Shibbolized Subversion - PowerPoint PPT Presentation

1 / 35
About This Presentation
Title:

Shibbolized Subversion

Description:

Local WAYF previously created for WebMPI. InQueue's WAYF. Identity Provider. chatter.uark.edu. Test LDAP server. Authorization. Difficulties. Technical difficulties ... – PowerPoint PPT presentation

Number of Views:44
Avg rating:3.0/5.0
Slides: 36
Provided by: archieC9
Category:

less

Transcript and Presenter's Notes

Title: Shibbolized Subversion


1
Shibbolized Subversion
  • Advisor Prof. Amy Apon
  • Linh Ngo

2
Overview
  • Introduction
  • Background
  • Tools and Methods
  • Design
  • Issues Encountered
  • Accomplishments
  • Limitation
  • Future Work

3
Introduction
  • Motivation
  • Cross-institutions collaborations
  • Resource-sharing system
  • Issues
  • Account management
  • Access control

4
Introduction
  • Goals
  • Shared repository with trusted open access
  • Simple authentication
  • Fine-grained access control
  • Guaranteed security, authenticity, and privacy
  • Platform independent

5
Background
  • Authentication/Authorization System
  • Shibboleth
  • eduPerson Scheme
  • Repository System
  • Subversion System
  • Subversion Interfaces

6
Shibboleth Architecture
7
eduPerson Scheme
  • LDAP class
  • Common ground in personal attribute definition

8
Subversion
  • Version control system
  • Features
  • Directory and file versioning
  • Atomic commit
  • Versioned metadata
  • Choice of network layers

9
Subversion Interfaces
  • webDAV
  • TortoiseSVN
  • RapidSVN
  • JSVN

10
Tools and Methods
  • Repository installation
  • Authentication mechanism
  • Authorization mechanism

11
Repository Installation
  • Prerequisites
  • Apache Portable Runtime 0.9.5
  • Neon library 0.24.7
  • Apache Server 2.0
  • Subversion 1.2
  • Local installation

12
Authentication
  • Shibboleth
  • Certificate
  • Service Provider
  • WAYF
  • Identity Provider

13
Authentication
  • Certificate
  • University of Wisconsins test certificate
    (Bossie)
  • Service Provider
  • subversion.csce.uark.edu

14
Authentication
  • WAYF
  • Local WAYF previously created for WebMPI
  • InQueues WAYF
  • Identity Provider
  • chatter.uark.edu
  • Test LDAP server

15
Authorization
  • Difficulties
  • Technical difficulties
  • Account management
  • Resource management
  • Non-technical difficulties
  • Different time frame
  • Different schedule and workload
  • Different internal politics

16
Authorization
  • Who are you
  • What are you allowed to do

17
Authorization
  • User-active method
  • Authorization by Identity Provider
  • Advantages
  • No access control needed
  • Convenient for user management
  • Disadvantages
  • insecure

18
Authorization
  • Resource-active
  • Traditional access-control method
  • Advantages
  • Secured
  • Disadvantages
  • Scalability
  • Administrative burden for Service Provider
  • Leak of privacy

19
Authorization
  • Fair-share

20
Authorization
  • Advantages
  • Secure
  • Equal administrative responsibilities
  • Disadvantages
  • High infrastructure requirements

21
Authorization
  • EduPerson Attributes
  • eduPersonPrimaryAffiliation
  • eduPersonScopeAffiliation
  • eduPersonEntitlement
  • eduPersonTargetedId

22
Design
23
Browser
  • Browser Interface
  • Perl CGI and HTML
  • Protected by Shibboleth
  • Subversion functionalities
  • Checkout
  • Add
  • Update
  • Status
  • Commit

24
Local Script
25
Access Control
  • Attributes matching
  • Match Identity Providers user attributes and
    Subversion repositorys properties
  • One attribute for both read and write access

26
Script Example
27
(No Transcript)
28
(No Transcript)
29
(No Transcript)
30
(No Transcript)
31
(No Transcript)
32
Issues Encountered
  • Technical difficulties
  • Administrative difficulties

33
Accomplishments
  • Shared repository with trusted open access
  • Secured authentication/authorization
  • Fine-grained access control
  • Platform-independent

34
Limitation
  • Scalability
  • Repository Administration
  • Technical Difficulties
  • Trade-offs
  • Convenient for data size

35
Future Work
  • Fixing the limitation
  • Improving the current design
Write a Comment
User Comments (0)
About PowerShow.com