Introduction Moonshot workshop 6 2 2014 Mikael Lindencsc
- Slides: 11
Introduction Moonshot workshop 6. 2. 2014 Mikael. Linden@csc. fi
Federated identity in Finnish HE Haka – Web. SSO (47 organisations) eduroam – network access (30 organisations) Project Moonshot – non-web SSO Combination of the two above Standardisation (IETF) implementation (Mac, Linux, Free. BSD, Windows, Openssh, Open. LDAP, Samba, Apache, NFS…) Piloting (GN 3 plus) Connect | Communicate | Collaborate 2
Moonshot technical architecture (1) Username/password issued to the user (5) Attributes (3) Authentication (6) SSH session (2) SSH negotiation SSH client (4) RADIUS SSH server RADIUS server Open. SSH used as example of application; many others also apply Slide by Janet(UK) 3 Connect | Communicate | Collaborate 3
Benefits Information security – Password never exposed to the SP (and a rootkit) – Audit trail to serve forensics analysis – Accounts closed when the user departs Usability – Less usernames and passwords for the user Service provisioning – Removes obstacles for streamlining service provisioning to the users Connect | Communicate | Collaborate 4
Downsides Understanding it requires wide competence – RADIUS, SAML, GSS-API… Requires client-side software installation – Moonshot libraries and Identity selector Still early work… Connect | Communicate | Collaborate 5
Example use scenarios Services Centralised servies E. g. CSC’s computing or data services Grid services Cloud services (Iaa. S) Connect | Communicate | Collaborate Technologies • SSH secure shell (Open. SSH) • i. RODS • Grid/My. Proxy • IMAP 6
About Moonshot technilogy Development led by Janet(UK) Pilot in GN 3 plus project 4/2013 -3/2015 UK, France, Hungary, Switzerland, Croatia, Czech, Finland Spain Janet, RENATER, NIIFI, SWITCH, CARNet, CESNET, NORDUnet (Funet), Red. IRIS Trust fabrics can be based on Eduroam techonology Trust router technology Connect | Communicate | Collaborate 7
The Finnish Moonshot pilot
Goals Learn the technology, its maturity and applicability Study alternatives to organise Moonshot as a service Extension of Haka, extension of eduroam, something else? Trust router or eduroam…? International co-operation via GN 3 plus project Foreign Moonshot services? Connect | Communicate | Collaborate 9
What? HU Computing server Moonshot Id. P CSC (Moonshot SP) RADIUS TUT Moonshot Id. P IDA service Real end users to real services E. g. selected research groups from their home universities Still a pilot No promise of production quality service Connect | Communicate | Collaborate 10
Timeline HU and TUT set up the Moonshot Id. P 2 -3/2014 Works against CSC’s production SPs Kick-off with pilot users 4/2014 Involving the pilot users Pilot with the pilot uses 5 -6/2014 Connect | Communicate | Collaborate 11
