presentatie code jam niels van dijk

SURFconext codeJamNiels van Dijk, Technical Product Manager SURFconext

Utrecht, November 2011

The Collaboration game

Modern universities are developing towards loose

conglomerates of (inter)discipline expertise

→ Collaboration is therefore core business

→ Scientific collaboration involves groups of people

in multiple institutions, disciplines and countries

→ Collaboration is about using shared resources

A distributed landscape

Learning and science combines resources from

multiple sources:

→ The core resources are within the 'local' domain,

but may be within multiple institutions

→ and the generic collaboration services in 'the

cloud'

SURFconext componentsSURFconext components

Functional componentsFunctional components

Basic Concepts

- Identity Federations, SAML and attributesIn: AuthN and attributesOut: AuthN, attributes and OpenSocial API

- GroupsIn: SURFteams & external sourcesOut: OpenSocial API

- OpenSocial, Gadgets, Social Data API and oAuthIn: attributesOut: OpenSocial API

Identity federations

Source: David Simonsen, WAYF

Attributes

Mapping SAML → OpenSocial

Groups

- Groups are either managed centrally (SURFteams),

or provided by institutions

- Any acceptable user can become a group 'admin'

- Groups provide context for applications

(but applications decide on AuthZ!)

SURFteams

https://www.surfteams.nl

SURFteams Gadget

OpenSocial ?

- General purpose web integration technology ('Gadgets')

- Open 'Social Data' API for exchanging information on people, groups, activities, etc (Javascript and REST API)

- But also:- Lightweight, '2.0' complient and 'Easy'- Open standard, browser based components- Vendor neutral & platform independent- Large user community → wide spread adoption- Uptake moving from Social Networks to R&E and

Enterprise

OpenSocial - overviewOpenSocial - overview

App’s Virtual Organization ConsumersApp’s Virtual Organization Consumers ‘ ‘Social Network’Social Network’

OpenSocial - GadgetsOpenSocial - Gadgets

Gadget APIGadget API

- Browser based- Browser based- Lightweight- Lightweight- Optimized for the internet- Optimized for the internet- Can be anywhere- Can be anywhere

<?xml version="1.0" encoding="UTF-8" ?> <Module> <ModulePrefs title="Hello World!"> <Require feature="opensocial-0.8" /> </ModulePrefs> <Content type="html"> <![CDATA[ Hello, world! ]]> </Content> </Module>

OpenSocial – Gadget TypesOpenSocial – Gadget Types

- Iframe Gadget vs

- 'Full blown' gadgets (using REST API, Javascript OSAPI)

Iframe GadgetsIframe Gadgets

+ Much easier to develop

+ Leverage SAML SSO for AuthN

- Content lives remote

- NO context

- Potential GUI clashes

SURFteams – Again...

https://www.surfteams.nl

SURFteams Gadget

Javascript GadgetsJavascript Gadgets

+ Context (Person, Group)

+ Data is 'local'

+ Much more flexibility

+ GUI independent

? OAuth for authentication

- More work to develop

Social Data APISocial Data API

Provides API for exchanging ‘social data’, e.g.: Provides API for exchanging ‘social data’, e.g.: - People & Profiles (attributes)- Groups & Relationships- Activities & messages - Shared applications - Authentication (OAuth)(OAuth)

OAuth

- RFC 5849: The OAuth 1.0 Protocol

- Webservice (REST) authentication framework

- SURFconext supports

2 and 3 legged OAuth

2-legged OAuth

2-legged OAuth:

1) SURFconext and

2) an Application server

http://wiki.opensocial.org/index.php?title=OAuth_Use_Cases

3-legged OAuth

3-legged OAuth:

1) SURFconext and

2) an Application server

3) plus an authenticated user

http://wiki.opensocial.org/index.php?title=OAuth_Use_Cases

Get Conexted!

• Connexting an Identity provider

• Connexting a Service provider

• Providing Gadgets

• Leveraging the REST API (& using OAuth)

• Domestication

Identity providers

• The SURFconext platform does not connect to Identity Providers directly*

• But, it is a Service Provider in SURFfederatie

• So, either join SURFfederatie as an IdP

• Or use eduGain (Geant3)

• SURFconext SP metadatahttps://engine.surfconext.nl/authentication/sp/metadata

* that is, some are more equal then others....

https://engine.surfconext.nl/authentication/sp/metadata

Service Providers

• the SURFconext platform does connect to Service Providers directly

• SURFconext acts as the sole IdP→ as the platform is a proxy, it will redirect users to the real IdP, if required

• Join SURFfederatie as an SP

• Or use eduGain (Geant3)

• Meet the technical requirments

InspirationInspiration

- Sakai OAE,

- Role Project,

- Warwick,

- UTwente

- SciVerse,

- OGCE portal

- Apache Rave

http://sakaiproject.org/node/2239

http://www.role-project.eu/

https://start.warwick.ac.uk/

http://my.utwente.nl/

http://www.hub.sciverse.com/action/home/proceed

http://www.collab-ogce.org/ogce/index.php/OGCE_Gadget_Container

http://incubator.apache.org/rave/

Questions?

[email protected]@surfnet.nl

mailto:[email protected]

presentatie code jam niels van dijk

Technology

opensocial api opensocial

opensocial api groups

groups groups

social data apiprovides

surfconext components

oauth rfc

legged oauth2legged

legged oauth3legged