AAIEdu Hr Miroslav Milinovi University Computing Centre Srce

AAI@Edu. Hr Miroslav Milinović University Computing Centre - Srce <miro@srce. hr> Euro. CAMP Helsinki,

Contents v v v general information Id. M practices policy enforcement roles & groups

General information v v v evolved from radius hierarchy (network access as killer app.

Id. M practices v Id. M policy technical and organisational requirements w data has

Policy enforcement v Id. Ps: based on agreements with CARNet and Ministry of science,

Roles & groups v via specific atributes in hr. Edu. Person schema hr. Edu.

Schemas v hr. Edu. Person, hr. Edu. Org registry: http: //schema. aaiedu. hr/ w

Auth. N & certs v SCS (TERENA) for services v user/passwd seems to be

Slides: 8

Download presentation

AAI@Edu. Hr Miroslav Milinović University Computing Centre - Srce <miro@srce. hr> Euro. CAMP Helsinki, April 2007

Contents v v v general information Id. M practices policy enforcement roles & groups schemas auth. N & certs Euro. CAMP, Helsinki 2007: 2/8

General information v v v evolved from radius hierarchy (network access as killer app. ) AAI@Edu. Hr SW base (RADIUS + LDAP + SOAP) current architecture in full operation since 03/2006 v 213 (34) + 1 Id. P (nearly 300000 enabled users) SP: 16 + 27 eduroam hot spots around 5. 000 Auth. N reqs processed per month v service types: v v network access (eduroam: wired & wireless, dial-up, cable, EDGE/GRPS) w Web based services (LMS, web apps, helpdesks, . . . ) w computing resources (basic services) w v coupled with national student card & information system of higher. ed. Euro. CAMP, Helsinki 2007: 3/8

Id. M practices v Id. M policy technical and organisational requirements w data has to be up-to date w f 2 f user registration (registered mail? ) w v Id. Ps have relative freedom but are considered liable for missuse v more formalisation and harmonisation needed v a large number of Id. Ps (diversity in size and technical expertise) is a challenge Euro. CAMP, Helsinki 2007: 4/8

Policy enforcement v Id. Ps: based on agreements with CARNet and Ministry of science, education and sport v resource registry for SPs v a large number of Id. Ps (diversity in size and technical expertise) is a challenge v different service classes (network vs. application access) need a different approach to different SPs (eduroam hotspots vs. apps. providers) v more formalisation planned Euro. CAMP, Helsinki 2007: 5/8

Roles & groups v via specific atributes in hr. Edu. Person schema hr. Edu. Person. Affiliation, hr. Edu. Person. Primary. Affiliation, hr. Edu. Person. Role w hr. Edu. Person. Professional. Status, hr. Edu. Person. Academic. Status, hr. Edu. Person. Title, hr. Edu. Person. Science. Area, hr. Edu. Person. Student. Category, hr. Edu. Person. Staff. Category w hr. Edu. Person. Group. Member w v via specific Auth. Z solutions at SP’s side v cro. GRID community as a driver for future development v federated identity (? ) v tool for handling groups (? ) Euro. CAMP, Helsinki 2007: 6/8

Schemas v hr. Edu. Person, hr. Edu. Org registry: http: //schema. aaiedu. hr/ w ver 1. 2. w v use of SCHAC planned in (near) future v harmonisation of attributes (attrib. values) for international (european) conferderations is a challenge Euro. CAMP, Helsinki 2007: 7/8

Auth. N & certs v SCS (TERENA) for services v user/passwd seems to be enough for (end)users v killer app. needed for (effective) deployment of other auth. N methods v X-CARD project (? ) v cro. GRID – a separate case (SLCS solution) Euro. CAMP, Helsinki 2007: 8/8