As service providers for the scientific communities in the Max Planck we are faced with a growing demand for access to distributed resources. Among these we find computing resources as well as various types of data bases, archives and infrastructure components (e.g. networks, sensor arrays, experiment controls). Providing a scalable infrastructure for accessing information in general is the challenge we are going to meet. It is self-evident that authentication and authorization play a major role in the given scenarios.
The status quo shows a mixture of evolutionary grown solutions ranging from IP based authentication for accessing journals online to manually maintaining user databases and firewall rules at the various institutes.
Currently, a group of service providers within the Max Planck Society (RZG, Gesellschaft für Wissenschaftliche Datenverbeitung, Göttingen, General Administration, Munich, and Max Planck Digital Library, Munich) and IT departments of several Max Planck Institutes (especially MPI for Psycholinguistics and MPI for Solid State Research) are entrusted with setting up an authentication and authorization infrastructure (AAI) for the whole Max Planck Society.
The requirements for this AAI are almost as manifold as the Max Planck society itself. Hence, the big challenges of this project are not only of technical nature. E.g. while third party vendors, such as publishers, like to interact with only a single identity management component while each institute has to be given the possibility to manage user information locally.
Based on past positive experience in European projects, the Shibboleth framework has been chosen as the technical basis for authorizing users’ web based access to protected resources.
The presentation will explain some of the requirements of the project. It will further on give a brief introduction into the Shibboleth framework as well as details on the current and intended deployments within the Max Planck Society, and describe how the afore mentioned requirement is met.
During an innovation project, E.ON IS has been examining the integration of two different approaches to access information at application level: Digital Rights Management (DRM) and Data Flow Protection (DFP). In this business case study, the challenges implementing a DRM solution in a complex AD structure and the use cases where we see a need for it will be examined.
Furthermore, I will explain why a simple USB protection solution is not enough to protect data flowing through an enterprise. I will present a different concept which is a rule based solution that controls the data flow at application level, and how these two approaches are being combined to form a higher form of security.
