1 / 12

Widely Distributed Access Management

Widely Distributed Access Management. Tom Barton University of Chicago. An Everyday Problem. People would like to use the collaboration tools available to them to collaborate with whom they choose Can we do better than email attachments?. Email as Collaboration Platform. Pros

mohammadw
Télécharger la présentation

Widely Distributed Access Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Widely Distributed Access Management Tom Barton University of Chicago

  2. An Everyday Problem • People would like to use the collaboration tools available to them to collaborate with whom they choose • Can we do better than email attachments?

  3. Email as Collaboration Platform • Pros • Connects arbitrary sets of collaborators • Shares any type of file (ok, some limits) • Self access management • Cons • Insecure • Limited capabilities • Reduces productivity more than pot-smoking

  4. Campus Collaboration Scenario • UC faculty/staff self-initialize collaboration space to work with others internal & external to UC on focused activities • Email list; protected file share; private wiki or web space; specialized compute or data services • Initiator-identified collaborators • Both campus and external participants administer shared collaboration resources

  5. Requirements for Campus Collaboration Scenario • Authenticate campus and external participants • Self-creation of collaboration group by authorized campus people • Delegation of selective admin privileges to campus & non-campus people • Integration of collaboration services with above (centrally operated & not)

  6. Service Provider Scenario • An organization provides collaboration services to a population of users • Think Internet2 and its working groups • Or a Science Gateway • Additional requirement: An initial delegation step, since self-initialization may not be appropriate

  7. Solution Elements • Distributed access management tools (Grouper & Signet) • A DB for housing identifiers, memberships & privileges for collaboration participants • Single locus at which to configure federated SSO (support for internal + external authentication) • Architecture that adds collaboration attributes (identifiers, memberships, privileges) to authentication context and passes along to collaboration services

  8. Collaboration Connector • An integration architecture with all solution elements • Proxy IdP • “IdP” = “Identity Provider” ala SAML and Shibboleth • Provides SSO and Attributes to integrated services • “Proxy” because collaboration attributes must be added to externally-sourced ones

  9. 5,7 4 2 6 1 3

  10. Examples • MyVocs + GridShib • My Virtual Organization Collaboration Service • Improvement of user registration, access management, service registration needed • Dorian + Grid Grouper • caBIG’s caGrid security infrastructure • Needs adaptation to be more generally deployable • Almost all needed elements exist to be integrated into a “Collaboration Connector in-a-box”

  11. Email Connects arbitrary sets of collaborators Shares any type of file (ok, some limits) Self access management Collaboration Connector Yes, with federated authentication Yes, whatever the collaboration services provide Yes Is it Better Than Email? Pros

  12. Email Insecure Limited capabilities Reduces productivity more than pot-smoking Collaboration Connector Secure Specialized capabilities We’ll have to do a study! Is it Better Than Email? Cons

More Related