presentatie code jam niels van dijk
TRANSCRIPT
SURFconext codeJamNiels van Dijk, Technical Product Manager SURFconext
Utrecht, November 2011
The Collaboration game
Modern universities are developing towards loose
conglomerates of (inter)discipline expertise
→ Collaboration is therefore core business
→ Scientific collaboration involves groups of people
in multiple institutions, disciplines and countries
→ Collaboration is about using shared resources
A distributed landscape
Learning and science combines resources from
multiple sources:
→ The core resources are within the 'local' domain,
but may be within multiple institutions
→ and the generic collaboration services in 'the
cloud'
(C) 2009 SURFnet B.V.4
SURFconext componentsSURFconext components
Functional componentsFunctional components
Basic Concepts
- Identity Federations, SAML and attributesIn: AuthN and attributesOut: AuthN, attributes and OpenSocial API
- GroupsIn: SURFteams & external sourcesOut: OpenSocial API
- OpenSocial, Gadgets, Social Data API and oAuthIn: attributesOut: OpenSocial API
Identity federations
Source: David Simonsen, WAYF
Attributes
Mapping SAML → OpenSocial
Groups
- Groups are either managed centrally (SURFteams),
or provided by institutions
- Any acceptable user can become a group 'admin'
- Groups provide context for applications
(but applications decide on AuthZ!)
SURFteams
https://www.surfteams.nl
SURFteams Gadget
OpenSocial ?
- General purpose web integration technology ('Gadgets')
- Open 'Social Data' API for exchanging information on people, groups, activities, etc (Javascript and REST API)
- But also:- Lightweight, '2.0' complient and 'Easy'- Open standard, browser based components- Vendor neutral & platform independent- Large user community → wide spread adoption- Uptake moving from Social Networks to R&E and
Enterprise
OpenSocial - overviewOpenSocial - overview
App’s Virtual Organization ConsumersApp’s Virtual Organization Consumers ‘ ‘Social Network’Social Network’
OpenSocial - GadgetsOpenSocial - Gadgets
Gadget APIGadget API
- Browser based- Browser based- Lightweight- Lightweight- Optimized for the internet- Optimized for the internet- Can be anywhere- Can be anywhere
<?xml version="1.0" encoding="UTF-8" ?> <Module> <ModulePrefs title="Hello World!"> <Require feature="opensocial-0.8" /> </ModulePrefs> <Content type="html"> <![CDATA[ Hello, world! ]]> </Content> </Module>
OpenSocial – Gadget TypesOpenSocial – Gadget Types
- Iframe Gadget vs
- 'Full blown' gadgets (using REST API, Javascript OSAPI)
Iframe GadgetsIframe Gadgets
+ Much easier to develop
+ Leverage SAML SSO for AuthN
- Content lives remote
- NO context
- Potential GUI clashes
SURFteams – Again...
https://www.surfteams.nl
SURFteams Gadget
Javascript GadgetsJavascript Gadgets
+ Context (Person, Group)
+ Data is 'local'
+ Much more flexibility
+ GUI independent
? OAuth for authentication
- More work to develop
Social Data APISocial Data API
Provides API for exchanging ‘social data’, e.g.: Provides API for exchanging ‘social data’, e.g.: - People & Profiles (attributes)- Groups & Relationships- Activities & messages - Shared applications - Authentication (OAuth)(OAuth)
OAuth
- RFC 5849: The OAuth 1.0 Protocol
- Webservice (REST) authentication framework
- SURFconext supports
2 and 3 legged OAuth
2-legged OAuth
2-legged OAuth:
1) SURFconext and
2) an Application server
http://wiki.opensocial.org/index.php?title=OAuth_Use_Cases
3-legged OAuth
3-legged OAuth:
1) SURFconext and
2) an Application server
3) plus an authenticated user
http://wiki.opensocial.org/index.php?title=OAuth_Use_Cases
Get Conexted!
• Connexting an Identity provider
• Connexting a Service provider
• Providing Gadgets
• Leveraging the REST API (& using OAuth)
• Domestication
Identity providers
• The SURFconext platform does not connect to Identity Providers directly*
• But, it is a Service Provider in SURFfederatie
• So, either join SURFfederatie as an IdP
• Or use eduGain (Geant3)
• SURFconext SP metadatahttps://engine.surfconext.nl/authentication/sp/metadata
* that is, some are more equal then others....
Service Providers
• the SURFconext platform does connect to Service Providers directly
• SURFconext acts as the sole IdP→ as the platform is a proxy, it will redirect users to the real IdP, if required
• Join SURFfederatie as an SP
• Or use eduGain (Geant3)
• Meet the technical requirments
InspirationInspiration
- Sakai OAE,
- Role Project,
- Warwick,
- UTwente
- SciVerse,
- OGCE portal
- Apache Rave