Directory Enabled AuthN /Z at Clemson
description
Transcript of Directory Enabled AuthN /Z at Clemson
Directory Enabled AuthN/Z at Clemson
LDAP yesterday, Shibboleth tomorrow
Jill GemmillBarry Johnson
Early adopters of Directories
Since mid 1990’s Event-driven provisioning into/from
directory Developers of DirXML (Novell Identity
Manager) Use of Blackboard as GUI for
collaborative spaces
Clemson myCLE
Auto-provisioned Tools per VO
Address Book Blog Tool Calendar Drop Box EDU Assessment
Tool Glossary HomePage
My Files mySQL Database Organization
Portfolio Search Survey Tool Tasks Wiki General Web Space -Etc!
So, why Shibboleth?
Placing attributes and also Access Control Roles in Directory became cumbersome to enforce correctly for each application
Had come to conclusion that attribute based access control was needed, and Shibboleth appeared to be best solution available.
Shibboleth today at Clemson
Production Shibboleth IdP In use for a few applications, including a
GridShib CA for use in Open Science Grid Plans in place to migrate current
applications to Shibboleth Service Providers
State-wide consortium : Health Sciences South Carolina
Health Sciences South Carolina
http://www.healthsciencessc.org/
HSSC Shibboleth Working Group
Clemson University Greenville Hospital System University
Medical Center Palmetto Health Medical University of South Carolina University of South Carolina Spartanburg Regional Health Care System
Grids Today at Clemson
Condor Pool : A campus grid linking over 1700 machines distributed across 27 locations on campus providing a high throughput computing resource for all faculty and students in need of a loosely coupled computer system to run thousands of jobs. Applications from civil engineering, economics and chemistry have already benefited.
Grids and Shibboleth…Coming Soon
Access to HPC/HTC resources will be authorized using Shibboleth, consistent with other campus applications
Collaboration environments such as myVocs, Sharpe will be used as guides to revising Clemson’s existing access control and provisioning systems.