CERN Workshop on Federate ID Conclusions and Next
- Slides: 11
CERN Workshop on Federate ID Conclusions and Next steps Dr. Stefan Lüders CERN Computer Security Officer Internet 2 Fall 2011 Member Meeting, Raleigh (USA) October 3 rd-6 th 2011
CERN’s User Base Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan. Lueders@cern. ch — “CERN Workshop on Federate ID” — Internet 2 Fall 2011 Member Meeting CERN’s Mission: ► Research: Seeking and finding answers to questions about the Universe ► Technology: Advancing the frontiers of technology ► Collaborating: Bringing nations together through science ► Education: Training the scientists of tomorrow CERN’s Users: ► …from 100 s of universities worldwide ► Pupils, students, post-docs, professors, technicians, engineers, physicists, … ► High turn-over (~15 k per year) One CERN Account: ► Everyone with CERN affiliation can get an account (incl. homepage & email) ► Large growth rate of new accounts ► Need for account very diverse (and not always clear)
CERN’s User Base Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan. Lueders@cern. ch — “CERN Workshop on Federate ID” — Internet 2 Fall 2011 Member Meeting CERN’s Mission: ► Research: Seeking and finding answers to questions about the Universe ► Technology: Advancing the frontiers of technology ► Collaborating: Bringing nations together through science ny ) a ► Education: Training the scientists of tomorrow N gm n CER ud”) o m de o a l t C i CERN’s Users: an outs the “ p i. ► …from 100 s of universities worldwideartic ted g. e p ta on ( i l a i ► Pupils, students, post-docs, professors, c s i t a a f a z n N fte… li technicians, engineers, physicists, R a r E t o s thper n C year) d u e n c ► High turn-over (~15 k c i a o ts w ey ( n/de f n o i c k i t e t j s a f i i ro. Account: iz n l One p o a i Sh CERN w orat rn e e t N ►u Everyone CERN bwith d ex affiliation can get a l l o a(incl. e homepage & email) s an account C u cre ► Large. Ingrowth rate of new accounts u ► Need for account very diverse (and not always clear)
CERN SSO Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan. Lueders@cern. ch — “CERN Workshop on Federate ID” — Internet 2 Fall 2011 Member Meeting CERN Single Sign On ► 10. 000 users p. a. ; 20. 000 accounts ► One portal for CERN-wide Auth. N ► Envisaged for all (web) applications ► From all platforms (Windows, Linux, Mac) ► Microsoft Forefront IM AD/LDAP/Shibboleth/Kerberos E-groups Auth. Z/Role Management ► Homegrown solution sync’d with AD/LDAP ► Default access to (more-or-less) all CERN resources ► Fine grained access controls where needed (e. g. controls, admins, …) Multifactor Authentication ► Currently evaluating Smart. Chips, Yubikeys, GSMauth …but also facing demands to join e. g. edu. ROAM.
CERN SSO Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan. Lueders@cern. ch — “CERN Workshop on Federate ID” — Internet 2 Fall 2011 Member Meeting CERN Single Sign On ! ► 10. 000 users p. a. ; 20. 000 accounts w e i v ► One portal for CERN-wide Auth. N re dog s d ► Envisaged for all (web) applications n d his rd a a k an swo ► From all platforms (Windows, Linux, Mac) c a b yone r pas p ► Microsoft Forefront IM te ever othe s AD/LDAP/Shibboleth/Kerberos to an or y f t i r s n e t u n emb u m T o m : acc rem E-groups Auth. Z/Role Management o e c l ) a atwith e AD/LDAP P o c t E s ► Homegrown solution sync’d t re sers e (H c o n to (more-or-less) re e” u alln CERN ► Default access resources th o s i e m h where y controls o aaccess c + needed (e. g. controls, admins, …) i n ► Fine grained + d n “ e s an’t rce n i o h T e c ’t fo have Multifactor y d u W e can. Authentication a re ► Currently evaluating Smart. Chips, Yubikeys, GSMauth l W a u ey th …but also facing demands to join e. g. edu. ROAM. e m i
Fed. ID for scientific collaborations Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan. Lueders@cern. ch — “CERN Workshop on Federate ID” — Internet 2 Fall 2011 Member Meeting Triggered by the EIROforum (CERN, EFDA-JET, EMBL, ESA, ESO, ESRF, Euro XFEL, ILL) u “. . to explore the requirements for Fed. ID. . . compare the functionality, operational constraints and state of deployment of current technologies, and formulate a roadmap for … the future. ” ► June 9 th & 10 th 2011 ► https: //indico. cern. ch/conference. Display. py? conf. Id=129364 85 participants from 44 organizations in 18 countries ► BELNET, CERN, CSC, DANTE, DESY, EGI, GEANT, ICRC, INFN, PSI, SARA, STFC, SURFnet, SWITCH, TERENA, … Talks from all areas: ► Particle science, social science & humanities, Grid computing, earth science, life science, service providers
Fed. ID for scientific collaborations Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan. Lueders@cern. ch — “CERN Workshop on Federate ID” — Internet 2 Fall 2011 Member Meeting Triggered by the EIROforum (CERN, EFDA-JET, EMBL, ESA, ESO, ESRF, Euro XFEL, ILL) u “. . to explore the requirements for Fed. ID. . . ) e s i compare the functionality, operational constraints -w y g and state of deployment of current technologies, lo o n h c and formulate a roadmap for … the future. ” e t d th th n ► June 9 & 10 2011 a gies y c r li e o ► https: //indico. cern. ch/conference. Display. py? n p y ( s t e t l o a a n i conf. Id=129364 r t o nt a ote b ! h a l e l w n nd nd p t/co o l s a a a nve 85 participants from in 18 countries s 44 asorganizations t k o r i / o. CSC, a. DANTE, n e o r w ► BELNET, CERN, DESY, EGI, GEANT, ICRC, INFN, PSI, g e t r a o n t a h SURFnet, o w e m SARA, STFC, TERENA, … re W earn com whe. SWITCH, y L e f i c t n u en uall Talks. Idfrom daareas: i u escience, tg ► Particle social science & humanities, Grid computing, G u science, life science, service providers earth
Comparison Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan. Lueders@cern. ch — “CERN Workshop on Federate ID” — Internet 2 Fall 2011 Member Meeting Community Other projects # users Chosen technology Status IGTF ɣ/n Facilities EUROFEL Pan. Data CRISP DARIAH CLARIN CESSDAH (DASISH) ~10 000 Shibboleth/SAML Umbrella prototype no O(100) potential for 10 000+ Shibboleth/SAML CLARIN SP federation (using Edu. GAIN) yes ~5900 x 509 Production yes Open. ID x 509 SAML Production (earth system grid) not yet but foreseen for EGI integration not chosen yet Included in Bio. Med. Bridges project workplan no Social Sciences and Humanities WLCG Earth Sciences Life Sciences WLCG ESGF 5000+ for GENESI-DEC CIMP 5 CMIP 5 Metafor IS-ENES ELIXIR & Several 10 ESFRI projects millions of user access data via EBI website
Key Findings Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan. Lueders@cern. ch — “CERN Workshop on Federate ID” — Internet 2 Fall 2011 Member Meeting Common needs provide scope for agreement: ► Communities focus on data access; existing federations grasp for more ► Trust is the key: IGTF is the source of trust for many existing projects ► SSO wanted, but global SSO much more complex than local SSO ► Make it easier for users (does this rule out x 509? ) ► But also: risks increase with one single identity. Traceability is a MUST. Federation policies are well established: ► Delegated down to home institute ► Plans and processes need effort and preparation ► …but how to deal with “homeless” users? Areas of discussion: ► We need high level collaborative policy, not technological silver bullet ► Identity is only part of the problem: What about attributes & group membership across boundaries ► How to guarantee (global) interoperability between federations?
Next Steps Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan. Lueders@cern. ch — “CERN Workshop on Federate ID” — Internet 2 Fall 2011 Member Meeting Develop a roadmap we can all agree to ► Identify a few key use cases ► Essential before talking to industry and funding agencies!!! ► How we can learn from our colleagues in the US? Asia? Latin America? There is no free lunch… ► Need to work in between the workshops – we can’t just talk! ► Nominate architect(s) from each community ► Join the CERN email list on Fed. ID! Follow up workshop rotating between user communities: ► November 2 -3, 2011: Rutherford Appleton Lab, Oxford, U. K. Spring 2012, Summer 2012, … (volunteers? )
Next Steps Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan. Lueders@cern. ch — “CERN Workshop on Federate ID” — Internet 2 Fall 2011 Member Meeting Develop a roadmap we can all agree to ► Identify a few key use cases ► Essential before talking to industry and funding agencies!!! ► How we can learn from our colleagues in the US? Asia? Latin America? There is no free lunch… ► Need to work in between the workshops – we can’t just talk! ► Nominate architect(s) from each community ► Join the CERN email list on Fed. ID! Follow up workshop rotating between user communities: ► November 2 -3, 2011: Rutherford Appleton Lab, Oxford, U. K. Spring 2012, ou. Summer 2012, … (volunteers? ) T k n a h y
X.next = x.next.next
Drawing conclusions and making inferences powerpoint
How to make inferences and draw conclusions
The act of drawing conclusions from the analyzed data
Inferences and conclusions practice
How to make a generalization
Drawing conclusions meaning
What is reasoning
Lamb to the slaughter essay conclusion
Make inferences and draw conclusions
During a biology laboratory session
Skill 4 draw conclusions about who what where
