04/21/2304/21/23META ACCESS MANAGEMENT SYSTEM

11

Platforms for CollaborationPlatforms for Collaboration– Plus brief update from Australia –– Plus brief update from Australia –

Dr. Erik VullingsDr. Erik Vullings

MAMS ProjectMAMS ProjectMacquarie University’s E-Learning Centre of Excellence (MELCOE)Macquarie University’s E-Learning Centre of Excellence (MELCOE)

Erik.Vullings@mq.edu.auErik.Vullings@mq.edu.auSkype name: Erik_VullingsSkype name: Erik_Vullings

9-11-20069-11-2006My condolencesMy condolences

04/21/2304/21/23 22META ACCESS MANAGEMENT SYSTEM

ContentsContents

Brief update on AU-Federation statusBrief update on AU-Federation statusMini-grant projectsMini-grant projectsUser privacy mgmt via AutographUser privacy mgmt via AutographShibbolized IM: ShibJIMShibbolized IM: ShibJIM

Platform for Collaboration:Platform for Collaboration:A Virtual Organization (similar to myVocs)A Virtual Organization (similar to myVocs)Based on Shibbolized GridSphere & MyProxyBased on Shibbolized GridSphere & MyProxyWith cross-federation IdP manager, SP With cross-federation IdP manager, SP

manager and workspace support…manager and workspace support…

04/21/2304/21/23 33META ACCESS MANAGEMENT SYSTEM

MAMS $40k-Grant ProgramMAMS $40k-Grant Program(Federation status: 600,000 Shibboleth Identities, 20%HE)(Federation status: 600,000 Shibboleth Identities, 20%HE)

Round 1 (Feb 2006):Round 1 (Feb 2006): AARNet:AARNet:

IdP, ENUM SPIdP, ENUM SP Griffith:Griffith:

IdP, Wiki SP, Gnomic DBIdP, Wiki SP, Gnomic DB QUT:QUT:

ATN IdP, eGrad School SPATN IdP, eGrad School SP QUQU

IdP, Fez (Fedora GUI) SPIdP, Fez (Fedora GUI) SP USYDUSYD

IdP, Sensor data SPIdP, Sensor data SP

Round 2 (Jul 2006):Round 2 (Jul 2006): Deakin:Deakin:

IdP, e-LecturesIdP, e-Lectures JCU:JCU:

IdP, SRB & PloneIdP, SRB & Plone Melbourne:Melbourne:

IdP, IAM suite (LIGO)IdP, IAM suite (LIGO) MonashMonash

IdP, IAM suite SPIdP, IAM suite SP Murdoch & MQ:Murdoch & MQ:

IdP, Online LibrarianIdP, Online Librarian WAGUL:WAGUL:

5 IdP, reciprocal borrowing5 IdP, reciprocal borrowing

04/21/2304/21/23 44META ACCESS MANAGEMENT SYSTEM

Privacy Management with AutographPrivacy Management with AutographControl what’s on your SAML assertion…Control what’s on your SAML assertion…

IdentityProvider

ServiceProvider

SP uses SAML handle to retrieve

user attributes

04/21/2304/21/23 55META ACCESS MANAGEMENT SYSTEM

Different cards open different doorsDifferent cards open different doors – Services & Service Level – – Services & Service Level –

04/21/2304/21/23 66META ACCESS MANAGEMENT SYSTEM

Different cards open different doorsDifferent cards open different doors – Services & Service Level – – Services & Service Level –

04/21/2304/21/23 77META ACCESS MANAGEMENT SYSTEM

Adding Personal AttributesAdding Personal Attributes

Other examples: Accessibility info (colorblind, blind), Other examples: Accessibility info (colorblind, blind), Skype user name, IM account name, etc.Skype user name, IM account name, etc.

04/21/2304/21/23 1212META ACCESS MANAGEMENT SYSTEM

““All research projects are different, but most All research projects are different, but most project infrastructures are more equal than not”project infrastructures are more equal than not”

All projects require:All projects require:Collaboration between project members Collaboration between project members Collaboration with external peopleCollaboration with external peopleDissemination of research resultsDissemination of research resultsAuthN & AuthZ (what’s public, what’s not)AuthN & AuthZ (what’s public, what’s not)

IAM SuiteIAM Suite– – [I AM Suite] [I AM Suite] Prototyping a PfC –Prototyping a PfC –

04/21/2304/21/23 1313META ACCESS MANAGEMENT SYSTEM

IAM SuiteIAM Suite– – [I AM Suite] [I AM Suite] Prototyping a PfC –Prototyping a PfC –

Scope:Scope: A toolkit for eResearch Projects and Dept., A toolkit for eResearch Projects and Dept.,

wishing to leverage Federated ID for accessing wishing to leverage Federated ID for accessing data, resources and generic collaboration tools data, resources and generic collaboration tools over the grid, but excl. research-specific tools.over the grid, but excl. research-specific tools.

Installation:Installation: Similar to ISP that hosts your CMS, forum etc.:Similar to ISP that hosts your CMS, forum etc.:

Tick the box and you are ready to run… Tick the box and you are ready to run…

04/21/2304/21/23 1414META ACCESS MANAGEMENT SYSTEM

Possible MiddlewarePossible MiddlewareHE Infrastructure for CollaborationHE Infrastructure for Collaboration

WAYF<<SP>>

CA?<<SP>>

MyProxyserver

Federation Services

IdP1@UQ IdP2@UTS IdPn@MQ…<<SP>>

IR…

MyProxy Client

SP: Wiki

SP: Forum

SP: CMS

GTK: Grid

GTK: HPC

GTK: Store

VO IdP

Federation Level

Institutions Level

Virtual Org. Level(intra-institution,

eResearch project)

Gateway(CTS)

<<SP>>

CMS<<SP>>

VO Portal

04/21/2304/21/23 1515META ACCESS MANAGEMENT SYSTEM

IAM SuiteIAM Suite

GridSphere

Federation SP

GroupModule

VO-IdP

VO-WAYF

AuthN IM

Fedora(internal or external, e.g. IR)

VO-SP

Forum

Federation

FedoraWeb

ShARPE

Autograph

Presence

PeoplePicker

Calendar

MyProxy

AuthZ Mgnr VO-SP

LMS

VO-SP

Wiki

VO-SP

Etc.

GTK

Storage

GTKSpecific

tools

GTK

Cluster

GTK

Equipm.

SearchLogin via IdP

Receiveassertions

SendSAML assertions

Send

proxy cert.

AFS adaptor Contains VO group attributes for RBAC.

04/21/2304/21/23 2121META ACCESS MANAGEMENT SYSTEM

FLASH DEMO IAM SUITEFLASH DEMO IAM SUITE

1.1. ShibShib login to GS via VO-WAYF login to GS via VO-WAYF admin adds Wiki service and tests itadmin adds Wiki service and tests it

2.2. Create a groupCreate a group

3.3. Add a resource and service to a groupAdd a resource and service to a group TBD authN source (none, IdP, VO-IdP, cert)TBD authN source (none, IdP, VO-IdP, cert)

4.4. Workspace (virtual room)Workspace (virtual room):: Create workspace & roles, add VO Create workspace & roles, add VO

members, services, and resources…members, services, and resources…