Virtual Organisations

24/04/2324/04/23META ACCESS MANAGEMENT SYSTEM

11

Virtual OrganisationsVirtual OrganisationsAccomodating Research GroupsAccomodating Research Groups

in a Shibboleth Federationin a Shibboleth Federation

Peter SchendzielorzPeter Schendzielorz

Macquarie University’s E-Learning Centre of Excellence Macquarie University’s E-Learning Centre of Excellence (MELCOE)(MELCOE)

[email protected]

mailto:[email protected]

24/04/2324/04/23 22META ACCESS MANAGEMENT SYSTEM

ContentsContentsBusiness CaseBusiness CaseTrusted Virtual OrganisationsTrusted Virtual Organisations


33

Business CaseBusiness Case

What problem are we What problem are we trying to solve?trying to solve?


Current R&D Project StartupCurrent R&D Project Startup Publish funding schemePublish funding scheme Write grant application and submitWrite grant application and submit Review and selection of applications……………………….Review and selection of applications………………………. MP informs successful applications………………………...MP informs successful applications………………………... Contract negotiations start… and get signed……………...Contract negotiations start… and get signed……………... Recruitment starts… Jobs are published… deadline… Recruitment starts… Jobs are published… deadline…

closes… interviewing… offering jobs… starting to closes… interviewing… offering jobs… starting to work….work….

Established a web presence (server, URL, portal)………..Established a web presence (server, URL, portal)……….. Membership adminMembership admin

Added collaboration SW (CMS, Wiki, forum, mailing lists, Added collaboration SW (CMS, Wiki, forum, mailing lists, IM/VoIP/AV)…………………………………………………...IM/VoIP/AV)…………………………………………………...

Added research specific tools (GTK, Grid/HPC, etc.)…….Added research specific tools (GTK, Grid/HPC, etc.)……. Really start research (environment is working OK)……….Really start research (environment is working OK)………. Project ends (18m-36m)Project ends (18m-36m)

TimelineTimeline

-1m-1m0m0m2m2m

6m6m8m8m

11m11m

13m13m13m


Proposed R&D Project StartupProposed R&D Project Startup Publish funding schemePublish funding scheme Contract gets signed before being allowed to submitContract gets signed before being allowed to submit Write grant application and submit: Write grant application and submit:

New: HR forms (people profiles), 1p executive summary, 1p New: HR forms (people profiles), 1p executive summary, 1p deliverable summary, infrastructure requirements checklist (e.g. deliverable summary, infrastructure requirements checklist (e.g. CMS, Wiki, etc.)CMS, Wiki, etc.)

Review and selection of applications ……………………………..Review and selection of applications …………………………….. Project infrastructure set up……………………….……………….Project infrastructure set up……………………….……………….

Project URL, Shibbolized Portal (with summary descriptions, for Project URL, Shibbolized Portal (with summary descriptions, for anonymous and authN users), Collab.env: CMS, Wiki, forum, anonymous and authN users), Collab.env: CMS, Wiki, forum, mailing list server, IM/VoIP/AV, MyProxy (if needed); Self-mailing list server, IM/VoIP/AV, MyProxy (if needed); Self-registration through Shibbolethregistration through Shibboleth

MP informs successful applications……………………….............MP informs successful applications………………………............. Recruitment starts… Jobs are published… deadline… closes… Recruitment starts… Jobs are published… deadline… closes…

interviewing… offering jobs… starting to work……………………interviewing… offering jobs… starting to work…………………… Added research specific tools (GTK, Grid/HPC, etc.)……………Added research specific tools (GTK, Grid/HPC, etc.)…………… Really start research (environment is working OK)………………Really start research (environment is working OK)……………… Project ends (18m-36m)Project ends (18m-36m)

Timeline

-1m-3w

0m

3m5m5m


66

Virtual OrganisationsVirtual Organisations

Grouping identities in order to Grouping identities in order to collaborate with resourcescollaborate with resources


Possible MiddlewarePossible MiddlewareHE Infrastructure for CollaborationHE Infrastructure for Collaboration

WAYF<<SP>>

CA?<<SP>>

MyProxyserver

Federation Services

IdP1@UQ IdP2@UTS IdPn@MQ…<<SP>>

IR…

MyProxy Client

SP: Wiki

SP: Forum

SP: CMS

GTK: Grid

GTK: HPC

GTK: Store

VO-AA

Federation Level

Institutions Level

Virtual Org. Level(intra-institution,

eResearch project)

Gateway(CTS)

<<SP>>CMS

<<SP>>VO Portal


IAM SuiteIAM Suite

GridSphereFederation SP

GroupModuleVO-IdP

VO-WAYF

AuthN IM

Fedora(internal or external, e.g. IR)

VO-SP

Forum

Federation

FedoraWeb

ShARPEAutograph

PresencePeoplePicker

Calendar

MyProxy

AuthZ Mgnr VO-SP

LMS

VO-SP

Wiki

VO-SP

Etc.

GTK

Storage

GTKSpecific

tools

GTK

Cluster

GTK

Equipm.

SearchLogin via IdP

Receiveassertions

ReceiveassertionsReceiveproxy cert.

AFS adaptor


TVO Conceptual ModelTVO Conceptual Model

Trust Virtual Organization

Identity Provider Management

Service Provider Management

Trust Relationship Management

User / Group Management

Resource&Service Management

Trust-based Access Control

Goal-oriented Workspaces

User

Identity Provider 1

Identity Provider 2

Identity Provider m

……

Service Provider 1

Service Provider 2

Service Provider m

……


1010

DemoDemo

Current MAMS development in Current MAMS development in the VO spacethe VO space

https://vo.mams.org.au/tvohttps://vo.mams.org.au/tvo


VO-SP ManagerVO-SP ManagerVO-SP Mngr

Data storeForumWiki

1. Create SP description• Name, description, URL

2. Add service levels (ARP)

3. Add SP-Roles for authZ

4. Default provisioning• Based on VO-Role

5. Publish SP

SP Wizard

Add SP

• SP name

• SP description

• Contact name

• Contact email

• ACS URL

Step 1: Create SP description


RBAC within IAM SuiteRBAC within IAM SuiteNew member is invited to join (by email)New member is invited to join (by email)

VO-Role is setVO-Role is setProvisioningProvisioning

Automatic: based on VO-RoleAutomatic: based on VO-RoleAutomatic: based on VO-Group membershipAutomatic: based on VO-Group membershipManually: added to VO-SP-RoleManually: added to VO-SP-Role


Example of RBACExample of RBACVO-SP AzMan

Data storeForumWiki

GS-Role:Guest

GS-Role:MemberJohn Doe@MQAlice@ANU

GS-Role:AdministratorBob@Monash

Readers

Editors

Managers

Who are you looking for?

Current selection: Your buddy: Carol

PeoplePicker portlet

Within Federation

Select your buddy

Member/group/role


VOs Across FederationsVOs Across FederationsA use/business case for connecting A use/business case for connecting

federations?federations?VO-WAYF can act as WAYF for IdPsVO-WAYF can act as WAYF for IdPsVO-bridge possibly scalable to connect VO-bridge possibly scalable to connect

federationsfederations


Final SummaryFinal Summary VO:VO:

Leverages primary IdP for authN & identityLeverages primary IdP for authN & identity VO-AA manages VO-specific (group, authZ) attributesVO-AA manages VO-specific (group, authZ) attributes VO-WAYF manages trusted IdPsVO-WAYF manages trusted IdPs Any Shibbolized Web App can be plugged inAny Shibbolized Web App can be plugged in JSR168 Portlets can be plugged into GridSphereJSR168 Portlets can be plugged into GridSphere Shibbolized MyProxy server creates proxy certificates Shibbolized MyProxy server creates proxy certificates

for access to the Gridfor access to the Grid A development challenge, not researchA development challenge, not research

Requires collaboration within the sector (!reinvent) Requires collaboration within the sector (!reinvent) Solutions should be open source (funding body’s role)Solutions should be open source (funding body’s role)


1717

Virtual OrganisationsVirtual OrganisationsAccomodating Research GroupsAccomodating Research Groups

in a Shibboleth Federationin a Shibboleth Federation

Peter SchendzielorzPeter Schendzielorz

Macquarie University’s E-Learning Centre of Excellence Macquarie University’s E-Learning Centre of Excellence (MELCOE)(MELCOE)

[email protected]

mailto:[email protected]

Virtual Organisations

Documents

Transcript of Virtual Organisations