comanage-dev - proposal -- CO/VO demo
Subject: COmanage Developers List
List archive
- From:
- To:
- Subject: proposal -- CO/VO demo
- Date: Fri, 21 May 2010 11:11:22 -0400
Ken had a recent conversation with two of the ORCA/GENI PIs. They have a multi-tier application used by people from multiple campuses. They have an interesting use case for combining CO + Shib. Actually, they have a "poster child" example of how this would work for lots of different groups.
Now that we have Benn on board, and presumably working more than 20%, I'm wondering if we can think about constructing a demo vehicle that we could show in multiple venues.... I'd suggest starting by developing a "generic" demo. Then we could talk to individual groups (eg ORCA, the two groups identified in the NSF proposal, etc) about how they might align with the generic. There's an opportunity to demo the generic at an upcoming GENI conference (mid-July).
The attached slide shows the basic demo. Here are the steps:
1) Browser user goes to CO and "registers". Authn is done at the home campus IDP. (the VO manager then adds them to the appropriate group, or they are added automagically).
3) Browser user goes to the "portal". The portal is protected by Shib; Authn is once again done at the home campus IDP. Shib is configured to obtain attributes describing the user from the CO instance. (aggregated identity).
5) Browser user "uses" a portlet within the portal. The portlet uses Shib's "delegated authn" support to login to a backend service as the browser user. The portlet sends a simple SOAP msg to the backend; the backend responds; the portlet displays the response. (This is almost identical to the proof-of-concept code that UNICON developed to test the delegated authN Shib support. "login to a backend service as the browser user" is handled by a library developed by UNICON)
Is that the generic use case ? I think so.....
So... here's my specific proposal.....
1) can Benn install a) a CO instance + Shib (he has to learn about it), and b) uportal, and c) the UNICON POC portlet within uportal. He brings an interesting skill set to the table....
2) I'll install and configure Shib around uportal and the backend svc (its a non-std Shib config, because of the use of aggregated identity + delegated authN)
3) I can create the backend svc, protected by Shib. (Its the "hello world" of the SOAP universe)
4) Heather and I can work together on developing the script for the demo
Maybe I'm crazy... but I don't think this should be too much work... assuming we can get real/virtual machines for the environment..
And this same generic demo could be used with the National Labs crew, etc.
Thoughts ?
(I'm thinking that once we have a "generic" demo to show the ORCA PIs, the next step would be to construct a "real" demo that includes their portal and their backend service.... )
Attachment:
Usage.ppt
Description: MS-Powerpoint presentation
- proposal -- CO/VO demo, Steven_Carmody, 05/21/2010
- Re: [comanage-dev] proposal -- CO/VO demo, Dan Pritts, 05/21/2010
- Re: [comanage-dev] proposal -- CO/VO demo, Steven_Carmody, 05/27/2010
- Re: [comanage-dev] proposal -- CO/VO demo, Dan Pritts, 05/27/2010
- Re: [comanage-dev] proposal -- CO/VO demo, Benn Oshrin, 05/27/2010
- Re: [comanage-dev] proposal -- CO/VO demo, Steven_Carmody, 05/27/2010
- Re: [comanage-dev] proposal -- CO/VO demo, Dan Pritts, 05/21/2010
Archive powered by MHonArc 2.6.16.