EDIT

# Community Single Sign-On (CSSO) security infrastructure

{{>toc}}

----

The aim of EDIT's Community Single Sign-On (CSSO) security infrastructure is integrating various EDIT service providers into the platform such as registered users of the EDIT community may access these services using a single EDIT identity only. Simultaneously, the CSSO security infrastructure respects the requirements of many biodiverity service providers to remain the sovereigns of their resources and services offered. That means, service providers may define and enforce individual access control policies in order to protect their resources, i.e. enable or prevent certain users or groups from accessing specific services.

Technologically, EDIT's [[CSSO|CSSO Security Infrastructure]] bases on the [OASIS Security Assertion Markup Language (SAML)":http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security standard family. The main benefits of SAML include a secure attribute exchange framework, several open source implementations, privacy-preserving access to individually protected online resources and a federation concept. In particular, this federation concept perfectly matches the requirements regarding the creation of a single sign-on platform for more or less closed communities like e.g. taxonomic experts within EDIT. Beside others, the EDIT federation currently consists of about 2000 taxonomic experts registered in an SAML Identity Provider (IdP) and several SAML Service Providers (SP) instances like e.g. "EDITExpertNet](http:///www.editexpertnet.org.)   

While, the vision is to extend the CSSO concept from EDIT to the whole biodiversity community someday, this document will present an outline to any available information regarding the existing CSSO release. 

----

## EDIT Federation

 _[[EDITFederation|General Information]]_::

 Provides general information about the EDIT Federation.

 _[[EDITFederation#HowtobecomeanEDITuser|How to become an EDIT user ?]]_::

 Provides a detailed description on how users can be registered to the EDIT federation.

  _[[EDITFederation#HowtobecomeanEDITServiceProvider|How to become an EDIT Service Provider ?]]_::

 Provides a detailed description on how EDIT institutions can implement services using the Single Sign-On features within the EDIT federation.

  _[[EDITFederationMembers|Current EDIT Federatoin members]]_::

  Gives an overview of the EDIT services currently connected to CSSO. 

 _[[EDITFederationAttributes|Common Set of EDIT Federation Attributes]]_::

 Describes the user attributes currently transmitted to EDIT Service Providers from the EDIT Identity Provider.

----

## **Anything below is currently work in progress. Sorry** 

## CSSO Infrastructure

 _[[CSSOTechnicalOverview|CSSO Technical Overview ]]_::

 Provides general information about the EDIT security components.

### Identity Provider (IdP)

 _[[OpenSSO|OpenSSO General Information]]_::

### Service Provider (SP)

 _[[Shibboleth|Shibboleth General Information]]_::

 _[[ShibbolethManagementTools|Shibboleth Management Tools]]_::

 _[[ShibbolethProtocol|The Shibboleth Protocol]]_::

### Certification Authorities

 _[[FUBCertificationAuthority|Freie Universität Berlin (FUB-CA) Certification Authority ]]_::

 _[[WP57CertificationAuthority|WP 5.7 Certification Authorities ]]_::

### Shibboleth Proxy

 _[[ShibbolethProxy|Shibboleth Proxy General Information]]_::

----

## User Guides

### [[OpenSSO]]

 _[[OpenSSOUser|OpenSSO User Documentation ]]_::

### Certificate Handling

 _[[InvalidSecurityCertificate|The "Invalid Security Certificate Problem"]]_::

 _[[FirefoxImportCACertificates|Firefox: How to import CA certificates ]]_::

 _[[FirefoxInvalidSecurityCertificate|Firefox: How to handle invalid security certificates ? ]]_::

 _[[IEImportCACertificates|Internet Explorer: How to import CA certificates ]]_::

 _[[IEInvalidSecurityCertificate|Internet Explorer: How to handle invalid security certificates ? ]]_::

----

## Installation Guides

### [[OpenSSO]]

 _[[OpenAMIdPInstallDebianLenny|OpenAM (OpenSSO) based Identity Provider (IdP) Installation on Debian Lenny  ]]_::

 _[[OpenSSOFederationSetup|OpenSSO Federation Setup  ]]_::

 _[[OpenSSOInstallDebianEtch|OpenSSO Installation (with Debian Etch)  ]]_::

### [[Shibboleth|Shibboleth ]]

 _[[ShibbolethSP2InstallDebianLenny|Shibboleth Service Provider (SP) v2.3.x Installation on Debian Lenny  ]]_::

 _[[ShibbolethIdPInstallDebianEtch|Shibboleth Identity Provider (IdP) Setup on Debian Etch  ]]_::

 _[[ShibbolethSP2InstallDebianEtch|Shibboleth Service Provider (SP) v2.x Installation on Debian Etch  ]]_::

 _[[ShibbolethSPInstallDebianEtch|Shibboleth Service Provider (SP) Installation on Debian Etch  ]]_::

 _[[ShibbolethSPInstallWindows|Shibboleth Service Provider (SP) Installation on Microsoft Windows  ]]_::

### [[SimpleSAMLphp|SimpleSAMLphp ]]

 _[[SimpleSAMLphpInstall|SimpleSAMLphp Installation (Debian Etch)  ]]_::

### [[SpringSSO]]

 _[[SpringSSO|Integrating Spring Framework into CSSO  ]]_::

### Xen

_[[Xen_installation|BGBM Xen server documentation ]]_::

### Debian Linux

 _[[Debian|Debian Linux Installation Guide ]]_::

### Apache

 _[[Apache2InstallDebianEtch|Apache2 Installation on Debian Etch]]_::

 _[[ApacheMySQLAuthentication|Apache MySQL Authentication for Debian Etch]]_::

### [[Drupal|Drupal ]]

 _[[Drupal5InstallDebianEtch|Drupal5 Installation on Debian Etch]]_::

 _[[Drupal5Mirroring|Drupal]]_::

### Java

 _[[JDK5InstallDebianEtch|SUN JDK5 Installation on Debian Etch]]_::

### Maven2

 _[[Maven2InstallDebianEtch|Apache Maven 2 Installation on Debian Etch]]_::

### [[MySQL|MySQL ]]

 _[[MySQLInstallDebianEtch|MySQL Installation on Debian Etch]]_::

### Postfix

 _[[PostfixInstallDebianEtch|Postfix Installation (Debian Etch)]]_::

### [[PostgreSQL|PostgreSQL ]]

 _[[PostgreSQLInstallDebianEtch|PostgreSQL Installation on Debian Etch]]_::

### [[SQLite|SQLite ]]

 _[[SQLiteInstallDebianEtch|SQLite Installation on Debian Etch]]_::

### [[Subversion|Subversion ]]

 _[[SVNInstallDebianEtch|Subversion Installation on Debian Etch]]_::

 _[[SVNMirroring|Mirroring Subversion Repositories]]_::

### Tomcat6

 _[[Tomcat6InstallDebianEtch|Tomcat6 Installation on Debian Etch]]_::

### [[Trac|Trac ]]

 _[[TracInstallDebianEtch|Trac Installation on Debian Etch]]_::

 _[[TracMirroring|Mirroring Trac]]_::

----

## Miscellaneous

 _[[CSSOSoftwareLicense|Licenses used by CSSO 3rd party components ]]_::

 _[[CSSOPlannings|Initial Plannings of the Community Single Sign-On (CSSO) Security Infrastructure ]]_::