welcome to eurocamp - terena · welcome to eurocamp plus some introductory matters. eurocamp. cork,...
TRANSCRIPT
Diego R. Lopez, RedIRIS
JRES2005, Marseille
Cork, May 2009
Welcome to EuroCAMPPlus Some Introductory Matters
EuroCAMP. Cork, May 2009
The Middleware Mantra
• Any conceivable networked service needs some basic services to run
Access controlLocationAccountingMessage passing. . .<Put your desperate need here>
• And this happens at all levels
EuroCAMP. Cork, May 2009
Why Middleware Is Cool
• The base for any network service
• A way for innovation at reasonable costs
Software intensive
OSS is common place
• The core for inter-institutional collaboration
Bologna is the word
EuroCAMP. Cork, May 2009
Layering
• Core middlewareProviding the foundation services to any other layer
• Service middlewareOffering a set of common services required by applications by means of standard mechanismsProviding resources similar to those provided by operating systems.
• Application middlewareSpecifically oriented to concrete domains to offer common APIs to be used by solutions developers.
EuroCAMP. Cork, May 2009
Core Middleware
• TrustHow can I know this is good?PKI is king
• MessagingHow can I send this?SOAP, REST, XMPP,…
• IdentityHow can I know who is behind this?LDAP, PKIX, SAML,…
EuroCAMP. Cork, May 2009
Identity Service Middleware
• (Meta-)DirectoriesEnable locationData aggregation
• SSOBetter user experienceSimpler application deployment
• FederationsExtended trustSimpler collaboration
Peter Steiner. The New Yorker, 5 julio 1993
EuroCAMP. Cork, May 2009
The Trust Issue
• PKIOne way or another
IdP SP
uma.es
RedIRISCA
rediris.es
RedIRISCA
Can I trust this SP and send data about my users?
Can I trust this IdP and accept the data it sends?
Identity Request
Identity Response
Metadata
EuroCAMP. Cork, May 2009
The Identity Flow
• SAML is the lingua francaSAML1 in early adopters (evolving)SAML2 everywhere
EuroCAMP. Cork, May 2009
Peeling the Identity Onion
• Talking about abstract data representation
• LDAP currently seems the most sensible choice Basic schemas
(person, inetOrgPerson,organizationalPerson)
eduPerson
schac
iris-*
Localschemas
EuroCAMP. Cork, May 2009
The Current Landscape
• IdM, SSO and federations are maturing
Still in their early teensAbundant weaponryProtocols, schemas and tools
• All big guys play the gameSoftware providersService providers
• Part of the service portfolio of almost all NRENs
And GÉANT
EuroCAMP. Cork, May 2009
The Current Workplaces
• Many silos still persistProxying as a last resort
• Reaching beyond the Web
It is not only WSThe uSSO Theory
• Fulfilling the federation promise
Confederation and interfederationLevels of assuranceAdditional data sourcesNeutral application access
EuroCAMP. Cork, May 2009
The EuroCAMP Goals
• TrainNot only the audienceIt has to be bi-directional
• StrengthenPrinciples we agree uponTies among us
• RecruitThe community needs youAnd the office is always open
• Enjoy and be goode™