SlideShare a Scribd company logo

IDP IN THE CLOUD a solution to facilitate the access of research communities to collaborative infrastructures

Maria Laura (Lalla) Mantovani
Maria Laura (Lalla) Mantovani

GARR has deployed a cloud platform (OpenStack), which allows to instantiate IDP on demand. The demand for a new IDP is processed by a workflow based on Puppet recipes that creates a new virtual machine, deploys and configures the “IDP in the Cloud” in few minutes. On the virtual machine, besides the IDP, you can also have the LDAP server and a web interface for e-identities administration. Each IDP will be joined to IDEM Federation, the Federation of Italian Authentication and Authorization Infrastructures for Education and Research.

TechnologyEducation
1 of 36
Download to read offline
Good afternoon. I’m Lalla Mantovani from GARR, the Italian Research and Education Network, and I’m the coordinator of IDEM, the Italian Identity Federation for Research and Education. The title of my presentation is «IDP in the Cloud: a solution to facilitate the access of research communities to collaborative infrastructures». 1 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
My presentation will touch the following points: • The description of the problem. • Who is the subject that can take charge of this problem. • A use case, a community of researchers that need to get an answer to this problem. • Then the solution that we offer to the problem and our achievements. • And, at the end, the possibility of reusing our solution by other communities. 2 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
The problem is highlighted by the goal declared for this workshop: to foster the deployment of identity management and collaboration tools within the research community. We want to focus on the deployment of identity management tools, because as declared by the AAA study carried out by Terena, together with other partners: “to date, most NRENs in Europe offer federated access for their users. However, the level of deployment, in particular the participation of institutions to federations is below the desired level. The low level of identity providers joined to the federations triggers a vicious cycle, a sort of chicken and egg problem, where services, potential service providers, don’t join the federations because their users don’t hold a federated identity. And organizations don’t join the federations because in the federations there are not the services that users need. We want to exit from this vicious cycle. 3 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
So, the problem is: how to lower the barrier for organizations in order to join federations. Who is the subject that can take charge of this problem? We believe this should be someone who: • is aware of identity federations in the Research and education field. • Someone who deals with organizations. • Someone who deals with scholars’ communities. • Someone who manages e-infrastructures. 4 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
GARR is the NREN in Italy. GARR already manages IDEM identity federation. To date 41 home organizations have joined IDEM Federation, delivering about 3 million of federated identities. Also 20 partner’s organizations have joined IDEM bringing along their resources. IDEM federation to date counts 88 service providers and 48 identity providers. Moreover IDEM is member of eduGAIN. So we can state that GARR is aware about identity federations. 5 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
GARR’s network interconnects about 5 hundred organizations in Italy, so we can state that GARR deals with organizations. The number of 41 organizations that already joined IDEM Federation confirms the low level of identity providers deployment and the amount of work that still has to be done. 6 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
GARR participates also in research projects as an e-infrastructure partner, both at national and at international level, so GARR has to deal with research communities, especially in the fields of Physics, Health & Bio-medicine and Cultural heritage. 7 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
Taking into account also the recommendations coming from the AAA study, GARR and IDEM, as the Italian identity federation operator, felt to be called into action, and have considered how to offer a ready-to-use solution to Organizations that haven’t joined IDEM yet. The solution should hide technical complexity from the users and also from organizations. 8 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
Thanks to collaborations that GARR keeps with the world of biomedical research, we became aware of the National Biomedical Research Database: a web-based service used for the project funds management for biomedical research in Italy. 15 thousand users have access to the database from 80 different organizations. The organizations can be considered small as, on average, we have 2 hundred researchers interested in this service for each organization. This is a classical use case for service providers because from the point of view of the resource there are too many users to manage and keep up to date, and from the point of view of the users, they would like easy access to additional services: like library resources, collaboration tools like Videoconference service, or large size file sharing outside domain boundaries. 9 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
Who are the users of the national biomedical research database? How is this users’ community made? They are researchers in the fields of bio-medicine, health and nutrition not all of them belonging to Universities, but rather to different Organizations, like research hospitals. In addition other users are also reviewers of the projects and fund managers. In a total number of 81 Home Organizations: 58 of them belong to the R&E sector, of these: 47 are research hospitals (IRCCS). 10 are nutrition & health institutes (IZS). 1 is the National Institute of Health. 23 don’t belong to R&E sector. Due to the lack of ICT resources, these Home Organizations need service support in ICT Due to access policies, GARR can support only R&E Organizations (58/81) --------------------- IZS = they control livestock holdings 10 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
If we consider only the 58 Organizations belonging to R&E sector that want to connect to the database, a possible traditional solution could be: To Make the web service a Service Provider. To Deploy an Identity Provider in each organization (58). To Register the SP and the IDPs to IDEM Federation. If the first and the last tasks could be somewhat easy, the second task could be very hard to achieve for these Organizations. 11 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
The troubles that these organizations come up against in deploying their own Identity Provider inside the organization are due to the facts that: Home Organizations are small. Or often only a comparatively small number of users in the organization needs to access a certain federated service, thus, in many cases they lack the critical mass which would motivate the setup of an IDP In addition organizations’ focus is not on Information Technology. They have few resources to manage information systems. They lack motivation to drive organizational changes, as the Identity Management requires. 12 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
As the goal of the project is to make easy the deployment and management of the identity providers, minimizing the activities and the complexity for home organizations, the solution that we point is a ready-to-use identity management system offered as a service including an identity provider as a service, bundled together. We call this solution IDP in the Cloud. 13 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
The solution is not only technical matter. IDP in the Cloud is only a part of an Agreement between the Ministry of Health, 55 Organizations among the total of them (research hospitals and health institutes), and GARR. The technical part of the solution was to build the Out of the box “IDP in the Cloud”, that could hide the technical complexity. Also our aim was to design a platform that satisfies IDEM and eduGAIN policy requirements. So we had to tackle contractual matters, technical matters and policy matters. 14 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
The agreement between GARR and the Ministry of health is a multi-year framework agreement where GARR provides the Ministry site and 55 Organizations high bandwidth connectivity to GARR-X network. In the framework agreement GARR provides also a set of advanced applications and network services, distributed storage, large files sharing, High definition Multi Video Conference, etc. Among these advanced applications there is also the provision of one IDP in the Cloud for each organization. 15 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
The IDP in the cloud technical solution is an Appliance as a Service, i.e. a virtual machine in the GARR cloud that includes a set of preconfigured services. These services are: Shibboleth IDP, uApprove, A Custom login page, Apache2, OpenLDAP, phpLDAPadmin, MySQL, iptables, rsyslog, Nagios, Collectd The system management of the Virtual Machine is in charge of GARR. From the point of view of the organization, the organization must appoint an internal person that will be in charge of managing identities for the organization itself through a web interface. The interface is made using phpLDAPadmin with appropriate customizations that make easy to fill data of identities to manage. Data are stored in an LDAP directory and used by the IDP, making possible for the end users to get access to resources registered in IDEM and in eduGAIN federations. 16 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
We had a lot of issues to be faced How can GARR deal with the deployment of hundreds of new systems with limited human resources? How can GARR deal with the response time when a user requests the IDP? How can GARR manage hundreds of systems with limited human resources? How can GARR deal with personal data protection (including backup and disaster recovery)? 17 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
In order to offer a reliable service, with storage located in Italy, for privacy issues, GARR decided to build its own Cloud infrastructure to have a fault tolerant and resilient system where we could offer advanced servers and services in “as a Service” fashion. This infrastructure is made of 12 physical nodes. Each node has 64GB RAM and esa-core CPU with hyper-threading. The nodes are geographically distributed on two distant sites to maximize resilience in case of fault of systems or communication. 18 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
The GARR Cloud is built using OpenStack platform on Ubuntu Server distributions. The storage present on the nodes is managed with GlusterFS in the distributed and replicated mode for the volumes. This ensures the data availability and the resilience. 19 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
Openstack is configured for using 2 controllers, located in the 2 different sites of the cloud, that control the set of nodes. The image shows the redundancy and resilience also in communications. 20 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
The problem of deployment and management of hundreds of potential systems in the cloud was tackled automatizing and optimizing the provisioning process. In this image we see a comparison of times of single steps necessary for the provisioning of the IDP on the left during a manual process and on the right during an automatized process using openstack features and puppet recipes. Thanks to openstack features the time for the first 2 steps for VM provisioning and OS installation and configuration is reduced from one hour and an half to 15 minutes. Thanks to Puppet recipes the time for the next 3 steps: Install of SW prerequisites, Install of Shibboleth and other software, Configuration of Shibboleth (with LDAP and MySQL, and others) is reduced from 55 minutes to 2 minutes. So the provisioning total time of the IDP in the Cloud machine is reduced from 2 hours and 25 minutes to 17 minutes. 21 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
This slide just shows some screenshots of the monitoring tools that we use to control the cloud, the hosts provided, and the running services. 22 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
This image represents the workflow for the «IDP in the Cloud» provisioning, starting from the request coming from the home organization until the registration in the production IDEM Federation. You all know that registering an entity in a Federation requires an agreement signed by the organization, acceptance of policies, provision of information, descriptions, logos, a lot of stuff, and at the end the compliance audit has to be done by the federation operator. We want to point out that the automated «IDP in the Cloud» VM provisioning, that we described just before, in this workflow is represented here. For the success of the project with this community, to reach the goal of having really working Identity Providers, we realized that we have to focus on customer care both in the pre- provisioning phase and in the post-provisioning phase. The workflow is long and complex, but we tried to minimize the points where we ask something to home organizations. These points are indicated with the light blue boxes. While the green boxes represent automated processes. The white boxes represent steps in charge of GARR. 23 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
These are some federation issues that we faced, better explained in the next slides. 24 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
To obtain the compliance with IDEM requirements we tutor the Organization on a simplified joining procedure in order to: Fill and Sign the «Member Accession Form» Fill and Sign the «IDP Registration Request» Provide info for entity Metadata (logos, descriptions, …) Fill and sign the Identity Management Practice Statement, that is something about LoA declaration In this way we tried also to lower the legal barrier, simplifying the legal stuff offering prefilled documents ready to be signed. 25 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
To obtain eduGAIN compliance and enable end users to access eduGAIN services, we create metadata entities and identities attributes that follow the eduGAIN metadata profile and the edugain attribute profile. Pointing on attributes, all eduGAIN recommended attributes are implemented in the LDAP directory and the web form for the IDP administrators helps in filling their values. The controlled vocabulary on Affiliation and OrganizationType is also implemented. Thanks to the ordinary requirements necessary to join IDEM Federation we obtain something more than a basic level of assurance. 26 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
Having the IDPs in the Cloud, in some way under our central design, we can ensure a proper attributes harmonization between all the IDPs of the community. For these IDPs we implement all the attributes recommended by IDEM, by eduGAIN and for attributes required by the community like a personal persistent unique identifier we decided for a broad use of the schacPersonalUniqueID attribute. (the value is the unique identifier used for taxation in Italy). 27 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
We also wanted to be compliant with refeds discovery guide so the IDP’s metadata are enriched with names and logos to be ready for smart discovery services. Moreover the IDP login page is designed for co-branding with the SP, taking a lot of user interface information from the SP metadata and displaying them on the IDP login page. 28 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
The state of the art. We started last November with the announce of the project. And in March we had the HW in place. The deployment of the cloud infrastructure took 3 months. And at the end of June we started deploying the IDPs in the cloud. To date we have 3 organizations that have requested their IDP in the cloud. So to date we have 5 IDPs running in the cloud, 2 for tests, and 3 for the organizations that already requested them. Our cloud infrastructure is designed to host 2 hundred and 50 IDPs, so there is still a lot of space. 29 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
At the end we are getting successful results for this use case: THE NATIONAL BIOMEDICAL RESEARCH DATABASE is now a service provider federated in IDEM. Home organizations can now easily obtain IDPs federated in IDEM and eduGAIN for their users. Regarding a Home for the homeless, a dedicated IDP for this community is running. But there are very few people left outside from organizations. 30 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
The whole Italian research community in the field of Bio-Medicine and Health will be provided with federated (and inter-federated) identities. This community could be interested to get access to other resources, so we think that there could be resources interested in offering federated access to this community. And other projects could be interested too. We think about the bio banks for example. The availability of a whole community of researchers provided with federated identities could be a good reason to put efforts in connecting resources to federations. 31 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
From the communities side. We are looking for more communities that could be interested in the «IDP in the cloud» service. A candidate could be the Digital Cultural Heritage Community. This community in Italy is very spread all over the nation in museums, archives and libraries. They begin to be more and more involved in collaboration projects. So they could be potentially interested. 32 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
There could be also other international projects that could be interested in the «IDP in the cloud» offer. Among the others, Garr is involved in two projects whose aim is to foster the usage of interoperable e-infrastructures and services, and which, in our opinion, could greatly benefit from this solution: these projects are Elcira and Chain-reds. The Elcira project aims at coordinating tools and services to enhance collaboration between Europe and Latin America in research activities. Members of the project are RedCLARA, the association of the NRENs in Latin America, DANTE, TERENA and the NRENs of Brazil, Colombia, Italy and Spain. The image on the left highlights the nations that refer to redCLARA. One of the goals of the Elcira project is to set up the national identity federations in Latin America. At the same time the Chain-reds project aims at promoting and supporting technological and scientific collaboration across different e-Infrastructures established and operated in various continents. Among members of Chain-reds project there are the Ubuntu Net Alliance that involves several African countries, and ASREN that coordinates the south Mediterranean and Middle-East NRENs. For Italy the National Institute of Physics is member of this project and GARR is a subcontractor. Both the projects focus on collaboration infrastructures and the way to access the collaboration platforms is a real issue to tackle. We think that the “IDP in the cloud” offer could be a mean to boost collaboration and speed up the rise of national federations in these countries. 33 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
Having experience in offering cloud services as IDP in the cloud, that is an IDP as a Service, for GARR becomes natural to offer other kinds of System as a Service, mainly the ones bound to Federations: for example the Resource Registry, the Metadata aggregator and the medatata distribution service, or the Discovery Service. This could become in the near future a Federation as a Service offer. 34 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
35 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
36 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD

Recommended

NHS
NHSNHS
NHSSam Dixon
 
Affiliate marketing – the new internet income phenomenon
Affiliate marketing – the new internet income phenomenonAffiliate marketing – the new internet income phenomenon
Affiliate marketing – the new internet income phenomenoncavideobranding
 
Bentobox exercise
Bentobox exerciseBentobox exercise
Bentobox exerciseRails Girls Zurich
 
Great Oaks Rezoning
Great Oaks RezoningGreat Oaks Rezoning
Great Oaks RezoningCity of College Station
 
Facebook
FacebookFacebook
FacebookBayan Alzaq
 
State bank of mysore c n halli
State bank of mysore c n halliState bank of mysore c n halli
State bank of mysore c n halliD K Associates
 
Photo shots
Photo shotsPhoto shots
Photo shotsecsmedia
 
L5
L5L5
L5listergc
 

Recommended

NHS
NHSNHS
NHSSam Dixon
 
Affiliate marketing – the new internet income phenomenon
Affiliate marketing – the new internet income phenomenonAffiliate marketing – the new internet income phenomenon
Affiliate marketing – the new internet income phenomenoncavideobranding
 
Bentobox exercise
Bentobox exerciseBentobox exercise
Bentobox exerciseRails Girls Zurich
 
Great Oaks Rezoning
Great Oaks RezoningGreat Oaks Rezoning
Great Oaks RezoningCity of College Station
 
Facebook
FacebookFacebook
FacebookBayan Alzaq
 
State bank of mysore c n halli
State bank of mysore c n halliState bank of mysore c n halli
State bank of mysore c n halliD K Associates
 
Photo shots
Photo shotsPhoto shots
Photo shotsecsmedia
 
L5
L5L5
L5listergc
 
MARIO Project Presentation - 10 March 2015
MARIO Project Presentation - 10 March 2015MARIO Project Presentation - 10 March 2015
MARIO Project Presentation - 10 March 2015Ilias Trochidis
 
ICWI_2002 (1).pdf
ICWI_2002 (1).pdfICWI_2002 (1).pdf
ICWI_2002 (1).pdfLisa Henriques
 
Co summit artemis cnit
Co summit artemis cnitCo summit artemis cnit
Co summit artemis cnitReporter du monde RDM-ROW Reporter Of World
 
Announcer Model For Inter-Organizational Systems
Announcer Model For Inter-Organizational SystemsAnnouncer Model For Inter-Organizational Systems
Announcer Model For Inter-Organizational SystemsTye Rausch
 
Semic 2016 highlight report
Semic 2016 highlight reportSemic 2016 highlight report
Semic 2016 highlight reportSemic.eu
 
New skills for information professionals in knowledge intensive organizations...
New skills for information professionals in knowledge intensive organizations...New skills for information professionals in knowledge intensive organizations...
New skills for information professionals in knowledge intensive organizations...Universitat Oberta de Catalunya (UOC)
 
Winning ITNs with RRI - Relevant sources and further reading
Winning ITNs with RRI - Relevant sources and further readingWinning ITNs with RRI - Relevant sources and further reading
Winning ITNs with RRI - Relevant sources and further readingJobenco
 
20141221_005510.jpg__MACOSX._20141221_005510.jpg2014122.docx
20141221_005510.jpg__MACOSX._20141221_005510.jpg2014122.docx20141221_005510.jpg__MACOSX._20141221_005510.jpg2014122.docx
20141221_005510.jpg__MACOSX._20141221_005510.jpg2014122.docxeugeniadean34240
 
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-decke-SIDES.eu
 
Multidisciplinary modelling of complex service networks, CASE: service networ...
Multidisciplinary modelling of complex service networks, CASE: service networ...Multidisciplinary modelling of complex service networks, CASE: service networ...
Multidisciplinary modelling of complex service networks, CASE: service networ...International Society of Service Innovation Professionals
 
From Crowdsourcing to BigData - how ePatients, and their machines, are transf...
From Crowdsourcing to BigData - how ePatients, and their machines, are transf...From Crowdsourcing to BigData - how ePatients, and their machines, are transf...
From Crowdsourcing to BigData - how ePatients, and their machines, are transf...Ferdinando Scala
 
Research Data Alliance: Current Activities and Expected Impact
Research Data Alliance: Current Activities and Expected ImpactResearch Data Alliance: Current Activities and Expected Impact
Research Data Alliance: Current Activities and Expected ImpactHerman Stehouwer
 
Oxford_ImpactConference_2023_Rets_et_al.pptx
Oxford_ImpactConference_2023_Rets_et_al.pptxOxford_ImpactConference_2023_Rets_et_al.pptx
Oxford_ImpactConference_2023_Rets_et_al.pptxIrina Rets
 
The Emerge Show02 Ng Ti P
The Emerge Show02 Ng Ti PThe Emerge Show02 Ng Ti P
The Emerge Show02 Ng Ti PGeorge Roberts
 
ict and pwd complementary benefits
ict and pwd complementary benefits ict and pwd complementary benefits
ict and pwd complementary benefitsomko
 
SOME-day
SOME-daySOME-day
SOME-dayJari Jussila
 
Toyota contest questions
Toyota contest questionsToyota contest questions
Toyota contest questionsAndrea Depalo
 
Laurea UAS @SmartLab13 Conference in Lecce 27092013
Laurea UAS @SmartLab13 Conference in Lecce 27092013Laurea UAS @SmartLab13 Conference in Lecce 27092013
Laurea UAS @SmartLab13 Conference in Lecce 27092013Laurea University of Applied Sciences RDI
 
Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...Eftychia Chalvatzi
 
Driving collaboration - OPEN DEI
Driving collaboration - OPEN DEIDriving collaboration - OPEN DEI
Driving collaboration - OPEN DEIOPEN DEI
 
"Infrastrutture di autenticazione e autorizzazione" e "La federazione IDEM"
"Infrastrutture di autenticazione e autorizzazione" e "La federazione IDEM""Infrastrutture di autenticazione e autorizzazione" e "La federazione IDEM"
"Infrastrutture di autenticazione e autorizzazione" e "La federazione IDEM"Maria Laura (Lalla) Mantovani
 
Collaborare con facilità on line su molteplici piattaforme e con strumenti di...
Collaborare con facilità on line su molteplici piattaforme e con strumenti di...Collaborare con facilità on line su molteplici piattaforme e con strumenti di...
Collaborare con facilità on line su molteplici piattaforme e con strumenti di...Maria Laura (Lalla) Mantovani
 

More Related Content

Similar to IDP IN THE CLOUD a solution to facilitate the access of research communities to collaborative infrastructures

MARIO Project Presentation - 10 March 2015
MARIO Project Presentation - 10 March 2015MARIO Project Presentation - 10 March 2015
MARIO Project Presentation - 10 March 2015Ilias Trochidis
 
Announcer Model For Inter-Organizational Systems
Announcer Model For Inter-Organizational SystemsAnnouncer Model For Inter-Organizational Systems
Announcer Model For Inter-Organizational SystemsTye Rausch
 
Semic 2016 highlight report
Semic 2016 highlight reportSemic 2016 highlight report
Semic 2016 highlight reportSemic.eu
 
New skills for information professionals in knowledge intensive organizations...
New skills for information professionals in knowledge intensive organizations...New skills for information professionals in knowledge intensive organizations...
New skills for information professionals in knowledge intensive organizations...Universitat Oberta de Catalunya (UOC)
 
Winning ITNs with RRI - Relevant sources and further reading
Winning ITNs with RRI - Relevant sources and further readingWinning ITNs with RRI - Relevant sources and further reading
Winning ITNs with RRI - Relevant sources and further readingJobenco
 
20141221_005510.jpg__MACOSX._20141221_005510.jpg2014122.docx
20141221_005510.jpg__MACOSX._20141221_005510.jpg2014122.docx20141221_005510.jpg__MACOSX._20141221_005510.jpg2014122.docx
20141221_005510.jpg__MACOSX._20141221_005510.jpg2014122.docxeugeniadean34240
 
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-decke-SIDES.eu
 
From Crowdsourcing to BigData - how ePatients, and their machines, are transf...
From Crowdsourcing to BigData - how ePatients, and their machines, are transf...From Crowdsourcing to BigData - how ePatients, and their machines, are transf...
From Crowdsourcing to BigData - how ePatients, and their machines, are transf...Ferdinando Scala
 
Research Data Alliance: Current Activities and Expected Impact
Research Data Alliance: Current Activities and Expected ImpactResearch Data Alliance: Current Activities and Expected Impact
Research Data Alliance: Current Activities and Expected ImpactHerman Stehouwer
 
Oxford_ImpactConference_2023_Rets_et_al.pptx
Oxford_ImpactConference_2023_Rets_et_al.pptxOxford_ImpactConference_2023_Rets_et_al.pptx
Oxford_ImpactConference_2023_Rets_et_al.pptxIrina Rets
 
The Emerge Show02 Ng Ti P
The Emerge Show02 Ng Ti PThe Emerge Show02 Ng Ti P
The Emerge Show02 Ng Ti PGeorge Roberts
 
ict and pwd complementary benefits
ict and pwd complementary benefits ict and pwd complementary benefits
ict and pwd complementary benefitsomko
 
Toyota contest questions
Toyota contest questionsToyota contest questions
Toyota contest questionsAndrea Depalo
 
Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...Eftychia Chalvatzi
 
Driving collaboration - OPEN DEI
Driving collaboration - OPEN DEIDriving collaboration - OPEN DEI
Driving collaboration - OPEN DEIOPEN DEI
 

Similar to IDP IN THE CLOUD a solution to facilitate the access of research communities to collaborative infrastructures (20)

MARIO Project Presentation - 10 March 2015
MARIO Project Presentation - 10 March 2015MARIO Project Presentation - 10 March 2015
MARIO Project Presentation - 10 March 2015
 
ICWI_2002 (1).pdf
ICWI_2002 (1).pdfICWI_2002 (1).pdf
ICWI_2002 (1).pdf
 
Co summit artemis cnit
Co summit artemis cnitCo summit artemis cnit
Co summit artemis cnit
 
Announcer Model For Inter-Organizational Systems
Announcer Model For Inter-Organizational SystemsAnnouncer Model For Inter-Organizational Systems
Announcer Model For Inter-Organizational Systems
 
Semic 2016 highlight report
Semic 2016 highlight reportSemic 2016 highlight report
Semic 2016 highlight report
 
New skills for information professionals in knowledge intensive organizations...
New skills for information professionals in knowledge intensive organizations...New skills for information professionals in knowledge intensive organizations...
New skills for information professionals in knowledge intensive organizations...
 
Winning ITNs with RRI - Relevant sources and further reading
Winning ITNs with RRI - Relevant sources and further readingWinning ITNs with RRI - Relevant sources and further reading
Winning ITNs with RRI - Relevant sources and further reading
 
20141221_005510.jpg__MACOSX._20141221_005510.jpg2014122.docx
20141221_005510.jpg__MACOSX._20141221_005510.jpg2014122.docx20141221_005510.jpg__MACOSX._20141221_005510.jpg2014122.docx
20141221_005510.jpg__MACOSX._20141221_005510.jpg2014122.docx
 
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
 
Multidisciplinary modelling of complex service networks, CASE: service networ...
Multidisciplinary modelling of complex service networks, CASE: service networ...Multidisciplinary modelling of complex service networks, CASE: service networ...
Multidisciplinary modelling of complex service networks, CASE: service networ...
 
From Crowdsourcing to BigData - how ePatients, and their machines, are transf...
From Crowdsourcing to BigData - how ePatients, and their machines, are transf...From Crowdsourcing to BigData - how ePatients, and their machines, are transf...
From Crowdsourcing to BigData - how ePatients, and their machines, are transf...
 
Research Data Alliance: Current Activities and Expected Impact
Research Data Alliance: Current Activities and Expected ImpactResearch Data Alliance: Current Activities and Expected Impact
Research Data Alliance: Current Activities and Expected Impact
 
Oxford_ImpactConference_2023_Rets_et_al.pptx
Oxford_ImpactConference_2023_Rets_et_al.pptxOxford_ImpactConference_2023_Rets_et_al.pptx
Oxford_ImpactConference_2023_Rets_et_al.pptx
 
The Emerge Show02 Ng Ti P
The Emerge Show02 Ng Ti PThe Emerge Show02 Ng Ti P
The Emerge Show02 Ng Ti P
 
ict and pwd complementary benefits
ict and pwd complementary benefits ict and pwd complementary benefits
ict and pwd complementary benefits
 
SOME-day
SOME-daySOME-day
SOME-day
 
Toyota contest questions
Toyota contest questionsToyota contest questions
Toyota contest questions
 
Laurea UAS @SmartLab13 Conference in Lecce 27092013
Laurea UAS @SmartLab13 Conference in Lecce 27092013Laurea UAS @SmartLab13 Conference in Lecce 27092013
Laurea UAS @SmartLab13 Conference in Lecce 27092013
 
Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...
 
Driving collaboration - OPEN DEI
Driving collaboration - OPEN DEIDriving collaboration - OPEN DEI
Driving collaboration - OPEN DEI
 

More from Maria Laura (Lalla) Mantovani

"Infrastrutture di autenticazione e autorizzazione" e "La federazione IDEM"
"Infrastrutture di autenticazione e autorizzazione" e "La federazione IDEM""Infrastrutture di autenticazione e autorizzazione" e "La federazione IDEM"
"Infrastrutture di autenticazione e autorizzazione" e "La federazione IDEM"Maria Laura (Lalla) Mantovani
 
Collaborare con facilità on line su molteplici piattaforme e con strumenti di...
Collaborare con facilità on line su molteplici piattaforme e con strumenti di...Collaborare con facilità on line su molteplici piattaforme e con strumenti di...
Collaborare con facilità on line su molteplici piattaforme e con strumenti di...Maria Laura (Lalla) Mantovani
 
Collaborare on line Strumenti per facilitare la gestione di gruppi di lavoro ...
Collaborare on line Strumenti per facilitare la gestione di gruppi di lavoro ...Collaborare on line Strumenti per facilitare la gestione di gruppi di lavoro ...
Collaborare on line Strumenti per facilitare la gestione di gruppi di lavoro ...Maria Laura (Lalla) Mantovani
 
Identità digitali e servizi federati: SPID-IDEM quali opportunità? La federaz...
Identità digitali e servizi federati: SPID-IDEM quali opportunità? La federaz...Identità digitali e servizi federati: SPID-IDEM quali opportunità? La federaz...
Identità digitali e servizi federati: SPID-IDEM quali opportunità? La federaz...Maria Laura (Lalla) Mantovani
 
Gestione federata dell’identità dall’università alla scuola digitale e access...
Gestione federata dell’identità dall’università alla scuola digitale e access...Gestione federata dell’identità dall’università alla scuola digitale e access...
Gestione federata dell’identità dall’università alla scuola digitale e access...Maria Laura (Lalla) Mantovani
 

More from Maria Laura (Lalla) Mantovani (8)

"Infrastrutture di autenticazione e autorizzazione" e "La federazione IDEM"
"Infrastrutture di autenticazione e autorizzazione" e "La federazione IDEM""Infrastrutture di autenticazione e autorizzazione" e "La federazione IDEM"
"Infrastrutture di autenticazione e autorizzazione" e "La federazione IDEM"
 
Collaborare con facilità on line su molteplici piattaforme e con strumenti di...
Collaborare con facilità on line su molteplici piattaforme e con strumenti di...Collaborare con facilità on line su molteplici piattaforme e con strumenti di...
Collaborare con facilità on line su molteplici piattaforme e con strumenti di...
 
Collaborare on line Strumenti per facilitare la gestione di gruppi di lavoro ...
Collaborare on line Strumenti per facilitare la gestione di gruppi di lavoro ...Collaborare on line Strumenti per facilitare la gestione di gruppi di lavoro ...
Collaborare on line Strumenti per facilitare la gestione di gruppi di lavoro ...
 
Identità digitali e servizi federati: SPID-IDEM quali opportunità? La federaz...
Identità digitali e servizi federati: SPID-IDEM quali opportunità? La federaz...Identità digitali e servizi federati: SPID-IDEM quali opportunità? La federaz...
Identità digitali e servizi federati: SPID-IDEM quali opportunità? La federaz...
 
Incontro Congiunto CDI-CTS IDEM
Incontro Congiunto CDI-CTS IDEM Incontro Congiunto CDI-CTS IDEM
Incontro Congiunto CDI-CTS IDEM
 
Gestione federata dell’identità dall’università alla scuola digitale e access...
Gestione federata dell’identità dall’università alla scuola digitale e access...Gestione federata dell’identità dall’università alla scuola digitale e access...
Gestione federata dell’identità dall’università alla scuola digitale e access...
 
Mantovani stato dellarteidem2015
Mantovani stato dellarteidem2015Mantovani stato dellarteidem2015
Mantovani stato dellarteidem2015
 
eduGAIN interfederazione senza confini
eduGAIN interfederazione senza confinieduGAIN interfederazione senza confini
eduGAIN interfederazione senza confini
 

Recently uploaded

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

IDP IN THE CLOUD a solution to facilitate the access of research communities to collaborative infrastructures

  • 1. Good afternoon. I’m Lalla Mantovani from GARR, the Italian Research and Education Network, and I’m the coordinator of IDEM, the Italian Identity Federation for Research and Education. The title of my presentation is «IDP in the Cloud: a solution to facilitate the access of research communities to collaborative infrastructures». 1 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 2. My presentation will touch the following points: • The description of the problem. • Who is the subject that can take charge of this problem. • A use case, a community of researchers that need to get an answer to this problem. • Then the solution that we offer to the problem and our achievements. • And, at the end, the possibility of reusing our solution by other communities. 2 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 3. The problem is highlighted by the goal declared for this workshop: to foster the deployment of identity management and collaboration tools within the research community. We want to focus on the deployment of identity management tools, because as declared by the AAA study carried out by Terena, together with other partners: “to date, most NRENs in Europe offer federated access for their users. However, the level of deployment, in particular the participation of institutions to federations is below the desired level. The low level of identity providers joined to the federations triggers a vicious cycle, a sort of chicken and egg problem, where services, potential service providers, don’t join the federations because their users don’t hold a federated identity. And organizations don’t join the federations because in the federations there are not the services that users need. We want to exit from this vicious cycle. 3 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 4. So, the problem is: how to lower the barrier for organizations in order to join federations. Who is the subject that can take charge of this problem? We believe this should be someone who: • is aware of identity federations in the Research and education field. • Someone who deals with organizations. • Someone who deals with scholars’ communities. • Someone who manages e-infrastructures. 4 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 5. GARR is the NREN in Italy. GARR already manages IDEM identity federation. To date 41 home organizations have joined IDEM Federation, delivering about 3 million of federated identities. Also 20 partner’s organizations have joined IDEM bringing along their resources. IDEM federation to date counts 88 service providers and 48 identity providers. Moreover IDEM is member of eduGAIN. So we can state that GARR is aware about identity federations. 5 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 6. GARR’s network interconnects about 5 hundred organizations in Italy, so we can state that GARR deals with organizations. The number of 41 organizations that already joined IDEM Federation confirms the low level of identity providers deployment and the amount of work that still has to be done. 6 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 7. GARR participates also in research projects as an e-infrastructure partner, both at national and at international level, so GARR has to deal with research communities, especially in the fields of Physics, Health & Bio-medicine and Cultural heritage. 7 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 8. Taking into account also the recommendations coming from the AAA study, GARR and IDEM, as the Italian identity federation operator, felt to be called into action, and have considered how to offer a ready-to-use solution to Organizations that haven’t joined IDEM yet. The solution should hide technical complexity from the users and also from organizations. 8 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 9. Thanks to collaborations that GARR keeps with the world of biomedical research, we became aware of the National Biomedical Research Database: a web-based service used for the project funds management for biomedical research in Italy. 15 thousand users have access to the database from 80 different organizations. The organizations can be considered small as, on average, we have 2 hundred researchers interested in this service for each organization. This is a classical use case for service providers because from the point of view of the resource there are too many users to manage and keep up to date, and from the point of view of the users, they would like easy access to additional services: like library resources, collaboration tools like Videoconference service, or large size file sharing outside domain boundaries. 9 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 10. Who are the users of the national biomedical research database? How is this users’ community made? They are researchers in the fields of bio-medicine, health and nutrition not all of them belonging to Universities, but rather to different Organizations, like research hospitals. In addition other users are also reviewers of the projects and fund managers. In a total number of 81 Home Organizations: 58 of them belong to the R&E sector, of these: 47 are research hospitals (IRCCS). 10 are nutrition & health institutes (IZS). 1 is the National Institute of Health. 23 don’t belong to R&E sector. Due to the lack of ICT resources, these Home Organizations need service support in ICT Due to access policies, GARR can support only R&E Organizations (58/81) --------------------- IZS = they control livestock holdings 10 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 11. If we consider only the 58 Organizations belonging to R&E sector that want to connect to the database, a possible traditional solution could be: To Make the web service a Service Provider. To Deploy an Identity Provider in each organization (58). To Register the SP and the IDPs to IDEM Federation. If the first and the last tasks could be somewhat easy, the second task could be very hard to achieve for these Organizations. 11 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 12. The troubles that these organizations come up against in deploying their own Identity Provider inside the organization are due to the facts that: Home Organizations are small. Or often only a comparatively small number of users in the organization needs to access a certain federated service, thus, in many cases they lack the critical mass which would motivate the setup of an IDP In addition organizations’ focus is not on Information Technology. They have few resources to manage information systems. They lack motivation to drive organizational changes, as the Identity Management requires. 12 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 13. As the goal of the project is to make easy the deployment and management of the identity providers, minimizing the activities and the complexity for home organizations, the solution that we point is a ready-to-use identity management system offered as a service including an identity provider as a service, bundled together. We call this solution IDP in the Cloud. 13 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 14. The solution is not only technical matter. IDP in the Cloud is only a part of an Agreement between the Ministry of Health, 55 Organizations among the total of them (research hospitals and health institutes), and GARR. The technical part of the solution was to build the Out of the box “IDP in the Cloud”, that could hide the technical complexity. Also our aim was to design a platform that satisfies IDEM and eduGAIN policy requirements. So we had to tackle contractual matters, technical matters and policy matters. 14 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 15. The agreement between GARR and the Ministry of health is a multi-year framework agreement where GARR provides the Ministry site and 55 Organizations high bandwidth connectivity to GARR-X network. In the framework agreement GARR provides also a set of advanced applications and network services, distributed storage, large files sharing, High definition Multi Video Conference, etc. Among these advanced applications there is also the provision of one IDP in the Cloud for each organization. 15 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 16. The IDP in the cloud technical solution is an Appliance as a Service, i.e. a virtual machine in the GARR cloud that includes a set of preconfigured services. These services are: Shibboleth IDP, uApprove, A Custom login page, Apache2, OpenLDAP, phpLDAPadmin, MySQL, iptables, rsyslog, Nagios, Collectd The system management of the Virtual Machine is in charge of GARR. From the point of view of the organization, the organization must appoint an internal person that will be in charge of managing identities for the organization itself through a web interface. The interface is made using phpLDAPadmin with appropriate customizations that make easy to fill data of identities to manage. Data are stored in an LDAP directory and used by the IDP, making possible for the end users to get access to resources registered in IDEM and in eduGAIN federations. 16 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 17. We had a lot of issues to be faced How can GARR deal with the deployment of hundreds of new systems with limited human resources? How can GARR deal with the response time when a user requests the IDP? How can GARR manage hundreds of systems with limited human resources? How can GARR deal with personal data protection (including backup and disaster recovery)? 17 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 18. In order to offer a reliable service, with storage located in Italy, for privacy issues, GARR decided to build its own Cloud infrastructure to have a fault tolerant and resilient system where we could offer advanced servers and services in “as a Service” fashion. This infrastructure is made of 12 physical nodes. Each node has 64GB RAM and esa-core CPU with hyper-threading. The nodes are geographically distributed on two distant sites to maximize resilience in case of fault of systems or communication. 18 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 19. The GARR Cloud is built using OpenStack platform on Ubuntu Server distributions. The storage present on the nodes is managed with GlusterFS in the distributed and replicated mode for the volumes. This ensures the data availability and the resilience. 19 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 20. Openstack is configured for using 2 controllers, located in the 2 different sites of the cloud, that control the set of nodes. The image shows the redundancy and resilience also in communications. 20 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 21. The problem of deployment and management of hundreds of potential systems in the cloud was tackled automatizing and optimizing the provisioning process. In this image we see a comparison of times of single steps necessary for the provisioning of the IDP on the left during a manual process and on the right during an automatized process using openstack features and puppet recipes. Thanks to openstack features the time for the first 2 steps for VM provisioning and OS installation and configuration is reduced from one hour and an half to 15 minutes. Thanks to Puppet recipes the time for the next 3 steps: Install of SW prerequisites, Install of Shibboleth and other software, Configuration of Shibboleth (with LDAP and MySQL, and others) is reduced from 55 minutes to 2 minutes. So the provisioning total time of the IDP in the Cloud machine is reduced from 2 hours and 25 minutes to 17 minutes. 21 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 22. This slide just shows some screenshots of the monitoring tools that we use to control the cloud, the hosts provided, and the running services. 22 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 23. This image represents the workflow for the «IDP in the Cloud» provisioning, starting from the request coming from the home organization until the registration in the production IDEM Federation. You all know that registering an entity in a Federation requires an agreement signed by the organization, acceptance of policies, provision of information, descriptions, logos, a lot of stuff, and at the end the compliance audit has to be done by the federation operator. We want to point out that the automated «IDP in the Cloud» VM provisioning, that we described just before, in this workflow is represented here. For the success of the project with this community, to reach the goal of having really working Identity Providers, we realized that we have to focus on customer care both in the pre- provisioning phase and in the post-provisioning phase. The workflow is long and complex, but we tried to minimize the points where we ask something to home organizations. These points are indicated with the light blue boxes. While the green boxes represent automated processes. The white boxes represent steps in charge of GARR. 23 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 24. These are some federation issues that we faced, better explained in the next slides. 24 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 25. To obtain the compliance with IDEM requirements we tutor the Organization on a simplified joining procedure in order to: Fill and Sign the «Member Accession Form» Fill and Sign the «IDP Registration Request» Provide info for entity Metadata (logos, descriptions, …) Fill and sign the Identity Management Practice Statement, that is something about LoA declaration In this way we tried also to lower the legal barrier, simplifying the legal stuff offering prefilled documents ready to be signed. 25 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 26. To obtain eduGAIN compliance and enable end users to access eduGAIN services, we create metadata entities and identities attributes that follow the eduGAIN metadata profile and the edugain attribute profile. Pointing on attributes, all eduGAIN recommended attributes are implemented in the LDAP directory and the web form for the IDP administrators helps in filling their values. The controlled vocabulary on Affiliation and OrganizationType is also implemented. Thanks to the ordinary requirements necessary to join IDEM Federation we obtain something more than a basic level of assurance. 26 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 27. Having the IDPs in the Cloud, in some way under our central design, we can ensure a proper attributes harmonization between all the IDPs of the community. For these IDPs we implement all the attributes recommended by IDEM, by eduGAIN and for attributes required by the community like a personal persistent unique identifier we decided for a broad use of the schacPersonalUniqueID attribute. (the value is the unique identifier used for taxation in Italy). 27 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 28. We also wanted to be compliant with refeds discovery guide so the IDP’s metadata are enriched with names and logos to be ready for smart discovery services. Moreover the IDP login page is designed for co-branding with the SP, taking a lot of user interface information from the SP metadata and displaying them on the IDP login page. 28 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 29. The state of the art. We started last November with the announce of the project. And in March we had the HW in place. The deployment of the cloud infrastructure took 3 months. And at the end of June we started deploying the IDPs in the cloud. To date we have 3 organizations that have requested their IDP in the cloud. So to date we have 5 IDPs running in the cloud, 2 for tests, and 3 for the organizations that already requested them. Our cloud infrastructure is designed to host 2 hundred and 50 IDPs, so there is still a lot of space. 29 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 30. At the end we are getting successful results for this use case: THE NATIONAL BIOMEDICAL RESEARCH DATABASE is now a service provider federated in IDEM. Home organizations can now easily obtain IDPs federated in IDEM and eduGAIN for their users. Regarding a Home for the homeless, a dedicated IDP for this community is running. But there are very few people left outside from organizations. 30 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 31. The whole Italian research community in the field of Bio-Medicine and Health will be provided with federated (and inter-federated) identities. This community could be interested to get access to other resources, so we think that there could be resources interested in offering federated access to this community. And other projects could be interested too. We think about the bio banks for example. The availability of a whole community of researchers provided with federated identities could be a good reason to put efforts in connecting resources to federations. 31 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 32. From the communities side. We are looking for more communities that could be interested in the «IDP in the cloud» service. A candidate could be the Digital Cultural Heritage Community. This community in Italy is very spread all over the nation in museums, archives and libraries. They begin to be more and more involved in collaboration projects. So they could be potentially interested. 32 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 33. There could be also other international projects that could be interested in the «IDP in the cloud» offer. Among the others, Garr is involved in two projects whose aim is to foster the usage of interoperable e-infrastructures and services, and which, in our opinion, could greatly benefit from this solution: these projects are Elcira and Chain-reds. The Elcira project aims at coordinating tools and services to enhance collaboration between Europe and Latin America in research activities. Members of the project are RedCLARA, the association of the NRENs in Latin America, DANTE, TERENA and the NRENs of Brazil, Colombia, Italy and Spain. The image on the left highlights the nations that refer to redCLARA. One of the goals of the Elcira project is to set up the national identity federations in Latin America. At the same time the Chain-reds project aims at promoting and supporting technological and scientific collaboration across different e-Infrastructures established and operated in various continents. Among members of Chain-reds project there are the Ubuntu Net Alliance that involves several African countries, and ASREN that coordinates the south Mediterranean and Middle-East NRENs. For Italy the National Institute of Physics is member of this project and GARR is a subcontractor. Both the projects focus on collaboration infrastructures and the way to access the collaboration platforms is a real issue to tackle. We think that the “IDP in the cloud” offer could be a mean to boost collaboration and speed up the rise of national federations in these countries. 33 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 34. Having experience in offering cloud services as IDP in the cloud, that is an IDP as a Service, for GARR becomes natural to offer other kinds of System as a Service, mainly the ones bound to Federations: for example the Resource Registry, the Metadata aggregator and the medatata distribution service, or the Discovery Service. This could become in the near future a Federation as a Service offer. 34 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 35. 35 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD
  • 36. 36 VAMP, Helsinki, 30.09.2013 Lalla Mantovani <marialaura.mantovani@garr.it> GARR & University of Modena and Reggio Emilia IDP IN THE CLOUD