Механизм прав на основе групп пользователей в EDUROAM – федеративной системе управления доступом к сетевым ресурсам научно-образовательных сетей
The paper describes a federated identity management infrastructure based on eduroam. This technology enables secure authentication using single netid for network and resources access in eduroam federation. Major protocols and technologies for transparent user authentication are covered. A way of authorization, based on membership in institutional groups and individual user membership is proposed. For user authentication a service provider sends an authentication request contained the encrypted user name and password to user's institute RADIUS server (identity provider). Identity provider is determined by the domain user name/ The authentication request is passed through th eduroam hierarchy of proxy RADIUS servers. If the service provider provides special access for a certain group of users, it also sends a request to group identity RADIUS-server. A request passes through a hierarchy of group RADIUS servers for group membership checking. Eduroam federation and group RADIUS servers hierarchies are based on the domain name system. The implementation of these mechanisms requires a slight modification of service provider RADIUS server for group support and do not require changes of the identity provider and eduroam federations RADIUS servers. Group support is fully compatible with the existing eduroam infrastucture, the both types of RADIUS servers with and without group support can operate simultaneously
The unprecedented proliferation of smart devices together with novel communication, computing, and control technologies have paved the way for A-IoT. This development involves new categories of capable devices, such as high-end wearables, smart vehicles, and consumer drones aiming to enable efficient and collaborative utilization within the smart city paradigm. While massive deployments of these objects may enrich people's lives, unauthorized access to said equipment is potentially dangerous. Hence, highly secure human authentication mechanisms have to be designed. At the same time, human beings desire comfortable interaction with the devices they own on a daily basis, thus demanding authentication procedures to be seamless and user-friendly, mindful of contemporary urban dynamics. In response to these unique challenges, this work advocates for the adoption of multi-factor authentication for A-IoT, such that multiple heterogeneous methods - both well established and emerging - are combined intelligently to grant or deny access reliably. We thus discuss the pros and cons of various solutions as well as introduce tools to combine the authentication factors, with an emphasis on challenging smart city environments. We finally outline the open questions to shape future research efforts in this emerging field.
This book constitutes the refereed post-conference proceedings of the 29th International Workshop on Combinatorial Algorithms, IWOCA 2018, held in Singapore, Singapore, in July 2018. The 31 regular papers presented in this volume were carefully reviewed and selected from 69 submissions. They cover diverse areas of combinatorical algorithms, complexity theory, graph theory and combinatorics, combinatorial optimization, cryptography and information security, algorithms on strings and graphs, graph drawing and labelling, computational algebra and geometry, computational biology, probabilistic and randomised algorithms, algorithms for big data analytics, and new paradigms of computation.
The article is devoted to identity federations of the research and educational networks. Research and educational networks contain a lot of informational and computing resources. These resources are in a dif-ferent organizational, administrative and public supervision. Scientific resources require authentication, for example, to monitor compliance with intellectual property rights, the definition of user rights, etc. Authorization methods with user authentication by his institution are commonly used. Identity federation is a group of institutions had an agreements on mutual access to their resources, developed a common policy and user identity framework, and implemented them on the organizational and technical level. Identity federation have operational team, steering group and user support service. Due to diversity and international level of the research identity federations cooperates to interfederation. The article describes eduroam and eduGAIN identity federations, based on different authentication technologies. Joint Supercomputer Center of Russian Academy of Sciences (JSCC RAS) is participant of the above projects. JSCC RAS works on creation of identity federation in the Russian research and education community and supports coop-eration with European projects. JSCC supports Eduroam in Russia that is open for participation of any research and education institution.
The article describes the results of the analysis of the traffic of the inromational and computational resources connected to the Moscow region research telecommunication network of the Russian Academy of Sciences. Based on the analysis the demands for data-center connectivity were considered. Reliable and high-performance network architecture solutions were proposed. The prototype of the telecommunication node for data-center connectivity is developed in the Computational Center of the Russian Academy of Sciences.
The paper provides an overview and analysis of existing authentication methods in wireless body area networks (WBAN). The novel Bodycom technology is presented. We give a detailed comparative analysis showing advantages and disadvantages of each approach and propose the most appropriate authentication technology.
A model for organizing cargo transportation between two node stations connected by a railway line which contains a certain number of intermediate stations is considered. The movement of cargo is in one direction. Such a situation may occur, for example, if one of the node stations is located in a region which produce raw material for manufacturing industry located in another region, and there is another node station. The organization of freight traﬃc is performed by means of a number of technologies. These technologies determine the rules for taking on cargo at the initial node station, the rules of interaction between neighboring stations, as well as the rule of distribution of cargo to the ﬁnal node stations. The process of cargo transportation is followed by the set rule of control. For such a model, one must determine possible modes of cargo transportation and describe their properties. This model is described by a ﬁnite-dimensional system of diﬀerential equations with nonlocal linear restrictions. The class of the solution satisfying nonlocal linear restrictions is extremely narrow. It results in the need for the “correct” extension of solutions of a system of diﬀerential equations to a class of quasi-solutions having the distinctive feature of gaps in a countable number of points. It was possible numerically using the Runge–Kutta method of the fourth order to build these quasi-solutions and determine their rate of growth. Let us note that in the technical plan the main complexity consisted in obtaining quasi-solutions satisfying the nonlocal linear restrictions. Furthermore, we investigated the dependence of quasi-solutions and, in particular, sizes of gaps (jumps) of solutions on a number of parameters of the model characterizing a rule of control, technologies for transportation of cargo and intensity of giving of cargo on a node station.
Event logs collected by modern information and technical systems usually contain enough data for automated process models discovery. A variety of algorithms was developed for process models discovery, conformance checking, log to model alignment, comparison of process models, etc., nevertheless a quick analysis of ad-hoc selected parts of a journal still have not get a full-fledged implementation. This paper describes an ROLAP-based method of multidimensional event logs storage for process mining. The result of the analysis of the journal is visualized as directed graph representing the union of all possible event sequences, ranked by their occurrence probability. Our implementation allows the analyst to discover process models for sublogs defined by ad-hoc selection of criteria and value of occurrence probability
The geographic information system (GIS) is based on the first and only Russian Imperial Census of 1897 and the First All-Union Census of the Soviet Union of 1926. The GIS features vector data (shapefiles) of allprovinces of the two states. For the 1897 census, there is information about linguistic, religious, and social estate groups. The part based on the 1926 census features nationality. Both shapefiles include information on gender, rural and urban population. The GIS allows for producing any necessary maps for individual studies of the period which require the administrative boundaries and demographic information.
Existing approaches suggest that IT strategy should be a reflection of business strategy. However, actually organisations do not often follow business strategy even if it is formally declared. In these conditions, IT strategy can be viewed not as a plan, but as an organisational shared view on the role of information systems. This approach generally reflects only a top-down perspective of IT strategy. So, it can be supplemented by a strategic behaviour pattern (i.e., more or less standard response to a changes that is formed as result of previous experience) to implement bottom-up approach. Two components that can help to establish effective reaction regarding new initiatives in IT are proposed here: model of IT-related decision making, and efficiency measurement metric to estimate maturity of business processes and appropriate IT. Usage of proposed tools is demonstrated in practical cases.