A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network to application Michael R Gettes Internet2 August 2007 An interpretation of the original MACE mission
A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.
Dec 18, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
A Middleware
Unified Field Theory
Identity Management / Directories
Privileges / Groups
Single Sign-On / Federation
Enterprise Integration
from network to application
Michael R GettesInternet2
August 2007
An interpretation of the original MACE mission
VO?
Inter-EnterpriseWorkgroup
Collaborations
not sexy
or
Collaborative
Organizations
CO
Identity
Groups
Privileges
Federated Access
and …
Applications
Give
COntrol
To
COmmunity Members
Integrate with
Existing
COmmon
IT Infrastructuresin
Higher Education
Flexible
Scalable
Modular
COmponents
S H I B B O L E T HS H I B B O L E T H
LDAP-PC
Signet Grouper
LDAPDirectory
IdentityMgr
Applications & Network
CO
stop talkingstart walking
demo
COmanage.internet2.edu
COmponents
S H I B B O L E T HS H I B B O L E T H
LDAP-PC
Signet Grouper
LDAPDirectory
IdentityMgr
Applications & Network
CO
Comanage …
is only a demonstration ofthe CO model
a CO fits within a service
delivery presentation
Stuff stored in Directories(everybody has one)
Priv/Group data more accessible
Allows for easy CO integration
Application Management
App Access to data ismanaged by LDAP (initially)
Identity data can be distributed by any desired mechanism in the future. SQL databases, feeds, message bus technologies.
Uses ShibbolethFederating technology
Promotes InCOmmon Federation
Might use other technologiesOpenID?
Truth be told…
LDAP-PC Large-Scale Performance and namespaces
SIGNETMinor UI and Deployment
GROUPER Some UI and Large-scale Performance
SIGNET only immediate concern
Many COson a single server
________
No local identity issued for external users to access
CO services big win!
Signet/Grouper COmplexity
A Service Opportunity?Middleware Service Provider (MSP)
May also be locally deployedby HE institutions
Future…
Protect CO by IdP can solve “IEEE problem”?
Begin addressing issuesof “attribute eCOnomy”
Network Layer?Why not?
Integrate with Grids?Why not?
Addresses VO scenarios?Why not?
VOVO?CO
done
Talk amongst yourselves
Related Documents
