Description of the work
Additionally, it is preferable to hook non web-based services into (web-based) federations that have already been established. In this talk we present FACIUS (Federated Access Control Integration for Universal Services), an approach to integrate non web-based services into widely deployed SAML federations. The focus of our concept lies on deployability, i.e., the minimization of interference with existing service deployments, the perpetuation of usabilty and the immutabilty of already deployed SAML identity providers. The approach has already been successfully applied to federate SSH access to cluster/grid ressources based on a SAML federation consisting of nine universities of the state of Baden-Württemberg (Germany) in the context of the bwIDM project.
Wider impact of this work
Federated authentication and authorisation infrastructures (AAIs) for web-based services are already well established and yield advantages such as enhanced usability and improved quality of identity information. Non web-based services such as grid resources could benefit from federated identity management in a similiar way web-based services do. However, web-based approaches such as the Security Assertion Markup Language (SAML) commonly rely on the versatile user interface as well as the HTTP protocol implementation of web browsers and are thus not seamlessly applicable for non web-based services. Furthermore, a clean slate approach to build federation technologies for non web-based services is not viable, as it has to be taken into account that most services to be federated are already deployed and operational.