is done during sign in of a user 3

  4. Services with extra requirements ● Some services needs to know user upfront or know when the user is no longer authorized ● Mailing list ● Cloud platforms ● Data storages ● VOMS ● Collaborative tools ● ... 4

  5. Provisioning & deprovisioning ● Method to deliver user information to services ○ Access rights ○ Authorization informations (groups, roles) ○ User attributes (name, e-mail, …) ● Triggered without direct user interaction ● Services react accordingly ○ Creating accounts ○ Updating local user information ○ Disabling or deleting account 5

  6. Benefits of (de-)provisioning ● Database of access rights for all users and services ● Database of which data released to services ○ GDPR ● Deprovisioning can be used to disable account when it have been compromised ● Provision access tokens for non-web access ○ SSH keys 6

  7. Implementation ● Transfer model ○ Periodic pull ○ Push model ● Transferred dataset ○ Changeset only ■ Need to ensure consistency ○ Full state ■ May have performance issues ● Protocols ○ LDAP, VOOT, SCIM, JSON, XML, OIDC, ... 7

  8. Identity and access management ● Identity and access management ○ source for (de-)provisioned data ● Support for user life-cycle ○ Registration / import, expiration, renewal ○ Support also on service side ● Support for access management ○ Group, entitlements, capabilities management ○ Configurable provisioning to services 8

  9. AARC Blueprint Architecture 9

  10. ● Identity and access management ● (De-)provisioning engine ● Open-source (https://perun-aai.org) ● Major deployment: ELIXIR, EGI, GÉANT ● EGI instance integrated with EGI Check-in ● (De-)provisioning connectors available for many services ○ Easy to develop new connectors 10

  11. Summary ● Provisioning and deprovisioning notify services about changes in user attributes or state ● Deprovisioning is crucial for services with persistent user resources ● Can be handled with external identity and access management system ● Is aligned with AARC Blueprint Architecture 11

  12. Thank you for attention Slávek Licehammer slavek@ics.muni.cz

Recommend

I n t e r n s L i g h t n i n g T a l k s Proxy editing PiTiVi Proxy editing

I n t e r n s L i g h t n i n g T a l k s Proxy editing PiTiVi Proxy editing

I n t e r n s L i g h t n i n g T a l k s Proxy editing PiTiVi Proxy editing Anton Belka, antonbelka@gmail.com GUADEC 2013 The TM Conference GUADEC Proxy editing What is proxy editing? Proxy editing is the ability to

1.75k views • 143 slides
First-Order Necessity and Validity First-Order Necessity and Validity Mark Criley IWU

First-Order Necessity and Validity First-Order Necessity and Validity Mark Criley IWU

First-Order Necessity and Validity First-Order Necessity and Validity Mark Criley IWU BackOf, Between, Small, etc. predicates other than =. necessity does. But FO-necessity pays attention to a little bit less than Logical

107 views • 9 slides
MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers

MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers

MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers forward requests to backends and can transform, handle or block them released under the GPL see http://forge.mysql.com/wiki/MySQL_Proxy

945 views • 27 slides
Resource provisioning requirements are very diverse Existing resource provisioning solutions

Resource provisioning requirements are very diverse Existing resource provisioning solutions

Resource provisioning requirements are very diverse Existing resource provisioning solutions tend to be specialized for specific scenarios. There is no resource provisioning model that supports all of these usage scenarios simultaneously

397 views • 14 slides
The QoE Provisioning-Delivery- g y -- Hysteresis and its Importance for Service Provisioning

The QoE Provisioning-Delivery- g y -- Hysteresis and its Importance for Service Provisioning

NGI 2011 The QoE Provisioning-Delivery- g y -- Hysteresis and its Importance for Service Provisioning in the F t Future Internet I t t Tobias Hofeld, Markus Fiedler and Thomas Zinner Hysteresis Hysteresis Hysteresis refers to

251 views • 10 slides
Medical Necessity of Medical Necessity of Cardiac Implants: p The New Enforcement Priority

Medical Necessity of Medical Necessity of Cardiac Implants: p The New Enforcement Priority

Medical Necessity of Medical Necessity of Cardiac Implants: p The New Enforcement Priority Morgan, Lewis & Bockius, LLP Scott A. Memmott Albert W. Shay B Background k d Increased efforts over the last two years to combat

782 views • 43 slides
TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop

TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop

GLIF Tech Winter meeting Hong-Kong, China 24 February, 2011 Peter Szegedi, PDO szegedi@terena.org www terena org www.terena.org TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop series About

587 views • 25 slides
Provisioning Hardware for Cluster Applications 2 Friday, February 17, 12 Provisioning Hardware

Provisioning Hardware for Cluster Applications 2 Friday, February 17, 12 Provisioning Hardware

scc : Cluster Storage Provisioning Informed by Application Characteristics and SLAs Harsha V. Madhyastha*, John C. McCullough , George Porter, Rishi Kapoor, Stefan Savage, Alex C. Snoeren, and Amin Vahdat UC Riverside* and UC San Diego Bourns

1.26k views • 96 slides
Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning

Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning

Black Hat Europe 2009 Hijacking Mobile Data Connections 1 Mobile Security Lab Provisioning & WAP primer Forging Messages Demo: Remote provisioning Provisioning: Process and Issues Attack scenario and exploiting Final

713 views • 59 slides
C# Design Patterns: Proxy APPLYING THE PROXY PATTERN Steve Smith FORCE MULTIPLIER FOR DEV TEAMS

C# Design Patterns: Proxy APPLYING THE PROXY PATTERN Steve Smith FORCE MULTIPLIER FOR DEV TEAMS

C# Design Patterns: Proxy APPLYING THE PROXY PATTERN Steve Smith FORCE MULTIPLIER FOR DEV TEAMS @ardalis | ardalis.com | weeklydevtips.com t h s What problems does proxy solve? Objectives How is the proxy pattern structured? Apply the

779 views • 23 slides
Web Application Proxy (WAP) Remote Access Gateway Proxy for Web Applications 1 If youre

Web Application Proxy (WAP) Remote Access Gateway Proxy for Web Applications 1 If youre

Web Application Proxy (WAP) Remote Access Gateway Proxy for Web Applications 1 If youre WAPpy and you know it. UAG ? WAP ? eGov ? 2 Topics This Why the County invested in WAP presentation will share: Capabilities

427 views • 20 slides
January 29, 2018 Proxy Statements under Maryland Law 2018 The 2018 proxy season is here.

January 29, 2018 Proxy Statements under Maryland Law 2018 The 2018 proxy season is here.

January 29, 2018 Proxy Statements under Maryland Law 2018 The 2018 proxy season is here. Based on our experience reviewing proxy statements for Maryland public companies, we would like to call your attention to certain matters of Maryland

272 views • 12 slides
Entwurfsmuster und Frameworks Proxy Oliver Haase Oliver Haase Emfra Proxy 1/14

Entwurfsmuster und Frameworks Proxy Oliver Haase Oliver Haase Emfra Proxy 1/14

Entwurfsmuster und Frameworks Proxy Oliver Haase Oliver Haase Emfra Proxy 1/14 Description I Classification : Object-based structural pattern Also known as : Surrogate Purpose : Control access to a subject through

435 views • 14 slides
The Squid caching proxy Chris Wichura caw@cawtech.com What is Squid? A caching proxy for

The Squid caching proxy Chris Wichura caw@cawtech.com What is Squid? A caching proxy for

The Squid caching proxy Chris Wichura caw@cawtech.com What is Squid? A caching proxy for HTTP, HTTPS (tunnel only) FTP Gopher WAIS (requires additional software) WHOIS (Squid version 2 only) Supports transparent

592 views • 35 slides
MySQL Proxy meets: binlogs Jan Kneschke MySQL Enterprise Tools mailto: jan@mysql.com What is

MySQL Proxy meets: binlogs Jan Kneschke MySQL Enterprise Tools mailto: jan@mysql.com What is

MySQL Proxy meets: binlogs Jan Kneschke MySQL Enterprise Tools mailto: jan@mysql.com What is MySQL Proxy Started Feb 2007 Current: MySQL Proxy 0.7.0 Source available on launchpad.net $ bzr branch lp:mysql-proxy Foundation of

308 views • 17 slides
GLM Proxy Data Monte Bateman Proxy Data Creator Introduction GLM is an optical instrument

GLM Proxy Data Monte Bateman Proxy Data Creator Introduction GLM is an optical instrument

GLM Proxy Data Monte Bateman Proxy Data Creator Introduction GLM is an optical instrument Closest analog is LIS LIS is LEO; has a limited time on station for a particular storm Have several ground-based, 24x7 networks;

133 views • 10 slides
Necessity of 45-day Transesophageal Echocardiography after WATCHMAN Procedure amid the COVID-19

Necessity of 45-day Transesophageal Echocardiography after WATCHMAN Procedure amid the COVID-19

Necessity of 45-day Transesophageal Echocardiography after WATCHMAN Procedure amid the COVID-19 Pandemic Bryan E-Xin Tan, M.D. PGY-3 Internal Medicine Rochester General Hospital No Conflict of Interest Necessity of 45-day Transesophageal RESULTS

250 views • 8 slides
Modern Provisioning and CI/CD with Terraform, Terratest & Jenkins Duncan Hutty Overview 1.

Modern Provisioning and CI/CD with Terraform, Terratest & Jenkins Duncan Hutty Overview 1.

Modern Provisioning and CI/CD with Terraform, Terratest & Jenkins Duncan Hutty Overview 1. Introduction: Context, Philosophy 2. Provisioning Exercises 1. MVP 2. Testing 3. CI/CD 4. Refactoring 3. Coping with complexity & scale

946 views • 49 slides
September 29, 2010 Maryland Law Implications of the SEC's Proxy Access Rules The proxy access

September 29, 2010 Maryland Law Implications of the SEC's Proxy Access Rules The proxy access

September 29, 2010 Maryland Law Implications of the SEC's Proxy Access Rules The proxy access rules recently adopted by the Securities and Exchange Commission have many implications for the nomination, election and service of directors under

179 views • 5 slides
DRM Proxy Architecture draft-zhipeng-pkix-drm-proxy-architecture Zhipeng Zhou (via Barry Leiba)

DRM Proxy Architecture draft-zhipeng-pkix-drm-proxy-architecture Zhipeng Zhou (via Barry Leiba)

DRM Proxy Architecture draft-zhipeng-pkix-drm-proxy-architecture Zhipeng Zhou (via Barry Leiba) Huawei Technologies Why? Digital Rights Management is something service providers have to deal with. Standard mechanisms for managing

273 views • 9 slides
Connecting to Citrix MetaFrame Presentation Server through Proxy Servers Web Interface and Proxy

Connecting to Citrix MetaFrame Presentation Server through Proxy Servers Web Interface and Proxy

Connecting to Citrix MetaFrame Presentation Server through Proxy Servers Web Interface and Proxy Servers When a user logs into Web Interface and clicks an application icon, Web Interface dynamically renders an ICA file containing the instructions

490 views • 3 slides
SWEN 383 Software Design Principles & Patterns The Proxy Pattern Basic Proxy * Overview

SWEN 383 Software Design Principles & Patterns The Proxy Pattern Basic Proxy * Overview

SWEN 383 Software Design Principles & Patterns The Proxy Pattern Basic Proxy * Overview Joe and Mary want to sign a contract. Joe is in Canada. Mary is in Argentina. * Overview Joe asks Sandy to be a proxy for Mary. Mary asks Pedro to

467 views • 25 slides
Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What

Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What

Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as a server while talking with

365 views • 32 slides
Services for institutional investors September 2017 INDEX o Reasons for a Spanish proxy advisor

Services for institutional investors September 2017 INDEX o Reasons for a Spanish proxy advisor

Member for Spain & Portugal of the international partnership of local independent proxy advisors Services for institutional investors September 2017 INDEX o Reasons for a Spanish proxy advisor o ECGS and their partners o Proxy advisors

547 views • 29 slides

More recommend