Red IRIS update Middleware activities at the

Red. IRIS update • Middleware activities at the South-western Border Diego R. Lopez

SCHACing and COPing • The use of SCHAC is recommended by Red. IRIS through its iris-* set of schemas § Since the availability of SCHAC IAD release 1 • The COPA coding schema is gaining momentum § Institutional codes of centers in the national council for scientific research and location-aware services • COPA v 2 in beta stage § Enhanced flexibility in virtual view definition • First COPA-aware tools § Si. Le. DAP: http: //sugus. eii. us. es/siledap/ § VOSnav: http: //www. irisgrid. es/vosnav/ TF-EMC 2 Malaga October 2006

pk. IRIS • A web-based interface for managing PKIs § Based on Open. SSL § Coded in PHP § AA (PAPI and potentially others) aware • Full LDAP backend § Extensibility of operations § Access methods based on COPA codes • In use for the EUGrid. PMA-accredited Spanish PKI (pk. IRISGrid) § Beta distributions in use at CICA and UNED (Spain), REUNA (Chile) and UNAM (Mexico) TF-EMC 2 Malaga October 2006

PAPI: Software • PAPI 1. 4. 1 about to be released § Maintenance releases (last version on Apache 1) • PAPI 1. 5 in beta testing • php. Po. A 2. 0 in beta testing § Coherent object mode an enhanced attribute retrieval • Several Java flavors in production § Tomcat filter § JAAS implementation § SAGPo. A (AA-RR based) • Rewriting the Java implementation § PAPI-EE and PAPICore • Enhancing the proxy features § Better attribute entanglement TF-EMC 2 Malaga October 2006

PAPI speaks Shibboleth • Both SP and Id. P § Using the tests at http: //www. testshib. org/ § First real-usage tests to start next month • The Shib Wiki • Sympa • Elsevier SP • Experimenting with AKAShib configuration § Shibbolized applications can run behind a PAPI Po. A without change TF-EMC 2 Malaga October 2006

PAPI: Community • The federation idea has been soaking minds for quite a long time • The two biggest PAPI-based federation are now interconnected • Several projects for building federated infrastructures § With direct financial support § Similar to the one that brought eduroam • The European fusion community is on the rails § First interconnection CFN-ITER-TJII § Meeting at JET next November TF-EMC 2 Malaga October 2006

Open. PMI • Aimed for providing the necessary tools to build an open Privilege Management Infrastructure (PMI) according to standards § Authorization service based on attributes certificates § Available at http: //openpmi. sourceforge. net/ • Current status § Based on enhancing Open. SSL with attribute certificate support • Collaboration with Adobe § SAML – AC translator § Attribute certificate delegation editor • Visual design of delegation model • Automatic AC generation • Ongoing work § Java and Web Services support § Attribute certificate support in TLS handshake § Attribute certificates in smartcards TF-EMC 2 Malaga October 2006

AA application to SB in OSIRIS Po. A OSIRIS component 2 Po. A AA component GPo. A Open. PMI OSIRIS Po. A component N Admin TF-EMC 2 Malaga October 2006 Liberty protocol OSIRIS component 1

Opera Oberta • Opera Oberta multicasts live opera performances from Gran Teatre del Liceu http: //www. opera-oberta. org/ § 10 Mbps MPEG 2 § Dolby Digital § More than 40 institutions in 5 countries • DRM is performed using proprietary technology § Smartcard-based IPSec boxes • Sessions are announced and managed via outof-band methods TF-EMC 2 Malaga October 2006

Enhancing Opera Oberta • Native IPSec multicast on IPv 6 • Session keys distributed and managed through IKE • Session descriptions stored in LDAP § Session metadata § Session entitlements § Session key material • Several output formats envisaged § Direct LDAP query § SDP § RSS • Currently defining the schema and building initial component prototypes TF-EMC 2 Malaga October 2006