?????? ?p?d?

About This Presentation

Title:

?????? ?p?d?

Description:

?p?p??s?eta: AIX, FDSL ... FDSL) ? a??????? ?? pa???? ... t?? ep? ????? servers sta ?d?? ata (Identity Providers) ?a? t?? te????? ???st?? ... – PowerPoint PPT presentation

Number of Views:37

Avg rating:3.0/5.0

Slides: 36

Provided by: conferenc72

Category:

more less

Transcript and Presenter's Notes

Title: ?????? ?p?d?

1
?????? ?p?d?µ? p?st?p???s?? ??a e??p???µ???
p??sßas? se ?p??es?e? ß?ß????????

?T???? ?????? ??????S ???????G??S
?. ?a?ß?ts??t???. ?as??p??????. ?a?da???

2
1. ?a???s?as? ????

?? e??a? ta NRENs
?????? ta??t?ta? d??t?a ep?????????? e??e?a?
???µa?a? p?? pa?????? ?????? p???t?ta?
ep????????e? ?a? ?p?????st???? ?p??es?e? se
e????? ep?ped? st?? ??e???t???? ?a? ??pa?de?t????
?????t?te?

3
?? e??a? t? ????

? eta??e?a - ?? ?????p??
?? d??t??
?? f??e??
?? ?p??es?e?

4
???a????aµµa t?? ????
???a??t??? ??µ? ????
Ge???? S????e?s?
G??µ?d?t??? ?p?t??p?
??µ???? S?µß?????
??????t??? S?µß?????
?µ?da ??d????
?p?t??p? St?at??????
???t??? ???µ??
S?ed?asµ??
???ed???
??e????s? ??a?e???s??
??e????s? ??????µ????
?e????? ??e????s?
????? ?????aµµ?t??
??????s??
VNOC
5
?? d??t?? t?? ????

??s??µ??a ?????µata ???µ?? sta 2,5 Gbps
??as??des? µe t? e???pa??? d??t?? Géant sta 10
Gbps
S??t?µa ?a d?a??te? ?d???t?te? ?pt???? ??e?
(15et?? µ?s??s?)

6
?? f??e?? t?? ????

???, ??? ??e???t??? ?d??µata
?e??ss?te?a ap? 100 s?µe?a d?as??des?? se ????
t?? ????da
?p?p??s?eta AIX, FDSL

7
?? ?p??es?e? t?? ????

?as???? ?p??es?e? connectivity st? d??t??
???µ??, mail, DNS, DWS, ??p.
???s?ete? ?p??es?e? ?a? e?????? ?p?d?µ??
Directory Services, VoIP, PKI, EduRoam, Grid
?p??es?e? ep?µe??? ?e???? VPNs, QoS, ???, ?.?.
?st?????ta? st?? ?p??es?e? AAI

8
2. ?? p??ß??µa t?? AA - ??se??

?? p??ß??µa e??a? ? e?e???µe?? p??sßas?
p?st?p???s? ta?t?t?ta? ???st? ?a? ß?se? a?t??
e?????s? ?de?a? p??sßas?? Authentication/Authori
zation (AA)
S?µßat???? µ???d?? AA
???ß??µata s?µßat???? µe??d??
?? ??t?µe ap? t?? ??e? µe??d??? AA
?? pa???e? µ?a ?p?d?µ? AA (???)
??? d???e?e? µ?a ?p?d?µ? AAI

9
???ß??µa ??e???? p??sßas??

?? p??ß??µa ? e?e???µe?? p??sßas?
se ??f?a?? ?????, d?µ?s?e?se??, ??p. (s?et??eta?
?µesa µe t?? ß?ß??????e?)
µe p???? t??p?
S?µßat???? µ???d??
µe ??e??? t?? d?e????s?? IP t?? ???st?
µe username/password
µe ??f?a?? p?st?p???t???

10
a. ??se? d?e????s?? IP (1/2)

? p?????? e?et??e? t? d?e????s? t?? ???st? ?a?,
a? ? d?e????s? ß??s?eta? µ?sa se ??p??e? pe??????
p?? ????? d??a??µa p??sßas?? (p.?., d?e????se??
e??? ?a?ep?st?µ??? p?? ??e? s??d??µ? ??a t?
??t??µe?? a?t??e?µe??), ? SP d??e? st? ???st?
p??sßas? st? ??t??µe?? p???
??e??e?t?µata
ap??t?ta (? ???st?? ??e? e?a???? p??sßas? ?????
?a ??e?aste? ?a ???e? ??t? ?? a?t?)
a????µ?a (? p?????? de ??????e? t? ???st?)

11
a. ??se? d?e????s?? IP (2/2)

?e???e?t?µata
??a?t?ta? ap? t?? t?p??es?a t?? ???st? ?a?
epe?te??eta? µ??? µe VPNs (?p?? pa?e? ?a e??a?
ap?? µ???d?? ?a? apa?te? username/password)
?pe?d? e??a? a????µ? µ???d??, e??a? d?s???? ?a
ap?d?se? d?af??et??? d??a??µata se d?af??et???
e?d? ???st?? (p.?., ?a????t?? ??a?t? f??t?t??)
???? a????µ?a?, e??a? µ???d?? a?e???e??t? ?a?
ep?de?t??? ?at????s?? (p.?. µe ??a? proxy server)
????e? d?s????e? ?ta? ap??t??ta? ep?p????
d?e????se?? IP (ß?. FDSL) ? a??????? ?? pa????

12
ß. Username/password (1/2)

? p?????? ???e ?p??es?a? (p.?., ???e e?d?t????
???a??sµ??) t??e? µ?a ????st? ß?s? ???µ?t?? ?a?
passwords. ? ???st??, ??a ?a p??spe??se? t?
pe??e??µe??, d??e? username ?a? password
??e??e?t?µata
ep?t??pe? t? d?af???p???s? d??a??µ?t?? µeta??
???st??
ep?t??pe? t?? ????t???t?ta t?? ???st??

13
ß. Username/password (2/2)

?e???e?t?µata
? ???st?? ??e???eta? ?e????st? e???af? se ???e
p?????
s??t?µa a?t? ???eta? ad??at? ?a t? d?a?e???ste?
?a? ? ?d??? ? ???st?? ?a? ? ?p???sd?p?te t??t??
??a ???a??asµ? t?? (p.?. a??a?? password)
?? ???ste? te????? ?a ???s?µ?p????? ta ?d?a
usernames passwords pa?t??, p???µa p?? e?s??e?
p??ß??µata asf??e?a?
de? e?asfa???eta? ? a????µ?a t?? ???st?, µe
ap?t??esµa ???e p?????? µp??e? ?a µa?a??e?
ded?µ??a (?a? s????e?e?) t?? ???e ???st?

14
?. ??f?a?? p?st?p???t???(1/2)

? ???st?? ap??t? ??a ??f?a?? p?st?p???t???, ?
p??sßas? st? ?p??? p??state?eta? (p.?. µe
password).
? ???st?? eµfa???e? t? p?st?p???t??? t?? st??
p????? ??a ?a ap??t?se? p??sßas? st? pe??e??µe??.
??e??e?t?µata
??a ta p?e??e?t?µata t?? µe??d?? username/
password ?a? ep?p????
de? apa?t???ta? p???ap??? e???af?? ???st?? (??te
µ?a e???af?/???st?, ??te µ?a/p?????)

15
?. ??f?a?? p?st?p???t???(2/2)

?e???e?t?µata
pa?aµ??e? ? µ? a????µ?a t?? ???st?
? d?a?e???s? p?st?p???t???? e??a? pe??p???? ?a?
??a t?? ?d?? t? ???st? (tokens, ??p.)
apa?te?ta? ? s?µf???a ?p?d?µ?? p?st?p???s?? (PKI)
p?? ?a e??a? ap? ?????? ap?de?t? µeta?? ???st?,
pa????? pe??e??µ???? ?a? ?d??µat??
apa?te?ta? µ?a s?et??? ?µ???µ??f?a st? d?µ? ?a?
ta ded?µ??a t?? p?st?p???t????, ??t? p?? e??a?
ep?s?? d?s????

16
?? ??t?µe ap? µ?a ??s? (1/2)

??????a st? d?a?e???s?
??a? µ??ad???? ???a??asµ?? ???st?
e?asf???s? d??a??µ?t?? t?? ???st? ap? t? ?d??µa
????? ?a apa?te?ta? pa??µßas? t?? ?d??? t??
???st?
?????µ?a
? ???st?? ?a ap??t? p??sßas? ß?se? t?? ?d??t?t??
t?? ?a? ??? ß?se? t?? ta?t?t?t?? t??
a????µ?a µe?, a??? ????? d??at?t?ta e??????
?at????s??
??af???p???s?
ta d??a??µata t?? ???st? ?a µp????? ?a
d?af???p?????ta? a?????a µe t?? ?d??t?t? t??
(f???t??, ?a????t??, ??p.)

17
?? ??t?µe ap? µ?a ??s? (2/2)

????t???t?ta
? ???st?? ?a ??e? ta ?d?a d??a??µata ?p?? ?a? a?
ß??s?eta?, ????? ?a ??e???eta? ?a µetaf??e?
?p?????st??, ??e?d??, ??p., ? ?a ??e???eta? VPN
???e?a ap?d???
??s? ?ata???t? ?a? ???p???s?µ? ap? ta ?d??µata
ap?de?t? ?a? ?p?st?????µe?? ap? t??? pa??????
pe??e??µ????
(??a) µe ???s? p??t?p?? ?a? e??a?e??? e??e?a?
ap?d????
?p?p???? p?e??e?t?µata

18
?p???e? s?µe?a ??s? ???a

?a? (?a? µ???sta pe??ss?te?e? ap? µ?a)
?? ??se?? a?t?? e??a? ???st?? ?? s?st?µata
?p?d?µ?? ??st?p???s?? ?a? ???a??µ?t?? ???sßas??
(Authentication Authorization Infrastructure ?
AAI)

19
?? pa???e? µ?a ?p?d?µ? AAI

??a ta ??t??µe?a ap? µ?a ??s? AAI
??a? µ??ad???? ???a??asµ?? ???st? ?? ???ste?
???f??ta? µ??? µ?a f???, st? ???e?? ?d??µa
????t???t?ta ?? ???ste? µp????? ?a ?????
p??sßas? ap? pa?t??
a????µ?a ?? p?????? de? µa?a????? st???e?a t??
???st??
d?af???p???s? d??a??µ?t?? d?af??et????
?at?????e? ???st?? µp????? ?a ????? d?af??et???
d??a??µata
e?????a ? ap?de??? ta?t?t?ta? ???eta? µ?s? web
(user/password)
?a? ep?p????
s?µµet??a µe t?? ?d?a a???ß?? ?p?d?µ?, ??a
?d??µa µp??e? ?a pa??s?e? ?p??es?e? ?a?
pe??e??µe?? µe t?? ?d?a e?????a p?? µp??e? ?a
??ße? ?p??es?e? ?a? pe??e??µe?? ap? t??t???

20
??µ?f??e?? ?p?d?µ?? AAI

?? s?st?µa Shibboleth (Internet2), t? ?p??? e??a?
?a? t? p??t? ?st????? s?st?µa AAI
(?p?st????eta? ap? t? ????)
???a s?st?µata (A-SELECT, ??p.)

21
??? d???e?e? t? Shibboleth
?e?t????? server WAYF
Service Provider (SP)
Identity Provider (IdP)
22
??? d???e?e? t? Shibboleth (µe ????a)

? ???st?? ep?s??pteta? t? se??da t?? pa?????
? se??da t?? pa????? a?a?ate????e? t? ???st? st??
?e?t???? se??da t?? ?p?d?µ?? (WAYF) st?? ?p??a ?
???st?? ep????e? t?? f??? ?p?? a???e?
? se??da WAYF a?a?ate????e? t? ???st? p??? t??
se??da t?? ?d??µat?? t??, st?? ?p??a ? ???st??
e?s??e? ta st???e?a t?? (username, password)
?f?? ? ???st?? d?se? s?st? ta st???e?a t??,
a?a?ate????eta? a?t?µata st?? a????? se??da t??
pa????? ap? ?p?? ?e????se
?e asfa?? t??p?() ?? ?d??t?te? t?? ???st? p??
ep???µe? t? ?d??µa ???st?p?????ta? st?? p?????

23
G?at? e??a? ?p?d?µ?

???t? de? e??a? ap??? µ?a ?p??es?a
p??ß??pe? t?? ?pa??? e??? ?e?t????? WAYF server
?ste ?a d?e??????eta? ? ???µ???s? (p.?. ??
p??s????se?? ???? f?????) ????? ?a apa?t???ta?
a??a???
pe???aµß??e? te???????a d?a?e???s?? d??a??µ?t??
(SAML)
apa?te? s??s? eµp?st?s???? µeta?? t?? pa?????
pe??e??µ???? (Service Providers), t?? ?e?t?????
WAYF server, t?? ep?µ????? servers sta ?d??µata
(Identity Providers) ?a? t?? te????? ???st??
apa?te? µ?a ????? ap?de?t? ?p?d?µ? p?st?p???s??
(PKI) µeta?? ???? t?? pa?ap???
G? a?t? ???a???eta? ß??t?sta se s?ss?µat?se??
?d??µ?t?? p?? µ???????ta? ta pa?ap???, ?a? p??
???µ????ta? ?µ?sp??d?e? (federations)

24
3. ??? e?µaste ?a? p?? p?µe

????? ???st?? p?????? pe??e??µ???? ?p?st???????
AAI
???e? ?µ?sp??d?e? ?p?????? d?e????
??? ß??s???ta? ta p???µata st?? ????da
????? e??a? ? ????? t?? ????
???a p??sf??? a?aµ??eta? ap? ta ?d??µata (?a? t??
ß?ß??????e? t???)

25
?p?st????? t?? Shibboleth

??????? pe??e??µ????
Science direct
Elsevier
EBSCO
X-libris
JSTOR
??atf??µe? e-learning
Blackboard
WebCT
WebAssign
Moodle
Ilias
Eclass

(µe ???a ????a, ?p???e? ?d? µ?a e???tat? ???µa
pe??e??µ???? p?? µp??e? ?a p??spe?aste? ap? t??
?p????d?p?te ????? ???st? µ?a? ?µ?sp??d?a?
Shibboleth)

26
???e? ?µ?sp??d?e? ?p??????

InCommon (Internet2 ???)
Switch-AAI (SWITCH ??ßet?a)
HAKA (CSC F???a?d?a)
UK Access Management (?. ??etta??a)
MAMS (??st?a??a)
...?a? p????? a??µa se e?????? se d??f??e? ???e?
(pa?at???s? ?? ?µ?sp??d?e? d?a???????ta? se
e????? ep?ped?)

27
??? ß??s?eta? ? ????da

?? ???? ??e? a?apt??e? ?a? d?a??te? s?µe?a µ?a
?µ?sp??d?a Shibboleth
???? ??T, ???, ??, G?afe?a ????
?p????? ?a p??s????s??? ?µesa ?sa ?d??µata ?????
?? ???? (??, ??, ?T, ??, ??T, ??e?., ?a????pe??,
?.?.)
? ????? t?? ???? e??a? (?a? ?a e??a?) ?a
?p?st????e? ?e?t???? a?t?? t?? ?p?d?µ? ?????
?p???e?t??? ?a ??te? ????? d?a?e???s?? a?t?? t??
?p?d?µ?? (ß?. p.?. HARICA)

28
? ????? t?? ?d??µ?t?? (1/3)

Ste?? s??e??as?a µe f??e??-???ste? t?? ?p??es?a?
e?t?? ?d??µat?? (ß?ß??????e?, a??? ?a? ???e?
efa?µ????, d?????s?, ??p.)
??????s? t?? s?µe????? ?µ?sp??d?a?, se t?p???
(p.?. MoU) ?a? te????? ep?ped? (??a µ???,
???p???se??, d???µ??, ??p.)
???pt??? t?p???? ?p?d?µ?? sta ?d??µata (p.?.,
Directory Services ? ?s?d??aµ? ?p?d?µ? User
Database p?ß?. ?a? µe apa?t?se?? e-University)

29
? ????? t?? ?d??µ?t?? (2/3)

??t?µa ap??t?s?? ?? ap? t? NOC t?? ?d??µat?? p???
t? ????
???s? ?? ???? ??a s??p??? prototyping
Directory Services (pe???aµß??eta? st? ??)
Shibboleth IdP (pe???aµß??eta? st? ??)
Shibboleth SP (?a p??ste?e? st? ?? 4Q06)
Stad?a?? a?t???af? ?p??es??? ap? t? ?? ?a?
e?s?µ?t?s? t??? st?? p????f???a?? ?p?d?µ? t??
?d??µat??

30
? ????? t?? ?d??µ?t?? (3/3)

?a???? ?p??es?a? Shibboleth IdP se ?a?est??
pa?a?????
???pt??? te??????s?a? ??a t?? pa???? ?p??es???
t?? ?d??? t?? ?d??µat?? µ?s? Shibboleth SP se
t??t???
Stad?a?? µet?ßas? es?te????? ?p??es??? t??
?d??µat?? p?? t??a ßas????ta? se ?????? t??p???
AA p??? t? Shibboleth

31
? ????? t?? ß?ß???????? (1/2)

???a??d??s? s??d?sµ?? (liaison) µeta?? a?µ?d???
f????? (ß?ß???????? ?.?.) ?a? ???? (?????? ??a
d?ad??ast??? ??µata)
Ste?? s??e??as?a µe t? NOC ?d??µat?? ??a
s??t???sµ?, d?at?p?s? apa?t?se??, ??p.
?p?st????? d?ad??ast???? ?eµ?t?? (?at??t?s?
?p???af? MoU, ap?d??? ap? t?? d?????t???? a????
t?? ???e ?d??µat??)

32
? ????? t?? ß?ß???????? (2/2)

???s? ?p??es??? Shibboleth SP (?? ? ?d??µat??)
??a pa???? ?p??es??? ?a? pe??e??µ???? se t??t???
??a?e???s? s??d??µ?? µe t??? pa??????
pe??e??µ???? ?a? ?a????sµ?? p???t???? d???es??
st???e??? t?? ???st?? se a?t???
???pt??? efa?µ???? e?d?af????t?? t??? ß?se? t??
?p?????sa? ?p?d?µ??
e?de??t???, d???es? pe??e??µ???? t?? ?d??µat??
(d?at??ß??, reports, ??p.) se f??t?t?? ??p.

33
4. S?µpe??sµata (1/2)

?? ?p?d?µ?? AAI
????? p???? p?e??e?t?µata s???????µe?e? µe t??
s?µe????? d?ad??as?e? ?a? µe??d???
d?e????????? s?µa?t??? ?a? t?? d?? ?ate????se??
AA (p??sßas? se pe??e??µe?? t??t?? pa?????,
e?e???µe?? d???es? ?d??? pe??e??µ????)
e??a? ?d? ed?, d?a??s?µe? se ??a ta ?d??µata
?a ?d??µata µp?????
?a µp??? a????? st? AAI ?????ta? ???s? t??
?t??µ?? ?p??es??? sta ?? t?? ????
ßa?µ?a?a ?a a?apt????? d???? t??? ?p??es?e?

34
S?µpe??sµata (2/2)

?? ß?ß??????e? µp?????
?a p??sf????? ??e? ?p??es?e? ß?se? ?d??t?t?? ???e
???st? (?a????t??, f??t?t?? ??p.)
?a ?a???????? t?? p???t??? d???es?? p????f?????
p?? af????? t??? ???ste? ???e ?d??µat?? p???
t??t??? pa??????
?a a?apt????? ??e? ?p??es?e? d???es?? ?d???
pe??e??µ???? p??? t??t??? f??e??
?a e??a? ?? f??e?? s??t???sµ?? ?a? p?????s?? t??
p??sp??e?a? a??pt???? t?? AAI st?? ????da

35
???a??st??µe!