federated user credential deployment portal feudal
play

Federated User Credential Deployment Portal (FEUDAL) Lukas Burgey | - PowerPoint PPT Presentation

Apr 23, 2023 •294 likes •519 views

Federated User Credential Deployment Portal (FEUDAL) Lukas Burgey | August 29, 2018 STEINBUCH CENTRE FOR COMPUTING www.kit.edu KIT University of the State of Baden-Wuerttemberg and National Research Centre of the Helmholtz Association

  1. Federated User Credential Deployment Portal (FEUDAL) Lukas Burgey | August 29, 2018 STEINBUCH CENTRE FOR COMPUTING www.kit.edu KIT – University of the State of Baden-Wuerttemberg and National Research Centre of the Helmholtz Association

  2. Context Helmholtz Data Federation (HDF) Sites: KIT, FZJ, DKFZ, AKI, GSI, and DESY Federated Identities using SP-IdP-Proxy (AARC BPA) User Authentication by the IdPs at the sites Extends user information from IdPs August 29, 2018 2/1 Lukas Burgey – FEUDAL –

  3. Deployment User deployment Account provisioning Deployment of user credentials SSH public key password etc. August 29, 2018 3/1 Lukas Burgey – FEUDAL –

  4. Requirements (1/2) Web Portal Deployment Federated user authentication Credentials: SSH public keys Fault tolerant Response time: Close to network latency Services Services can be hosted at multiple sites Sites can host multiple services August 29, 2018 4/1 Lukas Burgey – FEUDAL –

  5. Requirements (2/2) At the sites: Interface with all possible User Management Systems Customisable by the local Administrator Attractive to host services No incoming connections Secure August 29, 2018 5/1 Lukas Burgey – FEUDAL –

  6. FEUDAL Workflow User: SSH public key upload 1 User: VO / service selection 2 Portal: Account provisioning at the services 3 Portal: Key deployment to the account 4 Portal: Display login information to the user 5 User: Can access the services with the public key 6 August 29, 2018 6/1 Lukas Burgey – FEUDAL –

  7. Architecture (1/2) Distributed: FEUDAL clients Every site hosts one or more clients The clients execute the deployments Central elements: Web portal User interface FEUDAL backend + database Sends messages to the clients Stores user information and credentials August 29, 2018 7/1 Lukas Burgey – FEUDAL –

  8. IdP IdP Database Backend Server Unity SP-IdP-Proxy user info, groups Backend initialize publish authentication �� requests User Webpage REST-API RabbitMQ fetch, acknowledge send Site Client Site Client Own implementation Preexisting script call script call

  9. Architecture (1/2) Technology SP-IdP-Proxy: OpenID Connect Backend: Django/Python Inbuilt administration frontend Simplifies usage of Database Django REST Framework Clients: Go Static linking Webpage: Angular/Typescript Asynchronous requests August 29, 2018 9/1 Lukas Burgey – FEUDAL –

  10. Messaging (1/4) Messages (JSON): Backend → Client: identifier action ∈ { “deploy”, “remove” } service SSH public key user info (from OpenID Connect) group memberships (from Unity) Backend ← Client: Acknowledgement identifier login information August 29, 2018 10/1 Lukas Burgey – FEUDAL –

  11. Messaging (2/4) Publish Subscribe Quick transmission (close to network latency) Only outgoing connections at the clients Dedicated message broker: RabbitMQ Delegated authentication of clients Inbuilt message routing August 29, 2018 11/1 Lukas Burgey – FEUDAL –

  12. Messaging (3/4) Message routing RabbitMQ service0 queue client0 Backend service1 queue Exchange Publisher service1 queue client1 August 29, 2018 12/1 Lukas Burgey – FEUDAL – Figure: Clients receive only messages for the services of their site.

  13. Messaging (4/4) Clients manually fetch messages On startup Missed deployments Per interval (e.g. 30 minutes) Result: Unacknowledged deployments are retried August 29, 2018 13/1 Lukas Burgey – FEUDAL –

  14. Security Considerations (1/2) Confidentiality & Integrity TLS for all transmissions Authentication User: OpenID Connect FEUDAL Client: password August 29, 2018 14/1 Lukas Burgey – FEUDAL –

  15. Security Considerations (2/2) Authorisation User groups from Unity service ↔ groups FEUDAL Client: configuration Trust Service provider need to trust SP-IdP-Proxy Backend → Future work: Confirm data from the backend August 29, 2018 15/1 Lukas Burgey – FEUDAL –

  16. Demo Time Demo Time August 29, 2018 16/1 Lukas Burgey – FEUDAL –

  17. Key Features Asynchronous deployment: if a site is down for a while, all deployments are retransmitted, once the site is back up. Future deployments: New machines can receive all users in the supported VO. Realtime deployments: http sockets to push information. Integration to local usermanagement left to the site-admin August 29, 2018 17/1 Lukas Burgey – FEUDAL –

  18. Questions? Questions? August 29, 2018 18/1 Lukas Burgey – FEUDAL –

  19. Backup Slides Backup Slides August 29, 2018 19/1 Lukas Burgey – FEUDAL –

  21. WaTTS Token Translation Service (AARC BPA) Uses plugins to translate tokens Plugins can be used to do deployment Not optimal August 29, 2018 21/1 Lukas Burgey – FEUDAL –

  22. 4: IdP selection Site 5: redirect SP-IdP-Proxy IdP 7: redirect 8: redirect 3: redirect 6: authentication 1: redirect �� Backend 9: redirect 2: Authentication Request

Recommend

MULTIPLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

MULTIPLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

MULTIPLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk, Director Dora Apodaca, Credential Analyst Evelyn Martinez, Office Coordinator Leah Sosnowski, Credential Analyst Meredith West, Credential Analyst

502 views • 14 slides
SINGLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

SINGLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

SINGLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk, Director Dora Apodaca, Credential Analyst Evelyn Martinez, Office Coordinator Leah Sosnowski, Credential Analyst Meredith West, Credential Analyst

573 views • 14 slides
BIT Maintaining Training Efficiency and Accuracy for Edge-assisted Online Federated

BIT Maintaining Training Efficiency and Accuracy for Edge-assisted Online Federated

BIT Maintaining Training Efficiency and Accuracy for Edge-assisted Online Federated Learning with ABS Jiayu Wang, Zehua Guo, Sen Liu, Yuanqing Xia Beijing Institute Of Technology, Fudan University 1 Federated Learning User devices

612 views • 12 slides
New Grower Web Portal Mike Hedditch July 2014 New Grower Web Portal A Phase 2 enhancement of the

New Grower Web Portal Mike Hedditch July 2014 New Grower Web Portal A Phase 2 enhancement of the

New Grower Web Portal Mike Hedditch July 2014 New Grower Web Portal A Phase 2 enhancement of the SunRice Corporate websit e Goes live mid-August to provide a user-friendly portal for all the information required to grow rice for SunRice

505 views • 9 slides
Introduction to Intl Credential Evaluation 10/30/2013 Introduction to International Credential

Introduction to Intl Credential Evaluation 10/30/2013 Introduction to International Credential

Introduction to Intl Credential Evaluation 10/30/2013 Introduction to International Credential Evaluation Shelby L. Cearley Texas Tech University Office of Graduate & International Admissions Todays Session Agenda A brief roadmap

372 views • 5 slides
Guarding user Privacy with Federated Learning and Differential Privacy Brendan McMahan

Guarding user Privacy with Federated Learning and Differential Privacy Brendan McMahan

Guarding user Privacy with Federated Learning and Differential Privacy Brendan McMahan mcmahan@google.com DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to Data Sharing including Privacy and Fairness 2017.10.24 Our Goal Imbue

956 views • 70 slides
Em Emplo loyee ee Ac Access cess Portal tal Jim Hogg County ISD HOME PAGE FOR EMPLOYEE

Em Emplo loyee ee Ac Access cess Portal tal Jim Hogg County ISD HOME PAGE FOR EMPLOYEE

Em Emplo loyee ee Ac Access cess Portal tal Jim Hogg County ISD HOME PAGE FOR EMPLOYEE ACCESS PORTAL {insert URL for website} First time logging in choose New User Create a New User Page 1 1. . Enter your nin ine-digit so social l

211 views • 20 slides
-: U ser M an ual :- 1. First the office user after receiving their user id and password from

-: U ser M an ual :- 1. First the office user after receiving their user id and password from

-: U ser M an ual :- 1. First the office user after receiving their user id and password from their respective districts must visit www.wbppms.gov.in. 2. In the web portal click on either Get Started or Signin in the upper right

408 views • 9 slides
CREDENTIAL, ADJUNCT AND OVERLOAD PROCESS-ACADEMIC AFFAIRS REQUIREMENTS May 29 th , 2020

CREDENTIAL, ADJUNCT AND OVERLOAD PROCESS-ACADEMIC AFFAIRS REQUIREMENTS May 29 th , 2020

CREDENTIAL, ADJUNCT AND OVERLOAD PROCESS-ACADEMIC AFFAIRS REQUIREMENTS May 29 th , 2020 CREDENTIAL PROCESS May 29 th , 2020 CREDENTIAL STEPS 1. Original Transcripts sent to CAFA (Dr. Taylors Office: Curriculum, Assessment and Faculty

470 views • 16 slides
MyAmeriCorps Portal Release 3 VISTA Sponsors User Roles and Management

MyAmeriCorps Portal Release 3 VISTA Sponsors User Roles and Management

MyAmeriCorps Portal Release 3 VISTA Sponsors User Roles and Management Presentation developed for the Corporation for National and Community Service by Education Northwest

540 views • 43 slides
YOUR SUPPLIER PORTAL FOR BOTH IN AND OUTBOUND MANUFACTURING YO U R SUPPLIER PORTAL The

YOUR SUPPLIER PORTAL FOR BOTH IN AND OUTBOUND MANUFACTURING YO U R SUPPLIER PORTAL The

YOUR SUPPLIER PORTAL FOR BOTH IN AND OUTBOUND MANUFACTURING YO U R SUPPLIER PORTAL The portal digitally handles both your incoming purchases and works as customer portal for sales. Register all your current subcontractors and

585 views • 13 slides
WEB PORTAL COMM 3 E Learning Learning User User Multimedia Multimedia External Data

WEB PORTAL COMM 3 E Learning Learning User User Multimedia Multimedia External Data

A LIEN S PECIES V IRTUAL R ESEARCH E NVIRONMENT V IRTUAL R ESEARCH E NVIRONMENT & S ERVICES AND O UT R EACH Nicola Fiore Nicola Fiore LW Service Centre WEB PORTAL COMM 3 E Learning Learning User User Multimedia Multimedia External

785 views • 23 slides
Grid Computing for Bioinformatics: An Implementation of a User-Friendly Web Portal for ASTI's In

Grid Computing for Bioinformatics: An Implementation of a User-Friendly Web Portal for ASTI's In

Grid Computing for Bioinformatics: An Implementation of a User-Friendly Web Portal for ASTI's In Silico Laboratory R. Babilonia, M. Rey, E. Aldea, U. Sarte gridapps@asti.dost.gov.ph Outline Introduction: Who are we and what we do The

476 views • 24 slides
User Controllable Location Privacy Lessons from the Development and Deployment of Location

User Controllable Location Privacy Lessons from the Development and Deployment of Location

User Controllable Location Privacy Lessons from the Development and Deployment of Location Sharing Apps Patrick Gage Kelley Faculty: Norman Sadeh, Lorrie Cranor, Jason Hong Post-Docs: Paul Hankes Drielsma, Eran Toch PhD Students: Jialiu

552 views • 18 slides
FeUdal Networks for Hierarchical Reinforcement Learning Alexander Sasha Vezhnevets, Simon

FeUdal Networks for Hierarchical Reinforcement Learning Alexander Sasha Vezhnevets, Simon

FeUdal Networks for Hierarchical Reinforcement Learning Alexander Sasha Vezhnevets, Simon Osindero, Tom Schaul, Nicolas Heess, Max Jaderberg, David Silver, Koray Kavukcuoglu: DeepMind Rene Bidart (rbbidart@uwaterloo.ca) CS885 June 22, 2018

653 views • 27 slides
Service Catalogue & User Portal European e-Infrastructure Services Gateway e-IRG workshop,

Service Catalogue & User Portal European e-Infrastructure Services Gateway e-IRG workshop,

Service Catalogue & User Portal European e-Infrastructure Services Gateway e-IRG workshop, 3-4 October 2017, Estonia Dr. Jorge Sanchez (JNP), Dr. George Papastefanatos (UOA) Nikos Vogiatzis, Nikos Karampekios, Nancy Liva, Nektaria Berikou,

1k views • 67 slides
Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop R U Ready? This is my vest this is my CORE. These are all of the things I need as a Marine to be successful during this deployment: Who

426 views • 25 slides
Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop R U Ready? This is my vest this is my CORE. These are all of the things I need as a Marine to be successful during this deployment: Who

453 views • 34 slides
FeUdal Networks for Hierarchical Reinforcement Learning Alexander Sasha Vezhnevets, Simon

FeUdal Networks for Hierarchical Reinforcement Learning Alexander Sasha Vezhnevets, Simon

FeUdal Networks for Hierarchical Reinforcement Learning Alexander Sasha Vezhnevets, Simon Osindero, Tom Schaul, Nicolas Heess, Max Jaderberg, David Silver, Koray Kavukcuoglu Topic: Hierarchical RL Presenter: Thophile Gaudin Why Hierarchical

921 views • 22 slides
Navigating the MyU Portal Academic Year: 2020-2021 1 MyU Portal 2 MyU Portal Not to be

Navigating the MyU Portal Academic Year: 2020-2021 1 MyU Portal 2 MyU Portal Not to be

Navigating the MyU Portal Academic Year: 2020-2021 1 MyU Portal 2 MyU Portal Not to be confused with my.umc.edu (Lawson) Internet Browsers: Supported: Firefox Chrome Not Supported: Safari Instructions to update

558 views • 28 slides
PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A

PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A

RSA LABS PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A credential management service that allows individuals and employees to securely and seamlessly access any app from any device. 2 RHAPSODY

239 views • 9 slides
Presentation EDI WEB Portal for the MSSS Establishments EDI WEB Portal InterTrade presents the

Presentation EDI WEB Portal for the MSSS Establishments EDI WEB Portal InterTrade presents the

Presentation EDI WEB Portal for the MSSS Establishments EDI WEB Portal InterTrade presents the EDI Web Portal enabling the MSSS and their vendors to reach their EDI goals and improve their supply chain efficiency. This portal provides the

518 views • 3 slides
useworld.net An open user adaptive scientific internet portal for the human machine interaction

useworld.net An open user adaptive scientific internet portal for the human machine interaction

useworld.net An open user adaptive scientific internet portal for the human machine interaction community L. Urbas, S. Leuchter, M.C. Kindsmller, R. Weyers Center of Human-Machine Systems Technische Universitt Berlin Mai 22, 2003

174 views • 13 slides
Merchant PCI Compliance - Update PCI Compliance Reminders - Portal Access: www.pciapply.com/NWP

Merchant PCI Compliance - Update PCI Compliance Reminders - Portal Access: www.pciapply.com/NWP

Merchant PCI Compliance - Update PCI Compliance Reminders - Portal Access: www.pciapply.com/NWP - Agents have access to the Aperia Client Management Portal Experience - Get your user credentials! - Support/Compliance Center/Help Desk/QSA

66 views • 6 slides

More recommend