Post on 11-Apr-2018
Diego R. Lopez, RedIRIS
JRES2005, Marseille
Cork, May 2009
Welcome to EuroCAMPPlus Some Introductory Matters
EuroCAMP. Cork, May 2009
The Middleware Mantra
• Any conceivable networked service needs some basic services to run
Access controlLocationAccountingMessage passing. . .<Put your desperate need here>
• And this happens at all levels
EuroCAMP. Cork, May 2009
Why Middleware Is Cool
• The base for any network service
• A way for innovation at reasonable costs
Software intensive
OSS is common place
• The core for inter-institutional collaboration
Bologna is the word
EuroCAMP. Cork, May 2009
Layering
• Core middlewareProviding the foundation services to any other layer
• Service middlewareOffering a set of common services required by applications by means of standard mechanismsProviding resources similar to those provided by operating systems.
• Application middlewareSpecifically oriented to concrete domains to offer common APIs to be used by solutions developers.
EuroCAMP. Cork, May 2009
Core Middleware
• TrustHow can I know this is good?PKI is king
• MessagingHow can I send this?SOAP, REST, XMPP,…
• IdentityHow can I know who is behind this?LDAP, PKIX, SAML,…
EuroCAMP. Cork, May 2009
Identity Service Middleware
• (Meta-)DirectoriesEnable locationData aggregation
• SSOBetter user experienceSimpler application deployment
• FederationsExtended trustSimpler collaboration
Peter Steiner. The New Yorker, 5 julio 1993
EuroCAMP. Cork, May 2009
The Trust Issue
• PKIOne way or another
IdP SP
uma.es
RedIRISCA
rediris.es
RedIRISCA
Can I trust this SP and send data about my users?
Can I trust this IdP and accept the data it sends?
Identity Request
Identity Response
Metadata
EuroCAMP. Cork, May 2009
The Identity Flow
• SAML is the lingua francaSAML1 in early adopters (evolving)SAML2 everywhere
EuroCAMP. Cork, May 2009
Peeling the Identity Onion
• Talking about abstract data representation
• LDAP currently seems the most sensible choice Basic schemas
(person, inetOrgPerson,organizationalPerson)
eduPerson
schac
iris-*
Localschemas
EuroCAMP. Cork, May 2009
The Current Landscape
• IdM, SSO and federations are maturing
Still in their early teensAbundant weaponryProtocols, schemas and tools
• All big guys play the gameSoftware providersService providers
• Part of the service portfolio of almost all NRENs
And GÉANT
EuroCAMP. Cork, May 2009
The Current Workplaces
• Many silos still persistProxying as a last resort
• Reaching beyond the Web
It is not only WSThe uSSO Theory
• Fulfilling the federation promise
Confederation and interfederationLevels of assuranceAdditional data sourcesNeutral application access
EuroCAMP. Cork, May 2009
The EuroCAMP Goals
• TrainNot only the audienceIt has to be bi-directional
• StrengthenPrinciples we agree uponTies among us
• RecruitThe community needs youAnd the office is always open
• Enjoy and be goode™