Identity Provider Shibboleth per il servizio di federazione e Single Sign-On di Ateneo

L’università di Bologna, da sempre attenta alle nuove tecnologie e all’innovazione, si è dotata nel 2010 di un Identity Provider (IDP), ovvero un servizio per la verifica dell’identità degli utenti dell’organizzazione tramite username e password in grado di sollevare le applicazioni web (anche esterne all’organizzazione) dall’onere di verificare direttamente le credenziali dell’utente delegando totalmente la responsabilità sul controllo dell’identità digitale all’IDP. La soluzione adottata (Microsoft ADFS) si è dimostrata generalmente semplice da configurare e da gestire, ma ha presentato problemi di integrazione con le principali federazioni di identità regionali e italiane (FedERa e IDEM) a causa di una incompatibilità con il protocollo SAML 1.1, ancora utilizzato da alcuni dei servizi federati. Per risolvere tale incompatibilità il "CeSIA – Area Sistemi Informativi e Applicazioni" dell’Università di Bologna ha deciso di dotarsi di un Identity Provider Shibboleth, alternativa open source ad ADFS che presenta funzionalità equivalenti ed è in grado di gestire tutte le versioni del protocollo SAML (attualmente rilasciato fino alla versione 2.0). Il mio compito è stato quello di analizzare, installare, configurare e integrare con le federazioni IDEM e FedERa un’infrastruttura basata sull’IDP Shibboleth prima in test poi in produzione, con la collaborazione dei colleghi che in precedenza si erano occupati della gestione della soluzione Microsoft ADFS. Il lavoro che ho svolto è stato suddiviso in quattro fasi: - Analisi della situazione esistente - Progettazione della soluzione - Installazione e configurazione di un Identity Provider in ambiente di test - Deploy dell’Identity Provider in ambiente di produzione

Centralized Identity Management for Web Applications

Internet-palvelujen määrä kasvaa jatkuvasti. Henkilöllä on yleensä yksi sähköinen identiteetti jokaisessa käyttämässään palvelussa. Autentikointitunnusten turvallinen säilytys käy yhä vaikeammaksi, kun niitä kertyy yhdet jokaisesta uudesta palvelurekisteröitymisestä. Tämä diplomityö tarkastelee ongelmaa ja ratkaisuja sekä palvelulähtöisestä että teknisestä näkökulmasta. Palvelulähtöisen identiteetinhallinnan liiketoimintakonsepti ja toteutustekniikat – kuten single sign-on (SSO) ja Security Assertion Markup Language (SAML) – käydään läpi karkeiden esimerkkien avulla sekä tutustuen Nokia Account -hankkeessa tuotetun ratkaisun konseptiin ja teknisiin yksityiskohtiin. Nokia Account -palvelun ensimmäisen version toteutusta analysoidaan lopuksi identiteetinhallintapalveluiden suunnitteluperiaatteita ja vaatimuksia vasten.

Functional benefits of predator species diversity depend on prey identity

1. Determining the functional significance of species diversity in natural enemy assemblages is a key step towards prediction of the likely impact of biodiversity loss on natural pest control processes. While the biological control literature contains examples in which increased natural enemy diversity hinders pest control, other studies have highlighted mechanisms where pest suppression is promoted by increased enemy diversity. 2. This study aimed to test whether increased predator species diversity results in higher rates of predation on two key, but contrasting, insect pest species commonly found in the rice ecosystems of south-east Asia. 3. Glasshouse experiments were undertaken in which four life stages of a planthopper (Nilaparvata lugens) and a moth (Marasmia patnalis) were caged with single or three-species combinations of generalist predators. 4. Generally, predation rates of the three-species assemblages exceeded expectation when attacking M. patnalis, but not when attacking N. lugens. In addition, a positive effect of increased predator species richness on overall predation rate was found with M. patnalis but not with N. lugens. 5. The results are consistent with theoretical predictions that morphological and behavioural differentiation among prey life stages promotes functional complementarity among predator species. This indicates that emergent species diversity effects in natural enemy assemblages are context dependent; they depend not only on the characteristics of the predators species, but on the identity of the species on which they prey.

ON THE IDENTITY OF CYCLORAMPHUS JORDANENSIS HEYER, 1983 (ANURA: CYCLORAMPHIDAE)

Cycloramphus jordanensis was described based on a single preserved specimen from Campos do Jordao (22 degrees 44` S ,45 degrees 35` W), State of Sao Paulo, Brazil. While examining the holotype; we noticed the presence of toe and tarsal fringes. Because these characters are absent in Cycloramphus, we suspected that the species was mistakenly placed in the genus. X-ray images of the holotype revealed T-shaped terminal phalanges and fang-like teeth. Together with the presence of toe and tarsal fringes, these characters squarely place the specimen in the genus Megaelasia. Considering the striking niche differences between Cycloramphus and Megaclosia, we expect the new combination will facilitate location of new individuals of this rare frog.

On the Identity of Spencebatea Abyssicola (Cumacea), with Additional Observations on the Genera Allied to Procampylaspis

In 1879 Norman described Spencebatea abyssicola, new genus, new species, on the basis of a single specimen from a deep-sea site off Ireland. The species was transferred to the genus Cumella by Stebbing in 1913, where it has remained. A reexamination of the specimen indicated that it belongs to the genus Procampylaspis since it possesses the recurved, tooth-bearing dactyl on maxilliped 2 which characterizes the genus. Seven other genera also exhibit modified dactyls on maxilliped 2, and, in addition, have styliform mandible molars, thus forming a coherent group within the family Nannastacidae.

Adaptive Privacy Management System Design For Context-Aware Mobile Devices

While mobile technologies can provide great personalized services for mobile users, they also threaten their privacy. Such personalization-privacy paradox are particularly salient for context aware technology based mobile applications where user's behaviors, movement and habits can be associated with a consumer's personal identity. In this thesis, I studied the privacy issues in the mobile context, particularly focus on an adaptive privacy management system design for context-aware mobile devices, and explore the role of personalization and control over user's personal data. This allowed me to make multiple contributions, both theoretical and practical. In the theoretical world, I propose and prototype an adaptive Single-Sign On solution that use user's context information to protect user's private information for smartphone. To validate this solution, I first proved that user's context is a unique user identifier and context awareness technology can increase user's perceived ease of use of the system and service provider's authentication security. I then followed a design science research paradigm and implemented this solution into a mobile application called "Privacy Manager". I evaluated the utility by several focus group interviews, and overall the proposed solution fulfilled the expected function and users expressed their intentions to use this application. To better understand the personalization-privacy paradox, I built on the theoretical foundations of privacy calculus and technology acceptance model to conceptualize the theory of users' mobile privacy management. I also examined the role of personalization and control ability on my model and how these two elements interact with privacy calculus and mobile technology model. In the practical realm, this thesis contributes to the understanding of the tradeoff between the benefit of personalized services and user's privacy concerns it may cause. By pointing out new opportunities to rethink how user's context information can protect private data, it also suggests new elements for privacy related business models.

Mòdul d'autenticació SAML2 per a Dokuwiki

En el projecte s'elabora un mòdul que permet l'autenticació federada de wikis amb un proveïdor d'identitat SAML 2.0. L'aplicació utilitzada per la gestió de les wikis és Dokuwiki i la llibreria utilitzada per aconseguir wikis federades en el protocol SAML 2.0 és simpleSAMLphp. El mòdul permet integrar Dokuwiki i simpleSAMLphp de manera que els usuaris no s'autentiquen en Dokuwiki sinò en el proveïdor d'identitat (IdP). El protocol SAML2 és un mètode d'autenticació Single Sign-On en què Dokuwiki demana autenticació al proveïdor d'identitat (IdP) mitjançant un proveïdor de servei (SP), que també està integrat en simpleSAMLphp. El mòdul es prova en tres situacions: I) El proveïdor d'identitat és extern, Feide OpenIdP. II) El proveïdor d'identitat és local i la font d'autenticació és estàtica. III) El proveïdor d'identitat és local i la font d'autenticació és un servidor OpenLDAP.

On the identity of Melipona torrida Friese (Hymenoptera, Apidae)

On the identity of Melipona torrida Friese (Hymenoptera, Apidae). Melipona marginata var. torrida Friese, 1916, described from three workers putatively collected in Costa Rica, never had its identity properly recognized. Since its original description, no additional specimens have ever been collected in Costa Rica. It is argued here that Melipona torrida was based on mislabeled specimens and corresponds to Melipona marginata obscurior Moure, 1971, a form known only from southern Brazil, Argentina and Paraguay. A lectotype is designated for Melipona torrida and notes on the type material of Melipona marginata obscurior are provided. Other known examples of species described from mislabeled specimens in Friese's Zur Bienenfauna von Costa Rica are discussed. It is pointed out that additional names proposed in this work, based on material from Costa Rica, might turn out to correspond to South American taxa. Also, the date of publication of this Friese's paper is discussed.

Effect of orthographic processes on letter identity and letter-position encoding in dyslexic children.

The ability to identify letters and encode their position is a crucial step of the word recognition process. However and despite their word identification problem, the ability of dyslexic children to encode letter identity and letter-position within strings was not systematically investigated. This study aimed at filling this gap and further explored how letter identity and letter-position encoding is modulated by letter context in developmental dyslexia. For this purpose, a letter-string comparison task was administered to French dyslexic children and two chronological age (CA) and reading age (RA)-matched control groups. Children had to judge whether two successively and briefly presented four-letter strings were identical or different. Letter-position and letter identity were manipulated through the transposition (e.g., RTGM vs. RMGT) or substitution of two letters (e.g., TSHF vs. TGHD). Non-words, pseudo-words, and words were used as stimuli to investigate sub-lexical and lexical effects on letter encoding. Dyslexic children showed both substitution and transposition detection problems relative to CA-controls. A substitution advantage over transpositions was only found for words in dyslexic children whereas it extended to pseudo-words in RA-controls and to all type of items in CA-controls. Letters were better identified in the dyslexic group when belonging to orthographically familiar strings. Letter-position encoding was very impaired in dyslexic children who did not show any word context effect in contrast to CA-controls. Overall, the current findings point to a strong letter identity and letter-position encoding disorder in developmental dyslexia.

On the identity of the type species of the genus Telema (Araneae, Telemidae)

Telema tenella Simon, 1882, the type species of genus Telema, is the only species of family Telemidae reported from Europe and all other 39 congeners occur far from it. However, it has never been properly described. In this paper T. tenella is redescribed and illustrated.