1 / 8

AAI@EduHr

AAI@EduHr. Miroslav Milinović University Computing Centre - Srce <miro@srce.hr> EuroCAMP Helsinki , April 200 7. Contents. general information IdM practices policy enforcement roles & groups schemas authN & certs. General information.

abolden
Download Presentation

AAI@EduHr

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AAI@EduHr Miroslav Milinović University Computing Centre - Srce <miro@srce.hr> EuroCAMP Helsinki, April 2007

  2. Contents • general information • IdM practices • policy enforcement • roles & groups • schemas • authN & certs

  3. General information • evolved from radius hierarchy (network access as killer app.) • AAI@EduHr SW base (RADIUS + LDAP + SOAP) • current architecture in full operation since 03/2006 • 213 (34) + 1 IdP (nearly 300000 enabled users) • SP: 16 + 27 eduroam hot spots • around 5.000.000 AuthN reqs processed per month • service types: • network access (eduroam: wired & wireless, dial-up, cable, EDGE/GRPS) • Web based services (LMS, web apps, helpdesks, ...) • computing resources (basic services) • coupled with national student card & information system of higher.ed.

  4. IdM practices • IdM policy • technical and organisational requirements • data has to be up-to date • f2f user registration (registered mail?) • IdPs have relative freedom but are considered liable for missuse • more formalisation and harmonisation needed • a large number of IdPs (diversity in size and technical expertise) is a challenge

  5. Policy enforcement • IdPs: based on agreements with CARNet and Ministry of science, education and sport • resource registry for SPs • a large number of IdPs (diversity in size and technical expertise) is a challenge • different service classes (network vs. application access) need a different approach to different SPs (eduroam hotspots vs. apps. providers) • more formalisation planned

  6. Roles & groups • via specific atributes in hrEduPerson schema • hrEduPersonAffiliation, hrEduPersonPrimaryAffiliation, hrEduPersonRole • hrEduPersonProfessionalStatus, hrEduPersonAcademicStatus, hrEduPersonTitle, hrEduPersonScienceArea, hrEduPersonStudentCategory, hrEduPersonStaffCategory • hrEduPersonGroupMember • via specific AuthZ solutions at SP’s side • croGRID community as a driver for future development • federated identity (?) • tool for handling groups (?)

  7. Schemas • hrEduPerson, hrEduOrg • registry: http://schema.aaiedu.hr/ • ver 1.2. • use of SCHAC planned in (near) future • harmonisation of attributes (attrib. values) for international (european) conferderations is a challenge

  8. AuthN & certs • SCS (TERENA) for services • user/passwd seems to be enough for (end)users • killer app. needed for (effective) deployment of other authN methods • X-CARD project (?) • croGRID – a separate case (SLCS solution)

More Related