Training module - Cloud security and federated identity management
Audience(s):
Administrators of Cloud providers, Cloud users who require a distributed, replicated file system for their Cloud applications.
Prerequisites:
Experience with Linux and basic knowledge in computer networks in order to install and configure the XtreemFS server and client packages.
Description:
Federated identity management
Federated identity management is one of the hottest topics in research infrastructures: as researchers increasingly need to share resources to manage large data volumes or participate in multiple projects, easing the burden by providing single sign on and persistent identity management. Although pushed strongly by academic institutions across the world, it is no less relevant for, say, the pharmaceutical industry. At the same time, cloud and online services providers such as Google and Yahoo provide OpenID identities which enable collaborations, and can be reused. Building federations is a curious mix of technology, trust, federation policies, ease of use, user culture and habits, law, support, resource management and accounting, etc. As all these have to work over a distributed infrastructure, more often than not crossing borders, security plays a strong role. This presentation will primarily look at the available and emerging technologies, focusing on the pragmatic aspects: things that work in practice... Technologies covered include Shibboleth, Moonshot, credential conversion, the role of X.509 certificates, bootstrapping the federated infrastructure security, scalability, and delegation.
The aim of the training in federated identity management is to make the students aware of the state of the art in the field, and to be able to make use of the components from Contrail to adapt to their own needs. It also aimed to highlight the wider context of deploying federated resources, that one will need to define policies for management of the federation- acceptable use, incident handling, etc. Emphasis throughout was on making use of existing infrastructures, but also highlighting any gaps that tend to arise in practice.
Material:
Format:
Presentation with demostrattion. Duration 1h