View
213
Download
0
Tags:
Embed Size (px)
Citation preview
A Middleware
Unified Field Theory
Identity Management / Directories
Privileges / Groups
Single Sign-On / Federation
Enterprise Integration
from network to application
Michael R GettesInternet2
August 2007
An interpretation of the original MACE mission
COmponents
S H I B B O L E T HS H I B B O L E T H
LDAP-PC
Signet Grouper
LDAPDirectory
IdentityMgr
Applications & Network
CO
COmponents
S H I B B O L E T HS H I B B O L E T H
LDAP-PC
Signet Grouper
LDAPDirectory
IdentityMgr
Applications & Network
CO
Stuff stored in Directories(everybody has one)
Priv/Group data more accessible
Allows for easy CO integration
Application Management
App Access to data ismanaged by LDAP (initially)
Identity data can be distributed by any desired mechanism in the future. SQL databases, feeds, message bus technologies.
Uses ShibbolethFederating technology
Promotes InCOmmon Federation
Might use other technologiesOpenID?
Truth be told…
LDAP-PC Large-Scale Performance and namespaces
SIGNETMinor UI and Deployment
GROUPER Some UI and Large-scale Performance
SIGNET only immediate concern
Many COson a single server
________
No local identity issued for external users to access
CO services big win!
Signet/Grouper COmplexity
A Service Opportunity?Middleware Service Provider (MSP)
May also be locally deployedby HE institutions