aai introductory tutorial - switchezproxy moodle ilias dokeos 20’000 active users 143 resources...
TRANSCRIPT
2006 © SWITCH 2AAI Introduction, 21 November 2006, Berne
University A
Library B
University C
Without AAI
Student Admin
Web Mail
e-Learning
Literature DB
e-Learning
Research DB
AuthorizationUser AdministrationAuthentication Resource Credentials
Tedious user registrationat all resources
Unreliable and outdateduser data at resources
Different login processes
Many different passwords
Many resources notprotected due to difficulties
Often IP-basedauthorization
Costly implementation ofinter-institutional access
e-Journals
2006 © SWITCH 3AAI Introduction, 21 November 2006, Berne
University A
Library B
University C
AAI
With AAI
Student Admin
Web Mail
e-Learning
Literature DB
e-Learning
Research DB
AuthorizationUser AdministrationAuthentication Resource Credentials
No user registration anduser data maintenance atresource needed
Single login process forthe users
Many new resourcesavailable for the users
Enlarged usercommunities for resources
Authorization independentof location
Efficient implementation ofinter-institutional access
e-Journals
2006 © SWITCH 4AAI Introduction, 21 November 2006, Berne
Shibboleth
Open Source Developed by Internet2 Federated Approach Privacy National deployment projects in the US, UK and Finland,
growing interest in other European countries For web resources only - as a first step Based on SAML Cooperations with Liberty Alliance Cooperations with Content Providers (e-journals)
http://shibboleth.internet2.edu/
2006 © SWITCH 5AAI Introduction, 21 November 2006, Berne
Demo (Try it yourself)
http://www.switch.ch/aai/-> Live Demo-> demo resource
http://www.switch.ch/aai/demo/demo_live.html
2006 © SWITCH 6AAI Introduction, 21 November 2006, Berne
Demo
https://kohala.switch.ch/secure/
2006 © SWITCH 7AAI Introduction, 21 November 2006, Berne
WAYF
Single Sign On
DemoResource
13
264
5Credentials
Home Org
8
9 wayf.switch.ch aai-viewer.switch.ch
http://dokeos.unige.ch/home
E-LearningResource
7
dokeos.unige.ch
10
2006 © SWITCH 8AAI Introduction, 21 November 2006, Berne
SWITCHaai Building Blocks
IdentityProviders
(Home Orgs)
Service Providers
(Resources)
OrganisationalFramework
Interoperation
CentralServices Funding
2006 © SWITCH 9AAI Introduction, 21 November 2006, Berne
Identity Providers in SWITCHaai
IdentityProviders
Coverage175’000 Users (> 75%)In Swiss Higher Education
UniL
Operational
ETHZUZH
UniBE
SWITCH
UniGE
ZHW
UniLU
USZUniBAS
UniNE
UniSG
Federation Member
EPFL
RERO
PHBernHSR
SUPSI
HTW Chur
HUG
NTB
FHZUniFR
USI
BFH
2006 © SWITCH 10AAI Introduction, 21 November 2006, Berne
AAI-enabling your Home Organization
UserDirectory
IdentityProviders
Username
AuthenticationSystem
e.g. JNDI
JDBC
Web Servers Tomcat Apache + Tomcat IIS + Tomcat
Web Single Sign-On (SSO) CAS Pubcookie
Identity Provider
Authentication Systems / User Directories OpenLDAP, Active Directory MS SQL, Oracle …
Web Server
Shib
bole
th
SSO
2006 © SWITCH 11AAI Introduction, 21 November 2006, Berne
Personal
Unique IdentifierSurnameGiven name
E-mailAddress(es)Phone number(s)Preferred languageDate of birthGender
Group Membership
Home Organization NameHome Organization TypeAffiliation (student, staff, …)
Study branchStudy levelStaff categoryGroup membershipOrganization PathOrganizational Unit Path
Implementation of Attributes Mandatory Recommended or optional
Based on eduPerson Attributes “Schweizerisches
Hochschulinformationssystem”(SHIS)
NO username, password
Authorization Attributes
Interoperation
http://www.switch..ch/aai/docs/AAI_Attr_Specs.pdf
2006 © SWITCH 12AAI Introduction, 21 November 2006, Berne
Access Control Example: DOITDOIT: Dermatology Online with Interactive Technology
Resource
Universtié de Lausanne
Universität Zürich
Universität Bern
Identity Provider
Access RuleHomeOrg = UniZH | UniBE | UniLAffiliation = StudentStudyBranch = MedicineStudyLevel = 20
http://www.cyberderm.net/ ServiceProviders
2006 © SWITCH 13AAI Introduction, 21 November 2006, Berne
Types of Service ProvidersE-Learning Libraries
Other Web Apps
DOITDOITVITELSVITELS
Commercial
ScienceDirectScienceDirectWebCT WebCT CECEOLATOLAT
BlackboardBlackboard
SwissLexSwissLexeShopseShops
CablecomCablecom
Federal CourtFederal Court
WebCT WebCT VistaVista EZproxyEZproxy
MoodleMoodle ILIASILIASdokeosdokeos
20’000 Active Users143 Resources
e-academye-academy
BSCWBSCW
eConfeConf-Portal-PortalCompiCampusCompiCampus
IS-AcademiaIS-AcademiauPortaluPortaljahiajahia
LenyaLenyaSAP-CMSAP-CM
VirtualLibVirtualLib
EVAEVA
RERORERO
AlephAleph
JSTORJSTOR
operational pilot project ideas
WebSMSWebSMS WebLawWebLaw
ClarolineClaroline
SympaSympaNeptunNeptun
SilviaSilvia
ServiceProviders
2006 © SWITCH 14AAI Introduction, 21 November 2006, Berne
Shibbolization of Resources
• Static Content (HTML,directories…)
Apache/IIS
content
shibd
shibmodule
Scripts(PHP/ASP)
mod_jk JavaApplications
Tomcat
• Web Applications written inscript (PHP/ASP/Perl) withinApache/IIS
• Java Web Applications runningin Tomcat
• Already Shibbolized Applications
ServiceProvidershttp://www.switch.ch/aai/howto/
2006 © SWITCH 15AAI Introduction, 21 November 2006, Berne
Java Service Provider Integration
Web Server•Apache•IIS
mod_jk /JK redirector
Java AppServer•Tomcat
JavaApplications
Example: Jahia @ UniL
Shibboleth SP(module)
Using Shibboleth 2.0Java Service Provider
Today
ServiceProviders
Soon (Spring 07)
Java AppServer•Tomcat, …
JavaApplications
ShibSP
(Java)
2006 © SWITCH 16AAI Introduction, 21 November 2006, Berne
Already Shibbolized Applications
• ArtSTOR• Blackboard• Bodington.org• CSA• Darwin Streaming Server• Digitalbrain PLC• eAcademy• EBSCO Publishing• Elsevier ScienceDirect• ExLibris - SFX• Fedora• Higher Markets• Hupnet• ILIAS• JSTOR
• Moodle• Napster• NSDL• OCLC• OLAT• Ovid Technologies Inc.• Proquest Information and Learning• Serials Solutions• SYMPA• Thomson Gale• TWiki• Useful Utilities - EZproxy• WebAssign• WebCT
http://shibboleth.internet2.edu/seas.htmlServiceProviders
2006 © SWITCH 18AAI Introduction, 21 November 2006, Berne
Summary
AAI - Authentication and Authorization Infrastructure Secure Single Sign On to web resources 175‘000 AAI users (> 75 % of Swiss higher education) Many AAI enabled Resources, mainly in E-Learning