1 / 17

Virtual Organisations

Virtual Organisations. Accomodating Research Groups in a Shibboleth Federation. Peter Schendzielorz Macquarie University’s E-Learning Centre of Excellence (MELCOE) peterhs@melcoe.mq.edu.au. Contents. Business Case Trusted Virtual Organisations. Business Case. What problem are we

Download Presentation

Virtual Organisations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s E-Learning Centre of Excellence (MELCOE) peterhs@melcoe.mq.edu.au META ACCESS MANAGEMENT SYSTEM

  2. Contents • Business Case • Trusted Virtual Organisations META ACCESS MANAGEMENT SYSTEM

  3. Business Case What problem are we trying to solve? META ACCESS MANAGEMENT SYSTEM

  4. Publish funding scheme Write grant application and submit Review and selection of applications………………………. MP informs successful applications………………………... Contract negotiations start… and get signed……………... Recruitment starts… Jobs are published… deadline… closes… interviewing… offering jobs… starting to work…. Established a web presence (server, URL, portal)……….. Membership admin Added collaboration SW (CMS, Wiki, forum, mailing lists, IM/VoIP/AV)…………………………………………………... Added research specific tools (GTK, Grid/HPC, etc.)……. Really start research (environment is working OK)………. Project ends (18m-36m) Timeline -1m 0m 2m 6m 8m 11m 13m 13m Current R&D Project Startup META ACCESS MANAGEMENT SYSTEM

  5. Publish funding scheme Contract gets signed before being allowed to submit Write grant application and submit: New: HR forms (people profiles), 1p executive summary, 1p deliverable summary, infrastructure requirements checklist (e.g. CMS, Wiki, etc.) Review and selection of applications …………………………….. Project infrastructure set up……………………….………………. Project URL, Shibbolized Portal (with summary descriptions, for anonymous and authN users), Collab.env: CMS, Wiki, forum, mailing list server, IM/VoIP/AV, MyProxy (if needed); Self-registration through Shibboleth MP informs successful applications………………………............. Recruitment starts… Jobs are published… deadline… closes… interviewing… offering jobs… starting to work…………………… Added research specific tools (GTK, Grid/HPC, etc.)…………… Really start research (environment is working OK)……………… Project ends (18m-36m) Timeline -1m -3w 0m 3m 5m 5m Proposed R&D Project Startup META ACCESS MANAGEMENT SYSTEM

  6. Virtual Organisations Grouping identities in order to collaborate with resources META ACCESS MANAGEMENT SYSTEM

  7. Gateway (CTS) Possible MiddlewareHE Infrastructure for Collaboration Federation Services WAYF <<SP>>MyProxy server <<SP>>CA? Federation Level … IdP1@UQ IdP2@UTS IdPn@MQ … Institutions Level <<SP>> IR <<SP>> VO Portal <<SP>> CMS MyProxy Client GTK: Grid SP: Forum Virtual Org. Level(intra-institution, eResearch project) VO-AA GTK: HPC SP: Wiki GTK: Store SP: CMS META ACCESS MANAGEMENT SYSTEM

  8. Federation IAM Suite Login via IdP Receive assertions Search AFS adaptor Federation SP VO-WAYF Fedora (internal or external, e.g. IR) GridSphere VO-IdP GroupModule ShARPE AuthN IM Autograph FedoraWeb Receive assertions MyProxy Receiveproxy cert. Presence GTK GTK VO-SP VO-SP PeoplePicker Storage Cluster Forum Wiki Calendar AuthZ Mgnr GTK GTK VO-SP VO-SP Specific tools Equipm. LMS Etc. META ACCESS MANAGEMENT SYSTEM

  9. TVO Conceptual Model META ACCESS MANAGEMENT SYSTEM

  10. Demo Current MAMS development in the VO space https://vo.mams.org.au/tvo META ACCESS MANAGEMENT SYSTEM

  11. META ACCESS MANAGEMENT SYSTEM

  12. VO-SP Manager VO-SP Mngr Wiki Forum Add SP Data store SP Wizard Step 1: Create SP description • Create SP description • Name, description, URL • Add service levels (ARP) • Add SP-Roles for authZ • Default provisioning • Based on VO-Role • Publish SP • SP name • SP description • Contact name • Contact email • ACS URL META ACCESS MANAGEMENT SYSTEM

  13. RBAC within IAM Suite • New member is invited to join (by email) • VO-Role is set • Provisioning • Automatic: based on VO-Role • Automatic: based on VO-Group membership • Manually: added to VO-SP-Role META ACCESS MANAGEMENT SYSTEM

  14. Example of RBAC VO-SP AzMan Wiki Forum Data store Readers PeoplePicker portlet GS-Role:Guest Who are you looking for? Current selection:  Your buddy: Carol  Editors Within Federation GS-Role:Member John Doe@MQ Alice@ANU Select your buddy  Member/group/role Managers GS-Role:Administrator Bob@Monash  META ACCESS MANAGEMENT SYSTEM

  15. VOs Across Federations • A use/business case for connecting federations? • VO-WAYF can act as WAYF for IdPs • VO-bridge possibly scalable to connect federations META ACCESS MANAGEMENT SYSTEM

  16. Final Summary • VO: • Leverages primary IdP for authN & identity • VO-AA manages VO-specific (group, authZ) attributes • VO-WAYF manages trusted IdPs • Any Shibbolized Web App can be plugged in • JSR168 Portlets can be plugged into GridSphere • Shibbolized MyProxy server creates proxy certificates for access to the Grid • A development challenge, not research • Requires collaboration within the sector (!reinvent) • Solutions should be open source (funding body’s role) META ACCESS MANAGEMENT SYSTEM

  17. Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s E-Learning Centre of Excellence (MELCOE) peterhs@melcoe.mq.edu.au META ACCESS MANAGEMENT SYSTEM

More Related