eisuke ito eiji abe yoshiaki kasahara kyushu university
play

Eisuke Ito, Eiji Abe, Yoshiaki Kasahara Kyushu University - PowerPoint PPT Presentation

Sep 27, 2022 •236 likes •531 views

APAN29, Sydney 2010 UPKI update from Japan Eisuke Ito, Eiji Abe, Yoshiaki Kasahara Kyushu University ito.eisuke.523@m.kyushuu.ac.jp Outline 1. Introduction 2. Shibboleth SSO 3. Problems of IdP 4. Analysis 5. Conclusion 1 1. Introduction 1.

  1. APAN29, Sydney 2010 UPKI update from Japan Eisuke Ito, Eiji Abe, Yoshiaki Kasahara Kyushu University ito.eisuke.523@m.kyushu‐u.ac.jp

  2. Outline 1. Introduction 2. Shibboleth SSO 3. Problems of IdP 4. Analysis 5. Conclusion 1

  3. 1. Introduction 1. Introduction 2. Shibboleth SSO 3. Problems of IdP 4. Analysis 5. Conclusion 2

  4. 1. Introduction  Protected services in University  E-Learning, e-Syllabi, Researcher activity DB, Student portal, …  E-Journal, Google Apps, Windows Live, …  Shibboleth SSO (Single Sign-on)  Distributed SSO Middleware  Identity Providers (IdP), Service Providers (SP). (and Discovery Service (DS))  Federation  A trust relationship between Identity Providers (IdP) and Service Providers (SP).  NII of Japan deploys Shibboleth SSO Federation  Kyushu University joins this federation 3

  5. History 2005 2006 2007 2008 2009 2010 2011 Joined UPK Kyushu Univ. LDAP Password University authN ID IntegraJon Shibboleth IdP manager plaBorm Join UPKI‐Fed University ID (JP Federa7on) kitenet (Wireless LAN) UPKI UPKI IniJaJve Server Cert. service NII, Japan eduroam.jp GRID UPKI‐Fed SSO trial UPKI‐Fed Trail Federa7on 4

  6. In this presentation,  Show a case study of shibboleth IdP and SP operation in Kyushu University  Report some problems of shibboleth IdP operation.  Report results of two month operation. 5

  7. 2. Shibboleth SSO 1. Introduction 2. Shibboleth SSO 3. Problems of IdP 4. Analysis 5. Conclusion 6

  8. 2. Shibboleth SSO  Before Shibboleth  Kyushu U  Students 18,000  Staffs 7,000 (prof. 2500)  Campus wide authentication system (since 2007.)  IDM and LDAP server  IDM: Identity management system (Meta Directory)  LDAP server is used as password authenticator. 7

  9. Secure 8 Shibboleth SSO SSO Shibboleth System Overview Other Personnel Student worker DB DB Federated SPs ID card E‐Journal IDM IC Card (User ID) Refworks MS DS ref Shibboleth Password Matrix code LDAP IdP (SSO) manager DB Active Active Directory Directory refer refer Enterprise EducaJon system system for officials for students Critical Critical Service Service kitenet Mail WebCT EZproxy MyLibrary (WiFi) Matrix code authN ID/PW, or ID/PW login login Matrix code

  10. Dataflow of IDM Students Student Student Learning System list (PCs, Server, WBT) DB Twice in a Year Staffs Staff Personnel IDM list DB (Identity Management Sys.) LDAP Daily Account activation ID ID Card Card Staff 9

  11. Integrated Services  WebCT (e-Learning)  NetAcademy2 (English study)  kitenet (WiFi)  Campus licensed software  Space management system  Cute.Anyware (E-journal proxy by Library)  Webmail (Primary e-mail service)  Course registration and grade point management sys.,  Researcher activity DB 10

  12. SSO Policy Internal service Out sourced service • Webmail • E‐Journal services Usability • WebCT (e‐Learning) • RefWorks oriented • Software download site • Google Apps Shibbolize! (licensed software) • University portal Security • Financial system • Grade point oriented management system 11

  13. 3. Problems of IdP 1. Introduction 2. Shibboleth SSO 3. Problems of IdP 4. Analysis 5. Conclusion 12

  14. 3. Problems of IdP Attributes Attribute matching filtering IdP SP LDAP 13

  15. Attributes matching Existing schema eduperson mismatch (attributes) schema Open IdP LDAP LDAP (rewrite) Add/Change Attributes Schema Solutions schema Translation Matching attribute-resolver.xml OpenLDAP’s rewrite module 14

  16. Attribute filtering Internal SPs MyLibrary OK SP Serves all attributes SP EZproxy SP WebCT IdP External SPs No SP Against privacy policy SP SP 15

  17. Solutions for attribute filtering problem 2. Two IdPs 1. Write filter rules for each SP. Internal SP IdP rule SP rule SP SPs SP rule IdP rule SP External SP rule IdP SP rule SP SPs 3. Filtering script Open LDAP LDAP IdP (rewrite) rules 16

  18. 4. Analysis 1. Introduction 2. Shibboleth SSO 3. Problems of IdP 4. Analysis 5. Conclusion 17

  19. 4. Analysis Shibboleth IdP and SPs in Kyushu Universiy Internal SPs Open SP MyLibrary LDAP IdP LDAP EZproxy SP (rewrite) SJSDS OpenLDAP, Shibboleth IdP SP WebCT (Solaris) CentOS. Tomcat (CentOS) (VMware) (Windows XP) 18

  20. 19 Kyushu University Library IdP http://www.lib.kyushu‐u.ac.jp/ SP

  21. Results  Two months operation  Just serviced in at Dec. 1, 2009.  No serious trouble.  Some trivial matters.  Some users bookmark the IdP site.  404 Not Found: /idp/Authn/Password 7time(s)  He/She can’t access to the service which he/she wants. 20

  22. Statistics: Unique users at Jan.26,2010. Students 1815 18000 Staffs 467 7000 (2500) Total 2291 25000 21

  23. Statistics: Rank‐Freqency Top 200 users (10% users) occupy 41.2% access. 22

  24. Statistics: Daily access 23

  25. Statistics: Hourly access Most user access at afternoo. 24

  26. 5. Conclusion 1. Introduction 2. Shibboleth SSO 3. Problems of IdP 4. Analysis 5. Conclusion 25

  27. 5. Conclusion  A case study of Shibboleth IdP in a university  Two problems for IdP construction  Attribute matching  Attribute filtering  Two months operation  No serious trouble.  Got statistics  No over load 26

  28. Thank you for your attention. 27

Recommend

Security Analysis on Wireless LAN protocols HORI Yoshiaki hori@csce.kyushu-u.ac.jp Kyushu

Security Analysis on Wireless LAN protocols HORI Yoshiaki hori@csce.kyushu-u.ac.jp Kyushu

Security Analysis on Wireless LAN protocols HORI Yoshiaki hori@csce.kyushu-u.ac.jp Kyushu University / ISIT ETRI-ISIT 1st joint seminar 1 Contents S e c u r i t y a n a l y s i s o n I E E E 8 0 2 . 1 1 i

331 views • 20 slides
Factorizing a string into squares in linear time Yoshiaki Matsuoka, Shunsuke Inenaga, Hideo

Factorizing a string into squares in linear time Yoshiaki Matsuoka, Shunsuke Inenaga, Hideo

CPM 2016 Factorizing a string into squares in linear time Yoshiaki Matsuoka, Shunsuke Inenaga, Hideo Bannai, Masayuki Takeda (Kyushu U.) Florin Manea (Kiel U.) From string to squares? In this presentation, I talk about decomposition of a

776 views • 41 slides
What makes Kyushu Universitys IR so effective? : Leadership, internal collaborations, and

What makes Kyushu Universitys IR so effective? : Leadership, internal collaborations, and

| 0 What makes Kyushu Universitys IR so effective? : Leadership, internal collaborations, and commitment Makoto ARATONO | Executive Vice President | Kyushu University June 20, 2018 | 1 Section 1 Profile of Kyushu University

818 views • 28 slides
Distributed Constraint Reasoning Makoto Yokoo Kyushu University, Japan yokoo@inf.kyushu-u.ac.jp

Distributed Constraint Reasoning Makoto Yokoo Kyushu University, Japan yokoo@inf.kyushu-u.ac.jp

Distributed Constraint Reasoning Makoto Yokoo Kyushu University, Japan yokoo@inf.kyushu-u.ac.jp http://agent.inf.kyushu-u.ac.jp/~yokoo/ 1 Outline Constraint Satisfaction Problem (CSP) Formalization Algorithms Distributed

1.29k views • 104 slides
An opportunistic text indexing structure based on run length encoding Yuya Tamakoshi, Keisuke

An opportunistic text indexing structure based on run length encoding Yuya Tamakoshi, Keisuke

CIAC 2015 An opportunistic text indexing structure based on run length encoding Yuya Tamakoshi, Keisuke Goto, Shunsuke Inenaga, Hideo Bannai, Masayuki Takeda Kyushu University, Japan Kyushu University, Japan Kyushu University, Japan Kyushu

812 views • 59 slides
Multi-platform Automatic Parallelization and Power Reduction by OSCAR Compiler Hironori Kasahara

Multi-platform Automatic Parallelization and Power Reduction by OSCAR Compiler Hironori Kasahara

Multi-platform Automatic Parallelization and Power Reduction by OSCAR Compiler Hironori Kasahara Professor, Dept. of Computer Science & Engineering Director, Advanced Multicore Processor Research Institute Waseda University, Tokyo, Japan

519 views • 29 slides
Utilizing Pure: The Kyushu University experience Saki LIU | Post-doctoral Fellow | Office of

Utilizing Pure: The Kyushu University experience Saki LIU | Post-doctoral Fellow | Office of

| 0 Utilizing Pure: The Kyushu University experience Saki LIU | Post-doctoral Fellow | Office of Institutional Research, Kyushu University June 20-21, 2018 | 1 Kyushu University (KyushuU)s Office of Institutional Research established to

513 views • 37 slides
High Voltage Aqueous Na/K-ion Batteries Masaru Tanaka of Kyushu University. HOMO/LUMO

High Voltage Aqueous Na/K-ion Batteries Masaru Tanaka of Kyushu University. HOMO/LUMO

ICEnSM 2019, Session 1, 9:30 am-10:00 am, Nov. 30th at Shenzhen Material synthesis and cell performance were measured by Dr. Kosuke Nakamoto, Mr. Ryo Sakamoto, and Prof. Masato Ito of Kyushu University. TG/DSC measurement was supported by

421 views • 14 slides
General Consent to Research Use of Biological Samples and Health Information Eiji Maruyama Kobe

General Consent to Research Use of Biological Samples and Health Information Eiji Maruyama Kobe

General Consent to Research Use of Biological Samples and Health Information Eiji Maruyama Kobe University, Japan Eiji Maruyama 2010WCML@Zagreb 1 Requirement of Informed Consent Obtaining informed consent from the subject or her/his legal

419 views • 17 slides
Genomics in patients with Japanese Ancestry Yoshiaki Uyama, Ph.D. Yoshiaki Uyama, Ph.D.

Genomics in patients with Japanese Ancestry Yoshiaki Uyama, Ph.D. Yoshiaki Uyama, Ph.D.

Genomics in patients with Japanese Ancestry Yoshiaki Uyama, Ph.D. Yoshiaki Uyama, Ph.D. Pharmaceuticals & Medical Devices Agency (PMDA) Pharmaceuticals & Medical Devices Agency (PMDA) Visiting Professor, Graduate School of Medicine,

672 views • 21 slides
Developed for the X-ray CCD Camera onboard the XRISM Satellite Yoshiaki Kanemaru(University of

Developed for the X-ray CCD Camera onboard the XRISM Satellite Yoshiaki Kanemaru(University of

Radiation Hardness of a P-Channel Notch CCD Developed for the X-ray CCD Camera onboard the XRISM Satellite Yoshiaki Kanemaru(University of Miyazaki) mail: kanemaru@astro.miyazaki-u.ac.jp Jin Sato, Koji Mori (University of Miyazaki), Hiroshi

317 views • 21 slides
Direct Numerical Simulation of Drag Reduction with Uniform Blowing over a Rough Wall Eisuke Mori

Direct Numerical Simulation of Drag Reduction with Uniform Blowing over a Rough Wall Eisuke Mori

11 th International ERCOFTAC Symposium on Engineering Turbulence Modelling and Measurement Palermo, Sept. 21-23, 2016 Direct Numerical Simulation of Drag Reduction with Uniform Blowing over a Rough Wall Eisuke Mori 1,2 , Maurizio Quadrio 2 and

1.08k views • 31 slides
Agenda The teleconference system in Kyushu University H.323 TV conference system

Agenda The teleconference system in Kyushu University H.323 TV conference system

MCU (Multi point Control Unit) for H.323 and software Polycom Yasuaki Antoku Kyushu Univ. Hospital / Japan Agenda The teleconference system in Kyushu University H.323 TV conference system MCU(Multi point Control Unit) H.323

815 views • 11 slides
Finding Characteristic Substrings from Compressed Texts Shunsuke Inenaga Kyushu University, Japan

Finding Characteristic Substrings from Compressed Texts Shunsuke Inenaga Kyushu University, Japan

Finding Characteristic Substrings from Compressed Texts Shunsuke Inenaga Kyushu University, Japan Hideo Bannai Kyushu University, Japan Text Mining and Text Compression Text mining is a task of finding some rule and/or knowledge from given textual

719 views • 45 slides
Recognition of Japanese Historical Hand- Written Characters Based on Object Detection Methods

Recognition of Japanese Historical Hand- Written Characters Based on Object Detection Methods

Recognition of Japanese Historical Hand- Written Characters Based on Object Detection Methods Yiping Tang, Kohei Hatano, Eiji Takimoto Kyushu university What is Kuzushiji? Definition(*) Kuzushiji is written with hand- written

346 views • 16 slides
Compact Sealed lithium target for accelerator-driven BNCT system Kazuki Tsuchida, Yoshiaki

Compact Sealed lithium target for accelerator-driven BNCT system Kazuki Tsuchida, Yoshiaki

th High Power Targetry Workshop 4 8 June 201 , FRIB Michigan State University Compact Sealed lithium target for accelerator-driven BNCT system Kazuki Tsuchida, Yoshiaki Kiyanagi Nagoya University 1 B oron N eutron C apture

510 views • 20 slides
Magnetic-Tower Jet Solution for Astrophysical Jets Yoshiaki Kato Center for Computational

Magnetic-Tower Jet Solution for Astrophysical Jets Yoshiaki Kato Center for Computational

Magnetic-Tower Jet Solution for Astrophysical Jets Yoshiaki Kato Center for Computational Sciences, University of Tsukuba Workshop on MHD Processes in Galaxies, Accretion disks and in Star Forming Regions @ Chiba Univ. Nov. 17 - 18, 2005

400 views • 19 slides
Genetic Testing of Children for the Sake of Other Family Members Eiji Maruyama Kobe University

Genetic Testing of Children for the Sake of Other Family Members Eiji Maruyama Kobe University

Genetic Testing of Children for the Sake of Other Family Members Eiji Maruyama Kobe University School of Law Introduction In this presentation, I would like to discuss the ethical and legal problems of genetic testing of minors for the sake

448 views • 17 slides
Paracontrolled calculus and regularity structures Masato Hoshino Kyushu University July 31, 2019

Paracontrolled calculus and regularity structures Masato Hoshino Kyushu University July 31, 2019

Paracontrolled calculus and regularity structures Masato Hoshino Kyushu University July 31, 2019 Joint work with Isma el Bailleul (Universit e de Rennes 1) Masato Hoshino (Kyushu University) Paracontrolled calculus and regularity

375 views • 18 slides
Rolling CR-manifolds Setsuo TANIGUCHI Faculty of Arts and Science, Kyushu University November 9,

Rolling CR-manifolds Setsuo TANIGUCHI Faculty of Arts and Science, Kyushu University November 9,

Rolling CR-manifolds Setsuo TANIGUCHI Faculty of Arts and Science, Kyushu University November 9, 2015 S. Taniguchi (Kyushu Univ) Rolling CR-manifolds November 9, 2015 1 / 16 Introduction Introcuction (The Eells-Elworthy-Malliavin Approach)

512 views • 8 slides
Limit theorems for determinantal point processes Tomoyuki Shirai 1 2 Kyushu University May. 8,

Limit theorems for determinantal point processes Tomoyuki Shirai 1 2 Kyushu University May. 8,

Limit theorems for determinantal point processes Tomoyuki Shirai 1 2 Kyushu University May. 8, 2019 1 Joint work with Makoto Katori (Chuo University) 2 A Probability Conference Random Matrices and Related Topics @KIAS, Seoul, Korea, May

540 views • 37 slides
Japanese Guidelines for End-of-Life Medical Care Eiji Maruyama Kobe University School of Law

Japanese Guidelines for End-of-Life Medical Care Eiji Maruyama Kobe University School of Law

Japanese Guidelines for End-of-Life Medical Care Eiji Maruyama Kobe University School of Law Background Cases Tokai University Hospital Case Yokohama District Court, March 28, 1995 Kawasaki Cooperative Hospital Case Yokohama District Court,

370 views • 21 slides
using Collaborative Filtering Kazuaki Nakamura, Eiji Miyazaki, Naoko Nitta, and Noboru Babaguchi

using Collaborative Filtering Kazuaki Nakamura, Eiji Miyazaki, Naoko Nitta, and Noboru Babaguchi

Generating Handwritten Character Clones from an Incomplete Seed Character Set using Collaborative Filtering Kazuaki Nakamura, Eiji Miyazaki, Naoko Nitta, and Noboru Babaguchi Osaka University, Japan on 6th Aug. 2018, at ICFHR2018 Research

396 views • 17 slides
Basic relative invariants of homogeneous convex cones Hideto Nakashima Kyushu university (JSPS

Basic relative invariants of homogeneous convex cones Hideto Nakashima Kyushu university (JSPS

Basic relative invariants of homogeneous convex cones Hideto Nakashima Kyushu university (JSPS Research Fellow) 2014/6/25 RIMS, Kyoto university Hideto Nakashima (Kyushu univ.) Basic relative invariants 2014/6/25 1 / 29 Background

1.24k views • 35 slides

More recommend