Establishing an AAI service in DFN Ulrich Kähler, DFN-Verein kaehler@dfn.de Jürgen Rauschenbach, DFN-Verein jrau@dfn.de
Events and plans • March 2006: 1. Meeting of an advisory group and early adopters: Libraries, GRIDs, eLearning, service provider • April – September 2006 f2f meetings and videoconf´s on different items • November 2006: basic documents ready (Policy, contracts, service agreements, etc) • Autumn 2006: establishment of central services, pilot operation • Spring 2007: Contracts and start of service
Drivers • REDI (AAR) project University Freiburg, very much focussed on Shibboleth • Grid (German Grid D-Grid), in the trend to move towards Shibboleth • eLearning portal (Saxonia), Shibboleth based, all HS in Saxonia Seite 3
Tasks of the DFN-Verein • Providing guidelines (Policy) • Contract preparation and conclusion • Central operations • Public Relations • International representation of the DFN-AAI community
central operational tasks • Metadata administration (under construction) • Test system (operational) • WAYF-Server (under construction) • Certification Authority (DFN-PKI) (operational) • Consulting, training (starts 2007) • Support provided by DFN-NOC
DFN-AAI DFN-Verein • Is the central contract partner for all participants of DFN- AAI. S2 S... S1 Sn DFN A1 An A... A2 • All contracts are service contracts. Seite 6
contractual concept DFN-Frame contract Attachments: Policy DFNInternet techn. precondition IdM DFNFernsprechen Certificates DFNAAI Service agreement Attribute schema Operational components (fees)
Quality preconditions for IdM - Quality requirements - Reliability security levels, avoidance of abuse - Actuality changes close to the real event - Traceability Documentation, Logging - Resilience back-up systems - Consistence with national legal rules - data protection rules
DFN-AAI schema discussion • Agreement on just a few „basic“ attributes for now, (others have the state „recommended“): – sn (surname) (from Person) – email (from inetOrgPerson) – eduPersonPrincipalName (from eduPerson) – eduPersonScopedAffiliation – eduPersonEntitlement – eduPersonTargetedID • Basic attributes need to be present in the IdM or could be mapped Seite 9
Usage of certificates • Certificates are used in 3 areas in DFN-AAI: – Operation of Shibboleth – Authentification of the web servers offering these services – Authentification of users Seite 10
Zertifikate in der DFN-PKI 2.000 A n z a h l Z e r t i f i k a t e 1.600 1.200 800 400 0 11.05 12.05 01.06 02.06 03.06 04.06 05.06 06.06 07.06 08.06 09.06 10.06 Summe Zertifikate Classic Zertifikate Grid Zertifikate Seite 11
Kontakt Questions around DFN-AAI: E-Mail: aai@dfn.de ? ? ? Seite 12
Recommend
More recommend