An authorization service for VOs using Sympa group manager

The RENATER's authorization service is based on Sympa group manager and SAML Attribute Authority as light-weight solution for Virtual Organizations' authorizations. Sympa is a wide spread software used historically to manage mailing lists. It turns out that Sympa is thereby used by many Virtual Organizations as their main group manager. Before a group identifies the need for a dedicated group management tool, it needs to communicate and therefore uses a mailing list. So that Sympa wears in its gene the features of group management. The addition of various associated tools (wikis, surveys, foodles) and multiples external data sources (LDAP, SQL, files, sympa groups, VOOT groups), led RENATER to build its authorization service for VOs around Sympa, extending its functionalities with Shibboleth's Attribute Authority instead of developing a group solution from scratch. This presentation shows how to use the maling list server Sympa in combination with an SAML Attribute Authority in order to manage authorizations on web resources. It describes how the different components were configured and how do they work together. The platform described in the following uses the attribute aggregation using standard Shibboleth Service Providers as an underlying technology and relies on Sympa for the administration interface. Several reasons lead this choice, which are described in the article. Considering that RENATER already provides a groupware solution based on Sympa, and hosts 1100 VOs (up to 20000 members). It seems reasonable to extend this particular Sympa installation with an SAML Attribute Authority that allows external services not operated by RENATER to access the group information.


Part of session

Lightning Talks

Related documents