Your SlideShare is downloading. ×
RedIRIS Identity Service latest news and developments Jaime Pérez Middleware Engineer FAM11 London, November 09 th  2011
Intro & numbers <ul><li>The research & education federation in Spain </li></ul><ul><li>Hub & Spoke </li></ul><ul><li>Suppo...
Growth <ul><li>Usage heavily raised last months due to services in the cloud: </li></ul><ul><li>[email_address] </li></ul>...
Problems <ul><li>The service became critical for our community </li></ul><ul><li>If it stops working, users won’t be able ...
Action #1 <ul><li>Monitor the infrastructure </li></ul><ul><li>Based on nagios and JMeter software </li></ul><ul><li>It co...
Action #1 <ul><li>Monitor the infrastructure </li></ul><ul><li>We deployed a brand new platform which gathered internation...
Action #1 <ul><li>Monitor the infrastructure </li></ul><ul><li>Currently integrated within our Monitoring Service </li></u...
Action #1 <ul><li>Monitor the infrastructure </li></ul>
Action #1 <ul><li>Monitor the infrastructure </li></ul>
Action #1 <ul><li>Monitor the infrastructure </li></ul>
Action #1 <ul><li>Monitor the infrastructure </li></ul>
Action #1 <ul><li>Monitor the infrastructure </li></ul><ul><li>Monthly reports are sent by e-mail </li></ul><ul><li>Admini...
Action #2 <ul><li>New infrastructure </li></ul><ul><li>We wanted something more scalable and reliable </li></ul><ul><li>Mo...
Action #2 <ul><li>New infrastructure </li></ul><ul><li>The new WAYF: process indications </li></ul>
Action #2 <ul><li>New infrastructure </li></ul><ul><li>The new WAYF: multi-language </li></ul>
Action #2 <ul><li>New infrastructure </li></ul><ul><li>The new WAYF: Service Provider identification </li></ul>
Action #2 <ul><li>New infrastructure </li></ul><ul><li>The new WAYF: search by name, acronym… </li></ul>
Action #2 <ul><li>New infrastructure </li></ul><ul><li>The new WAYF: search by region </li></ul>
Action #2 <ul><li>New infrastructure </li></ul><ul><li>The new WAYF: accessible/mobile versions </li></ul>
Action #2 <ul><li>New infrastructure </li></ul><ul><li>The new WAYF: accessible/mobile versions </li></ul>
Action #2 <ul><li>New infrastructure </li></ul><ul><li>The consent module: follow the process </li></ul>
Action #2 <ul><li>New infrastructure </li></ul><ul><li>The consent module: multi-language </li></ul>
Action #2 <ul><li>New infrastructure </li></ul><ul><li>The consent module: IdP & SP recognition </li></ul>
Action #2 <ul><li>New infrastructure </li></ul><ul><li>The consent module: comprehensive attributes </li></ul>
Action #3 <ul><li>Collect better stats </li></ul><ul><li>We are already collecting stats, but need something more flexible...
Action #3 <ul><li>Collect better stats </li></ul><ul><li>Web interface: group by SP </li></ul>
Action #3 <ul><li>Collect better stats </li></ul><ul><li>Web interface: group by IdP </li></ul>
Action #3 <ul><li>Collect better stats </li></ul><ul><li>Web interface: daily usage per IdP </li></ul>
Action #3 <ul><li>Collect better stats </li></ul><ul><li>Web interface: daily accesses per IdP to an SP </li></ul>
Inter-federation <ul><li>STORK </li></ul><ul><li>Aims to create an European eID interoperability platform </li></ul><ul><l...
Inter-federation <ul><li>STORK </li></ul><ul><li>Extends SAML2 to request extra information, as: </li></ul><ul><ul><li>QAA...
Inter-federation
Inter-federation <ul><li>STORK </li></ul><ul><li>15 universities connected, 9 active </li></ul><ul><li>Main use cases: </l...
Inter-federation <ul><li>eduGAIN </li></ul><ul><li>GÉANT academic inter-federation service </li></ul><ul><li>Based on SAML...
Questions? Thanks for listening! [email_address]
Upcoming SlideShare
Loading in...5
×

RedIRIS Identity Service latest news and developments - Jamie Perez

385

Published on

Published in: Technology
2 Comments
0 Likes
Statistics
Notes
  • Be the first to like this

No Downloads
Views
Total Views
385
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
2
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of " RedIRIS Identity Service latest news and developments - Jamie Perez"

  1. 1. RedIRIS Identity Service latest news and developments Jaime Pérez Middleware Engineer FAM11 London, November 09 th 2011
  2. 2. Intro & numbers <ul><li>The research & education federation in Spain </li></ul><ul><li>Hub & Spoke </li></ul><ul><li>Supports multiple protocols </li></ul><ul><ul><li>SAML </li></ul></ul><ul><ul><li>OpenID </li></ul></ul><ul><ul><li>PAPI </li></ul></ul><ul><ul><li>OAuth </li></ul></ul><ul><ul><li>eduGAIN </li></ul></ul><ul><ul><li>STORK </li></ul></ul><ul><ul><li>... </li></ul></ul><ul><li>101 IdPs, 189 SPs </li></ul><ul><li>More than 1M potential users </li></ul>
  3. 3. Growth <ul><li>Usage heavily raised last months due to services in the cloud: </li></ul><ul><li>[email_address] </li></ul><ul><li>Google Apps </li></ul>
  4. 4. Problems <ul><li>The service became critical for our community </li></ul><ul><li>If it stops working, users won’t be able to work, read their e-mail… </li></ul><ul><li>So we need: </li></ul><ul><ul><li>A new, more scalable and reliable infrastructure </li></ul></ul><ul><ul><li>A monitoring/diagnostics tool </li></ul></ul><ul><ul><li>… </li></ul></ul>
  5. 5. Action #1 <ul><li>Monitor the infrastructure </li></ul><ul><li>Based on nagios and JMeter software </li></ul><ul><li>It consists of a nagios plugin and a JMeter test plan to run automated checks </li></ul><ul><li>The key is to simulate the behavior of the user and his browser </li></ul><ul><li>Must be completely independent of the underlying technology </li></ul><ul><ul><li>Remember. SIR federation is multi-protocol </li></ul></ul><ul><ul><li>Users know nothing about technology, just make use of it! </li></ul></ul>
  6. 6. Action #1 <ul><li>Monitor the infrastructure </li></ul><ul><li>We deployed a brand new platform which gathered international recognition: </li></ul><ul><ul><li>TERENA TF-EMC 2 </li></ul></ul><ul><ul><li>TERENA Networking Conference ’11slew (Prague) </li></ul></ul><ul><li>A set of Open Source tools </li></ul><ul><li>Many countries asked for the software to deploy the same platform: </li></ul><ul><ul><li>Denmark </li></ul></ul><ul><ul><li>Portugal </li></ul></ul><ul><ul><li>Greece </li></ul></ul><ul><ul><li>Italy </li></ul></ul><ul><ul><li>Australia </li></ul></ul>
  7. 7. Action #1 <ul><li>Monitor the infrastructure </li></ul><ul><li>Currently integrated within our Monitoring Service </li></ul><ul><li>Users can manage the system and see the stats online: </li></ul>
  8. 8. Action #1 <ul><li>Monitor the infrastructure </li></ul>
  9. 9. Action #1 <ul><li>Monitor the infrastructure </li></ul>
  10. 10. Action #1 <ul><li>Monitor the infrastructure </li></ul>
  11. 11. Action #1 <ul><li>Monitor the infrastructure </li></ul>
  12. 12. Action #1 <ul><li>Monitor the infrastructure </li></ul><ul><li>Monthly reports are sent by e-mail </li></ul><ul><li>Administrators can manage and schedule downtimes </li></ul><ul><li>Next steps: </li></ul><ul><ul><li>Find some solution suitable for IdPs making heavy use of JavaScript </li></ul></ul><ul><ul><li>Start monitoring Service Providers </li></ul></ul>
  13. 13. Action #2 <ul><li>New infrastructure </li></ul><ul><li>We wanted something more scalable and reliable </li></ul><ul><li>Moving from Perl to PHP based infrastructure </li></ul><ul><li>Our central hub is based on our own protocol, PAPI: </li></ul><ul><ul><li>Simpler to manage </li></ul></ul><ul><ul><li>Simpler to deploy </li></ul></ul><ul><ul><li>Lightweight </li></ul></ul><ul><li>A completely new Discovery Service (WAYF), with support for mobile users </li></ul><ul><li>A new module to ask for consent </li></ul>
  14. 14. Action #2 <ul><li>New infrastructure </li></ul><ul><li>The new WAYF: process indications </li></ul>
  15. 15. Action #2 <ul><li>New infrastructure </li></ul><ul><li>The new WAYF: multi-language </li></ul>
  16. 16. Action #2 <ul><li>New infrastructure </li></ul><ul><li>The new WAYF: Service Provider identification </li></ul>
  17. 17. Action #2 <ul><li>New infrastructure </li></ul><ul><li>The new WAYF: search by name, acronym… </li></ul>
  18. 18. Action #2 <ul><li>New infrastructure </li></ul><ul><li>The new WAYF: search by region </li></ul>
  19. 19. Action #2 <ul><li>New infrastructure </li></ul><ul><li>The new WAYF: accessible/mobile versions </li></ul>
  20. 20. Action #2 <ul><li>New infrastructure </li></ul><ul><li>The new WAYF: accessible/mobile versions </li></ul>
  21. 21. Action #2 <ul><li>New infrastructure </li></ul><ul><li>The consent module: follow the process </li></ul>
  22. 22. Action #2 <ul><li>New infrastructure </li></ul><ul><li>The consent module: multi-language </li></ul>
  23. 23. Action #2 <ul><li>New infrastructure </li></ul><ul><li>The consent module: IdP & SP recognition </li></ul>
  24. 24. Action #2 <ul><li>New infrastructure </li></ul><ul><li>The consent module: comprehensive attributes </li></ul>
  25. 25. Action #3 <ul><li>Collect better stats </li></ul><ul><li>We are already collecting stats, but need something more flexible </li></ul><ul><li>As we are migrating our infrastructure, we are also rationalizing how we collect statistics: </li></ul><ul><ul><li>Group by SPs </li></ul></ul><ul><ul><li>Group by IdPs </li></ul></ul><ul><ul><li>Relate both </li></ul></ul><ul><li>We have a web interface ready for us and the service administrators in our institutions </li></ul><ul><li>Will include all SPs as soon as we finish the migration </li></ul>
  26. 26. Action #3 <ul><li>Collect better stats </li></ul><ul><li>Web interface: group by SP </li></ul>
  27. 27. Action #3 <ul><li>Collect better stats </li></ul><ul><li>Web interface: group by IdP </li></ul>
  28. 28. Action #3 <ul><li>Collect better stats </li></ul><ul><li>Web interface: daily usage per IdP </li></ul>
  29. 29. Action #3 <ul><li>Collect better stats </li></ul><ul><li>Web interface: daily accesses per IdP to an SP </li></ul>
  30. 30. Inter-federation <ul><li>STORK </li></ul><ul><li>Aims to create an European eID interoperability platform </li></ul><ul><li>It will enable secure access to online services between Member States </li></ul><ul><li>It will be tested through 5 pilots: </li></ul><ul><ul><li>Pilot 3: student’s mobility </li></ul></ul><ul><ul><li>Online access to university services, using national eIDs for eIdentification and eSignature </li></ul></ul><ul><li>http://www.eid-stork.eu </li></ul>
  31. 31. Inter-federation <ul><li>STORK </li></ul><ul><li>Extends SAML2 to request extra information, as: </li></ul><ul><ul><li>QAA level </li></ul></ul><ul><ul><li>Requested attributes </li></ul></ul><ul><ul><ul><ul><li><stork:RequestedAttribute Name=” http://www.stork.gov.eu/1.0/isAgeOver” </li></ul></ul></ul></ul><ul><ul><ul><ul><li>NameFormat=” urn:oasis:names:tc:SAML:2.0:attrname-format:uri” isRequired=”true” </li></ul></ul></ul></ul><ul><ul><ul><ul><li><saml:AttributeValue>16</saml:AttributeValue> </li></ul></ul></ul></ul><ul><ul><ul><ul><li></ stork:RequestedAttribute> </li></ul></ul></ul></ul><ul><li>New gateway in SIR, based on the STORK core library </li></ul><ul><li>SIR performs on demand attribute mapping from STORK definitions to HE standards </li></ul>
  32. 32. Inter-federation
  33. 33. Inter-federation <ul><li>STORK </li></ul><ul><li>15 universities connected, 9 active </li></ul><ul><li>Main use cases: </li></ul><ul><ul><li>Pre-enrollment of Erasmus students </li></ul></ul><ul><ul><li>Authentication of Spanish citizens with a higher LoA </li></ul></ul><ul><li>Initial contacts established for STORK2 support </li></ul><ul><li>Collaboration between eduGAIN (GN3 Project) and STORK </li></ul>
  34. 34. Inter-federation <ul><li>eduGAIN </li></ul><ul><li>GÉANT academic inter-federation service </li></ul><ul><li>Based on SAML2, federates federations </li></ul><ul><li>Went into production in April 2011 </li></ul><ul><li>Current uptake: </li></ul><ul><li>http://www.edugain.org/federation_status.php </li></ul><ul><li>SIR is an early adopter, but currently allowing only the RedIRIS Identity Provider </li></ul><ul><li>Internal opt-in process for SIR IdPs is under validation: </li></ul><ul><ul><li>Entities must join SIR prior to joining eduGAIN </li></ul></ul><ul><ul><li>Becoming an eduGAIN entity may require signing an additional inter-federation policy </li></ul></ul>
  35. 35. Questions? Thanks for listening! [email_address]

×