CILogon Federated Access to Science Services and Infrastructures Terry Fleury Jim Basney This material is based upon work supported by the National Science.

Download Report

Transcript CILogon Federated Access to Science Services and Infrastructures Terry Fleury Jim Basney This material is based upon work supported by the National Science.

CILogon
Federated Access to Science
Services and Infrastructures
Terry Fleury <[email protected]>
Jim Basney <[email protected]>
This material is based upon work supported by the National Science Foundation under
grant number 0943633. Any opinions, findings, and conclusions or recommendations
expressed in this material are those of the author(s) and do not necessarily reflect the
views of the National Science Foundation.
CILogon Goal
• Facilitate campus logon to CI
– Leverage researchers’ existing
credentials at their home
institution
– Ease credential management
for researchers and CI
providers
• Bridge from:
– Credentials issued by
InCommon Federation (SAML)
and OpenID Providers (OpenID)
• Bridge to:
– X.509 certificates that satisfy
the requirements of CI projects
CILogon
2
www.cilogon.org
High-Level Overview
Identity
Providers
User’s
“Desktop”
CILogon
10110
01001
10101
01001
OpenID
X.509
Certificate
SAML
Id, IdP
CILogon
3
www.cilogon.org
X.509 Certificates
• Three (3) Certificate Authorities (CAs) – Levels of Assurance
– OpenID
– Basic (All InCommon participants)
– Silver (Using InCommon Silver Profile)
• Subject DN contains Identifier
– For OpenID
• /DC=org/DC=cilogon/C=US/O=CILogon OpenID/CN=URLencodedIdentifier
• E.g. /DC=org/DC=cilogon/C=US/O=CILogon
OpenID/CN=https%3A%2F%2Fterrencegf.pip.verisignlabs.com%2F
– For InCommon
• /DC=org/DC=cilogon/C=US/O=OrganizationDisplayName/CN=displayName UID
• E.g. /DC=org/DC=cilogon/C=US/O=ProtectNetwork/CN=Terrence Fleury A263
CILogon
4
www.cilogon.org
Demonstration
https://cilogon.org/
CILogon
5
www.cilogon.org
Thank You
For more information:
www.cilogon.org
[email protected]
CILogon
6
www.cilogon.org