bfb : supporting collaboration with infrastructure
DESCRIPTION
BfB : Supporting Collaboration with Infrastructure. Topics. The components: COmanage Grouper Shibboleth The activities VO versus Enterprise IdM Attributes and Metadata International Collaboration. The “Bedrock” Grant. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/1.jpg)
BfB: Supporting Collaboration with Infrastructure
![Page 2: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/2.jpg)
Topics• The components:
• COmanage• Grouper• Shibboleth
• The activities• VO versus Enterprise IdM• Attributes and Metadata• International Collaboration
![Page 3: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/3.jpg)
The “Bedrock” Grant• Building from Bedrock: Infrastructure Improvements for
Collaboration and Science – an NSF OCI grant• Focus on further developing and integrating tools to allow
collaborations to operate efficiently in the IdM space• COmanage• Grouper• Shibboleth
http://www.internet2.edu/bedrock/
![Page 4: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/4.jpg)
COmanage• Scalable identity, group, access management for
collaborative organizations, synthesizing identity needs and infrastructure from federated sources as well as internal CO sources
• Partner CO include: LIGO, iPlant, Bamboo
![Page 5: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/5.jpg)
![Page 6: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/6.jpg)
COmanage• Upcoming deliverables
• Implementation by initial VO• Hosted instance• VAMP – a VO Advanced CAMP• More domesticated applications• Federated and social identity authentication• REST API for applications to tie in to for authentication and
other IdM needs
• http://www.internet2.edu/comanage
![Page 7: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/7.jpg)
Grouper
• A rich, scalable toolkit to manage group information in the identity infrastructure
• Groups help consolidate actions around provisioning, reporting, access
![Page 8: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/8.jpg)
![Page 9: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/9.jpg)
Grouper
• Immediate deliverables and activities funded by Bedrock:• Federated groups and Grouper instances
• http://www.internet2.edu/grouper
![Page 10: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/10.jpg)
Shibboleth
• A standards based, open source software package for web single sign-on across or within organizational boundaries
• A powerful force behind federated identityImmediate deliverables and activities funded by Bedrock:• Expand web-based architecture to non-web services
![Page 11: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/11.jpg)
SAML federations worldwide – a bit of size
![Page 12: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/12.jpg)
Shibboleth
• Upcoming items• Expand web-based architecture to non-web services• Single IdP log out• Centralized discovery service• Improved TestShib code
http://shibboleth.internet2.edu/
![Page 13: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/13.jpg)
More on the collaboration space
• How VO and Enterprise IdM differ• VO often have greater federation needs• VO generally built around unique data sets,
instruments• VO often multi-institutional, multi-national• Enterprise IdM (usually) has a stronger LoA• Enterprise IdM (usually) have a stronger infrastructure
![Page 14: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/14.jpg)
Attributes and metadata
• Push versus pull in the domesticated application space• Or, real time versus on-demand information to
applications?• What metadata should exist so that different
collaboration management platforms can share information about their CO?
• What metadata should exist in a universe of CO?
![Page 15: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/15.jpg)
Grouper in a VO context
• “We chose Grouper because of its flexibility, the number and types of interfaces (web services interfaces in particular), and because we could see that it was being solidly developed and supported.” - Scott Koranda, Senior Scientist @ LIGO
• VO have a need for group and group management similar to what enterprise need
![Page 16: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/16.jpg)
Shibboleth, OpenID, Facebook…
• Federated versus Social identity• Federated identity leverages organizational
identity, rich attributes and multiple levels of assurance• Social identity, represented by Google, MSN,
Yahoo!, AOL, Facebook, etc. provide convenient and lightweight identities for many popular sites
![Page 17: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/17.jpg)
Common traits to CO outside the portal world
• Single CO• Probably a command-line
oriented CO with an equal focus on person identity and tool availability• Tool integration possibilities with
a published REST API
• Multiple CO within the CMP
• Probably a CO that is acting more as a service provider to various groups than one focused on a single collaboration effort, where absolute control over branding is important • See the CO Assessment Document to
help understand requirements of a complex environment
![Page 18: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/18.jpg)
Common traits to Portal-based CO
• Single CO• Probably a CO with a more
app-focused collaboration • See the Domestication Wiki for
apps that may suit your VO
• Multiple CO in a CMP
• Probably a CO that is acting as a service provider to a variety of collaborations that cannot share resources fully, but where the apps and services are still the focus of the collaboration
![Page 19: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/19.jpg)
Outreach efforts• International collaborations on collaboration
• COIN – SURFnet• COIP – SWAMI• Gakunin federation in Japan
![Page 20: BfB : Supporting Collaboration with Infrastructure](https://reader035.vdocument.in/reader035/viewer/2022062816/56816267550346895dd2d15f/html5/thumbnails/20.jpg)
URL
• COmanage REST API: • https://spaces.internet2.edu/display/COmanage/
REST+COnnector• CO Requirements Assessment Document: • https://spaces.internet2.edu/display/COmanage/
CO+Requirements+Assessment• Domesticated Application wiki: • https://wiki.surfnetlabs.nl/display/domestication