Advertisement

Géant-TrustBroker: Dynamic, Scalable Management of SAML-Based Inter-federation Authentication and Authorization Infrastructures

  • Daniela Pöhn
  • Stefan Metzger
  • Wolfgang Hommel
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 428)

Abstract

We present the concept and design of Géant-TrustBroker, a new service to facilitate multi-tenant ICT service user authentication and authorization (AuthNZ) management in large-scale eScience infrastructures that is researched and implemented by the pan-European research and education network, Géant. Géant-TrustBroker complements eduGAIN, a successful umbrella inter-federation created on top of national higher education federations in more than 20 countries world-wide. Motivated by experiences with real-world limits of eduGAIN, Géant-TrustBroker’s primary goal is to enable a dynamic and highly scalable management of identity federations and inter-federations. Instead of eduGAIN’s federation-of-federations approach, Géant-TrustBroker enables the on-demand establishment and life-cycle management of dynamic virtual federations and achieves a high level of automation to reduce the manual workload for the participating organizations, which so far is one of the most significant obstacles for the adoption of Federated Identity Management, e.g., based on the SAML standard. We contrast Géant-TrustBroker with other state-of-the-art approaches, present its workflows and internal mode of operations and give an outlook to how eduGAIN can be used in combination with Géant-TrustBroker to solve current AuthNZ problems in international research projects and communities.

Keywords

Federated Identity Management SAML Shibboleth eduGAIN Inter-Federation Trust Management Géant 

References

  1. 1.
    Géant: eduGAIN Homepage (January 17, 2014), http://www.geant.net/service/eduGAIN/Pages/home.aspx
  2. 2.
    Hämmerle, L., Schofield, B.: eduGAIN - Are we there yet? (January 17, 2014), https://refeds.org/meetings/oct13/slides/eduGAIN-at-FIM4R-20131002-bas.pptx
  3. 3.
    Cantor, S., Kemp, J., Philpott, R., Maler, E.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Security Services Technical Committee Standard (2005)Google Scholar
  4. 4.
    SWITCH: SWITCHaai Resource Registry (January 17, 2014), http://www.switch.ch/de/aai/support/tools/resourceregistry.html
  5. 5.
    Hämmerle, L., Lenggenhager, T.: AAI Resource Registry Guide (January 17, 2014), https://www.switch.ch/aai/docs/AAI-RR-Guide.pdf
  6. 6.
    Solberg, A.: Dynamic SAML (January 17, 2014), https://rnd.feide.no/2010/02/18/dynamic_saml/
  7. 7.
    Harding, P., Johansson, L., Klingenstein, N.: Dynamic Security Assertion Markup Language. IEEE Security & Privacy 2(6), 83–85 (2008)CrossRefGoogle Scholar
  8. 8.
    Young, I.A., La Joie, C.: Interfederation and Metadata Exchange: Concepts and Methods (2009), http://iay.org.uk/blog/2009/05/concepts-v1.10.pdf
  9. 9.
    FIN-CLARIN: The Language Bank of Finland - Language Archive Tools (January 17, 2014), lat.csc.fi
  10. 10.
    Terena: PEER 0.11.0: Python Package Index (January 17, 2014) https://pypi.python.org/pypi/peer/0.11.0
  11. 11.
    Johannson, L.: pyFF Documentation - Federation Feeder 0.9.4 documentation (January 17, 2014), http://pythonhosted.org/pyFF/index.html
  12. 12.
    REFEDS: Entity Categories R&S (January 17, 2014), https://refeds.terena.org/index.php/Entity_Categories/R
  13. 13.
    Johansson, L., Young, I.A., Cantor, S.: The Entity Category SAML Entity Metadata Attribute Types - draft-macedir-entity-attribute-00.xml (January 17 (2014), http://macedir.org/draft-macedir-entity-category-00.html
  14. 14.
    Gant: GANT Data Protection Code of Conduct (January 17, 2014), http://www.geant.net/uri/dataprotection-code-of-conduct/v1/Pages/default.aspx
  15. 15.
    Young, I. (ed.): Metadata Query Protocol - draft-young-md-query-01 (January 17, 2014), http://datatracker.ietf.org/doc/draft-young-md-query/?include_text=1
  16. 16.
    eduGAIN (January 27, 2014), http://mds.edugain.org/
  17. 17.
    Harding, P., Johansson, J., Klingenstein, N.: Dynamic Security Assertion Markup Language: Simplifying Single Sign-On. IEEE Security & Privacy 6(2), 83–85 (2008), doi:10.1109/MSP.2008.31CrossRefGoogle Scholar
  18. 18.
    Solberg, A. et. al: Interoperable SAML 2.0 Web Browser SSO Deployment Profile (January 17, 2014), http://saml2int.org/profile/current

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • Daniela Pöhn
    • 1
  • Stefan Metzger
    • 1
  • Wolfgang Hommel
    • 1
  1. 1.Leibniz Supercomputing CentreMunich Network Management TeamGarching n. MunichGermany

Personalised recommendations