Add to collection(s) Add to saved
  1. Business
  2. Management

Deployment of a Shibboleth-based Infrastructure in Switzerland: SWITCHaai Martin Sutter,

advertisement 
Deployment of a Shibboleth-based
Infrastructure in Switzerland: SWITCHaai
Martin Sutter, Head of NetServices, SWITCH
(Ueli Kienholz & Thomas Lenggenhager)
UK e-Science Core Programme Town Meeting
Monday 11th April 2005
2005 © SWITCH
Project Timeline
2001
2002
Study
2003
Pilot
2004
2005
Implementation
2006
Operation
Study, Planning
Architecture
Evaluation
 Shibboleth
2005 © SWITCH
AAI Deployment in Switzerland
2
Without AAI
 Tedious user registration
at all resources
University A
Student Admin
Web Mail
e-Learning
e-Journals
Literature DB
 Many resources not
protected due to
difficulties
Research DB
 Often IP-based
authorization
University C
e-Learning
2005 © SWITCH
 Different login processes
 Many different passwords
Library B
User Administration
Authentication
 Unreliable and outdated
user data at resources
Authorization
Resource
AAI Deployment in Switzerland
 Costly implementation of
inter-institutional access
Credentials
3
With AAI
University A
AAI
Student Admin
Web Mail
e-Learning
Library B
e-Journals
Literature DB
University C
Research DB
e-Learning
User Administration
Authentication
2005 © SWITCH
Authorization
Resource
AAI Deployment in Switzerland
 No user registration and
user data maintenance at
resource needed
 Single login process for
the users
 Many new resources
available for the users
 Enlarged user
communities for resources
 Authorization independent
of location
 Efficient implementation of
inter-institutional access
Credentials
4
SWITCHaai Building Blocks
Interoperation Organizational
Framework
Identity
Providers
(Home Orgs)
Central
Services
2005 © SWITCH
Service
Providers
(Resources)
Finances
AAI Deployment in Switzerland
5
Organizational Framework
Organization
SWITCH acts as SWITCHaai Federation service provider
Federation membership based on signed service agreements
2005 © SWITCH
AAI Deployment in Switzerland
6
Interoperation
Requires agreement on technical details like
 Standards
 SAML 1.1
 Software versions
 Shibboleth 1.1 for identity providers
Shibboleth 1.2.1 for service providers
 Accepted certificate authorities
 SWITCHpki, plus Thawte, Trustcenter, VeriSign
 Attribute specification
 SwissEduPerson
2005 © SWITCH
Interoperation
AAI Deployment in Switzerland
7
Interoperation: Attributes
Criteria for attribute specification
 Start simple, extend as required
 Common understanding on interpretation
 Already widely used
SwissEduPerson
Attribute usage by applications
 Use minimal set required
 Data protection principle
2005 © SWITCH
Interoperation
AAI Deployment in Switzerland
8
Identity Provider Integration
AAI-enabled
Identity Provider
Authentication
System
AAI
User
Directory
Currently in use in SWITCHaai:
• Authentication Systems
• OpenLDAP with CAS or Pubcookie
• Kerberos AuthN with Active Directory
• Windows AuthN with IIS
• User Directory
• OpenLDAP
• Active Directory
Identity
Providers
2005 © SWITCH
AAI Deployment in Switzerland
9
Identity Providers in SWITCHaai
Operational AAI Identity Provider
University Hospital
Zurich
AAI Identity Provider getting ready
Zürcher Hochschule
Winterthur
Prototype running
University
Zurich
SWITCH SFIT Zurich
Service Agreement
University Bern
Université de
Fribourg
University
Lucerne
Université de
Lausanne
Virtual
Home
Org
Université de Genève
Identity
Providers
110’000 Swiss Higher Ed users
have an AAI-Account (≈ 50% of all)
2005 © SWITCH
AAI Deployment in Switzerland
10
Virtual Home Organization – VHO
Integrate end users without identity pprovider
 Resource owner creates @VHO “AAI-enabled” accounts for
users without an identity provider
 A VHO account is only usable for the resource managed by the
resource owner
Some end users
without
identity provider
Federation Member
Identity
Provider
Resource
Owner
End User
Admin
VHO Policy
VHO Service
@SWITCH
2005 © SWITCH
Identity
Providers
User Dir
AAI Deployment in Switzerland
11
SWITCHaai Building Blocks
Interoperation Organizational
Framework
Identity
Providers
(Home Orgs)
Central
Services
2005 © SWITCH
Service
Providers
(Resources)
Finances
AAI Deployment in Switzerland
12
Types of Service Providers
e-learning
OLAT
libraries
Vista@SVC
EZproxy
WebCT@ETHZ
VITELS
Blackboard
DOIT
Moodle
AD Learn & Co
ILIAS
ScienceDirect
…
BSCW
other web applications
commercial
Vconf-Reservation
SwissLex
TWiki
SMS-Gateway
eShops
IS-Academia
Service
Providers
Jobs@BWI
2005 © SWITCH
AAI Deployment in Switzerland
13
Service Provider Example: DOIT
DOIT: Dermatology Online with Interactive Technology
Access Rule
AAI Identity Provider
AAI Service Provider
UniZH
ETHZ
IdP = UniZH | UniBE | UniL
affiliation = student
studyBranch = medicine
studyLevel = 15
SWITCH
UniBE
VHO
UniL
UniGE
Service
Providers
500 AAI Users
2005 © SWITCH
AAI Deployment in Switzerland
14
Service Provider Example: OLAT
OLAT: Online Learning an Training (open source e-learning platform of the University of Zurich)
AAI Identity Provider
AAI Service Provider
UniZH
ETHZ
SWITCH
UniBE
VHO
UniL
UniGE
Service
Providers
5000 AAI Users
75 Courses
2005 © SWITCH
AAI Deployment in Switzerland
15
Integration of „Blackboxes“
 Authentication / authorization
gateway
 Portal functionalities (optional)
 User management (optional)
 Adaptors to
blackbox applications:
 WebCT Vista
 WebCT CE
 …
A1
A2
AAIportal
Sign
On
Application
API
.
.
.
Shibboleth
Service
Providers
2005 © SWITCH
AAI Deployment in Switzerland
16
Central AAI Services




Strategy & marketing
International contacts
Support, consulting, training
Providing federation-specific files and
configuration guides
 Operating WAYF
 Testing parties (identity provider  service provider)
 Jump-start service
Central
Services
2005 © SWITCH
AAI Deployment in Switzerland
17
Funding
funding / costs
pilot project
project
funded by SWITCH
& Universities
2000
2001
2002
2003
operational
service
funded by federal grants
2004
2005
2006
2007
funded by tariffs
2008
2009
2010
Finances
2005 © SWITCH
AAI Deployment in Switzerland
18
Outlook





Projects with federal grants
Non-web service providers, e.g. grid
ECTS (Study)
AAA (Study)
Federation partners
2005 © SWITCH
AAI Deployment in Switzerland
19
Further Information
 SWITCHaai Website
http://www.switch.ch/aai
 Shibboleth
http://shibboleth.internet2.edu/
 Shibboleth Demo
http://www.switch.ch/aai/demo
 Attribute Specification
http://www.switch.ch/aai/docs/AAI_Attr_Specs.pdf
2005 © SWITCH
AAI Deployment in Switzerland
20
Questions ?
Q&A
http://www.switch.ch/aai
aai@switch.ch
2005 © SWITCH
AAI Deployment in Switzerland
21
Related documents
authors` original image
authors` original image
Pressure Application Worksheet AIF-P
Pressure Application Worksheet AIF-P
Directions to AAI Corporation Building 100 Hunt Valley, MD
Directions to AAI Corporation Building 100 Hunt Valley, MD
transversal_meeting
transversal_meeting
asta birna hauksdottir
asta birna hauksdottir
Advanced Academics Curriculum Advanced Academics' (AAI
Advanced Academics Curriculum Advanced Academics' (AAI
EPA`s All Appropriate Inquiry (AAI)
EPA`s All Appropriate Inquiry (AAI)
Environs
Environs
Deployment of a Shibboleth-based Infrastructure in Switzerland: SWITCHaai Martin Sutter,
Deployment of a Shibboleth-based Infrastructure in Switzerland: SWITCHaai Martin Sutter,
Download
advertisement