researcher id september13 2013 presented by terry smith - aaf technical manager
TRANSCRIPT
Researcher ID
September13 2013Presented by Terry Smith - AAF Technical Manager
Researcher ID
The brief
Creation of a test “sandbox” environment for the Researcher ID
- Populate an LDAP directory- Based on Authn and Attributes from AAF or Social
Authentication- Simple UI for Researchers to manage their Researcher ID
(Passwords, etc)- Extend the accounts with Group membership, permissions and
roles- Simple workflow that can be used by resource owners- Test against use cases provided by the RDSI Nodes
Determine what it will take to run as a production system
Researcher ID
Identity
Provisioning& AccountManagement
Researcher IDIdentity Store
Group Mgnt,Workflows and APIs
Node Applications& Resources
Web AppsFederated
and/or Social Authenticatio
n + Groups
AppLDAP or Oauth
Authentication
+ Groups
Server Access
PAM-LDAP+ Groups
Server AccessSSSD
Single Sign-on
Kerberos, PKI+ Groups
RestAPI
RWRW
Master Replicas
LDAP
WebUi VOOT
Social Authentication
Account and Password
Management
Advanced account
provisioning
IdP
IdP AAF DS
IdP
IdP
FederatedAuthentication
RO RO
Node RO Replicas
RO
RestAPI
LDAP
OAuth
SAML AA
WebUi VOOT
SAML IdP
OU=People OU=GroupsDN=email-address+ AAF Core Attrs+ MemberOf
DN=Group NameMembers=…
Researcher ID
Identity
Provisioning& AccountManagement
Researcher IDIdentity Store
Group Mgnt,Workflows and APIs
Node Applications& Resources
Web AppsFederated
and/or Social Authenticatio
n + Groups
AppLDAP or Oauth
Authentication
+ Groups
Server Access
PAM-LDAP+ Groups
Server AccessSSSD
Single Sign-on
Kerberos, PKI+ Groups
RestAPI
RWRW
Master Replicas
LDAP
WebUi VOOT
Social Authentication
Account and Password
Management
Advanced account
provisioning
IdP
IdP AAF DS
IdP
IdP
FederatedAuthentication
RO RO
Node RO Replicas
RO
RestAPI
LDAP
OAuth
SAML AA
WebUi VOOT
SAML IdP
OU=People OU=GroupsDN=email-address+ AAF Core Attrs+ MemberOf
DN=Group NameMembers=…
Researcher ID
Identity
Provisioning& AccountManagement
Researcher IDIdentity Store
Group Mgnt,Workflows and APIs
Node Applications& Resources
Web AppsFederated
and/or Social Authenticatio
n + Groups
AppLDAP or Oauth
Authentication
+ Groups
Server Access
PAM-LDAP+ Groups
Server AccessSSSD
Single Sign-on
Kerberos, PKI+ Groups
RestAPI
RWRW
Master Replicas
LDAP
WebUi VOOT
Social Authentication
Account and Password
Management
Advanced account
provisioning
IdP
IdP AAF DS
IdP
IdP
FederatedAuthentication
RO RO
Node RO Replicas
RO
RestAPI
LDAP
OAuth
SAML AA
WebUi VOOT
SAML IdP
OU=People OU=GroupsDN=email-address+ AAF Core Attrs+ MemberOf+ Password
DN=Group NameMembers=…
Researcher ID
Identity
Provisioning& AccountManagement
Researcher IDIdentity Store
Group Mgnt,Workflows and APIs
Node Applications& Resources
Web AppsFederated
and/or Social Authenticatio
n + Groups
AppLDAP or Oauth
Authentication
+ Groups
Server Access
PAM-LDAP+ Groups
Server AccessSSSD
Single Sign-on
Kerberos, PKI+ Groups
RestAPI
RWRW
Master Replicas
LDAP
WebUi VOOT
Social Authentication
Account and Password
Management
Advanced account
provisioning
IdP
IdP AAF DS
IdP
IdP
FederatedAuthentication
RO RO
Node RO Replicas
RO
RestAPI
LDAP
OAuth
SAML AA
WebUi VOOT
SAML IdP
OU=People OU=GroupsDN=POSIX Username+ AAF Core Attrs+ MemberOf+ Password+ Posix Attrs
DN=Posix GroupNameMembers=…+ Posix Attrs
Researcher ID
Identity
Provisioning& AccountManagement
Researcher IDIdentity Store
Group Mgnt,Workflows and APIs
Node Applications& Resources
Web AppsFederated
and/or Social Authenticatio
n + Groups
AppLDAP or Oauth
Authentication
+ Groups
Server Access
PAM-LDAP+ Groups
Server AccessSSSD
Single Sign-on
Kerberos, PKI+ Groups
RWRW
Master Replicas
LDAP
WebUi VOOT
Social Authentication
Account and Password
Management
Advanced account
provisioning
IdP
IdP AAF DS
IdP
IdP
FederatedAuthentication
RO RO
Node RO Replicas
RO
RestAPI
LDAP
OAuth
SAML AA
WebUi
SAML IdP
OU=People OU=GroupsDN=POSIX Username+ AAF Core Attrs+ MemberOf+ Password+ Posix Attrs+ Kerberos+ PKI Certs
DN=Posix GroupNameMembers=…+ Posix Attrs
Kerberos
CA
Researcher ID
• The Use cases dictates the Schema and components that need to be included to build the Researcher ID Infrastructure.
• Next activity - Building an end to end pilot Researcher ID
Researcher ID
Possible Protocols and Services supported by the Researcher ID?• NFS• WebDav• Globus Online• SSH / SCP• SFPT• SIF Shares• Aspera• Grid FTP• Web http