04/19/2304/19/23META ACCESS MANAGEMENT SYSTEM
11
Platforms for CollaborationPlatforms for Collaboration– Plus brief update from Australia –– Plus brief update from Australia –
Dr. Erik VullingsDr. Erik Vullings
MAMS ProjectMAMS ProjectMacquarie University’s E-Learning Centre of Excellence (MELCOE)Macquarie University’s E-Learning Centre of Excellence (MELCOE)
[email protected]@mq.edu.auSkype name: Erik_VullingsSkype name: Erik_Vullings
9-11-20069-11-2006My condolencesMy condolences
04/19/2304/19/23 22META ACCESS MANAGEMENT SYSTEM
ContentsContents
Brief update on AU-Federation statusBrief update on AU-Federation statusMini-grant projectsMini-grant projectsUser privacy mgmt via AutographUser privacy mgmt via AutographShibbolized IM: ShibJIMShibbolized IM: ShibJIM
Platform for Collaboration:Platform for Collaboration:A Virtual Organization (similar to myVocs)A Virtual Organization (similar to myVocs)Based on Shibbolized GridSphere & MyProxyBased on Shibbolized GridSphere & MyProxyWith cross-federation IdP manager, SP With cross-federation IdP manager, SP
manager and workspace support…manager and workspace support…
04/19/2304/19/23 33META ACCESS MANAGEMENT SYSTEM
MAMS $40k-Grant ProgramMAMS $40k-Grant Program(Federation status: 600,000 Shibboleth Identities, 20%HE)(Federation status: 600,000 Shibboleth Identities, 20%HE)
Round 1 (Feb 2006):Round 1 (Feb 2006): AARNet:AARNet:
IdP, ENUM SPIdP, ENUM SP Griffith:Griffith:
IdP, Wiki SP, Gnomic DBIdP, Wiki SP, Gnomic DB QUT:QUT:
ATN IdP, eGrad School SPATN IdP, eGrad School SP QUQU
IdP, Fez (Fedora GUI) SPIdP, Fez (Fedora GUI) SP USYDUSYD
IdP, Sensor data SPIdP, Sensor data SP
Round 2 (Jul 2006):Round 2 (Jul 2006): Deakin:Deakin:
IdP, e-LecturesIdP, e-Lectures JCU:JCU:
IdP, SRB & PloneIdP, SRB & Plone Melbourne:Melbourne:
IdP, IAM suite (LIGO)IdP, IAM suite (LIGO) MonashMonash
IdP, IAM suite SPIdP, IAM suite SP Murdoch & MQ:Murdoch & MQ:
IdP, Online LibrarianIdP, Online Librarian WAGUL:WAGUL:
5 IdP, reciprocal borrowing5 IdP, reciprocal borrowing
04/19/2304/19/23 44META ACCESS MANAGEMENT SYSTEM
Privacy Management with AutographPrivacy Management with AutographControl what’s on your SAML assertion…Control what’s on your SAML assertion…
IdentityProvider
ServiceProvider
SP uses SAML handle to retrieve
user attributes
04/19/2304/19/23 55META ACCESS MANAGEMENT SYSTEM
Different cards open different doorsDifferent cards open different doors – Services & Service Level – – Services & Service Level –
04/19/2304/19/23 66META ACCESS MANAGEMENT SYSTEM
Different cards open different doorsDifferent cards open different doors – Services & Service Level – – Services & Service Level –
04/19/2304/19/23 77META ACCESS MANAGEMENT SYSTEM
Adding Personal AttributesAdding Personal Attributes
Other examples: Accessibility info (colorblind, blind), Other examples: Accessibility info (colorblind, blind), Skype user name, IM account name, etc.Skype user name, IM account name, etc.
04/19/2304/19/23 1212META ACCESS MANAGEMENT SYSTEM
““All research projects are different, but most All research projects are different, but most project infrastructures are more equal than not”project infrastructures are more equal than not”
All projects require:All projects require:Collaboration between project members Collaboration between project members Collaboration with external peopleCollaboration with external peopleDissemination of research resultsDissemination of research resultsAuthN & AuthZ (what’s public, what’s not)AuthN & AuthZ (what’s public, what’s not)
IAM SuiteIAM Suite– – [I AM Suite] [I AM Suite] Prototyping a PfC –Prototyping a PfC –
04/19/2304/19/23 1313META ACCESS MANAGEMENT SYSTEM
IAM SuiteIAM Suite– – [I AM Suite] [I AM Suite] Prototyping a PfC –Prototyping a PfC –
Scope:Scope: A toolkit for eResearch Projects and Dept., A toolkit for eResearch Projects and Dept.,
wishing to leverage Federated ID for accessing wishing to leverage Federated ID for accessing data, resources and generic collaboration tools data, resources and generic collaboration tools over the grid, but excl. research-specific tools.over the grid, but excl. research-specific tools.
Installation:Installation: Similar to ISP that hosts your CMS, forum etc.:Similar to ISP that hosts your CMS, forum etc.:
Tick the box and you are ready to run… Tick the box and you are ready to run…
04/19/2304/19/23 1414META ACCESS MANAGEMENT SYSTEM
Possible MiddlewarePossible MiddlewareHE Infrastructure for CollaborationHE Infrastructure for Collaboration
WAYF<<SP>>
CA?<<SP>>
MyProxyserver
Federation Services
IdP1@UQ IdP2@UTS IdPn@MQ…<<SP>>
IR…
MyProxy Client
SP: Wiki
SP: Forum
SP: CMS
GTK: Grid
GTK: HPC
GTK: Store
VO IdP
Federation Level
Institutions Level
Virtual Org. Level(intra-institution,
eResearch project)
Gateway(CTS)
<<SP>>
CMS<<SP>>
VO Portal
04/19/2304/19/23 1515META ACCESS MANAGEMENT SYSTEM
IAM SuiteIAM Suite
GridSphere
Federation SP
GroupModule
VO-IdP
VO-WAYF
AuthN IM
Fedora(internal or external, e.g. IR)
VO-SP
Forum
Federation
FedoraWeb
ShARPE
Autograph
Presence
PeoplePicker
Calendar
MyProxy
AuthZ Mgnr VO-SP
LMS
VO-SP
Wiki
VO-SP
Etc.
GTK
Storage
GTKSpecific
tools
GTK
Cluster
GTK
Equipm.
SearchLogin via IdP
Receiveassertions
SendSAML assertions
Send
proxy cert.
AFS adaptor Contains VO group attributes for RBAC.
04/19/2304/19/23 2121META ACCESS MANAGEMENT SYSTEM
FLASH DEMO IAM SUITEFLASH DEMO IAM SUITE
1.1. ShibShib login to GS via VO-WAYF login to GS via VO-WAYF admin adds Wiki service and tests itadmin adds Wiki service and tests it
2.2. Create a groupCreate a group
3.3. Add a resource and service to a groupAdd a resource and service to a group TBD authN source (none, IdP, VO-IdP, cert)TBD authN source (none, IdP, VO-IdP, cert)
4.4. Workspace (virtual room)Workspace (virtual room):: Create workspace & roles, add VO Create workspace & roles, add VO
members, services, and resources…members, services, and resources…