A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network to application Michael R Gettes Internet2 August 2007 An interpretation of the original MACE mission
23
Embed
A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
A Middleware
Unified Field Theory
Identity Management / Directories
Privileges / Groups
Single Sign-On / Federation
Enterprise Integration
from network to application
Michael R GettesInternet2
August 2007
An interpretation of the original MACE mission
VO?
Inter-EnterpriseWorkgroup
Collaborations
not sexy
or
Collaborative
Organizations
CO
Identity
Groups
Privileges
Federated Access
and …
Applications
Give
COntrol
To
COmmunity Members
Integrate with
Existing
COmmon
IT Infrastructuresin
Higher Education
Flexible
Scalable
Modular
COmponents
S H I B B O L E T HS H I B B O L E T H
LDAP-PC
Signet Grouper
LDAPDirectory
IdentityMgr
Applications & Network
CO
stop talkingstart walking
demo
COmanage.internet2.edu
COmponents
S H I B B O L E T HS H I B B O L E T H
LDAP-PC
Signet Grouper
LDAPDirectory
IdentityMgr
Applications & Network
CO
Comanage …
is only a demonstration ofthe CO model
a CO fits within a service
delivery presentation
Stuff stored in Directories(everybody has one)
Priv/Group data more accessible
Allows for easy CO integration
Application Management
App Access to data ismanaged by LDAP (initially)
Identity data can be distributed by any desired mechanism in the future. SQL databases, feeds, message bus technologies.
Uses ShibbolethFederating technology
Promotes InCOmmon Federation
Might use other technologiesOpenID?
Truth be told…
LDAP-PC Large-Scale Performance and namespaces
SIGNETMinor UI and Deployment
GROUPER Some UI and Large-scale Performance
SIGNET only immediate concern
Many COson a single server
________
No local identity issued for external users to access
CO services big win!
Signet/Grouper COmplexity
A Service Opportunity?Middleware Service Provider (MSP)