ページ履歴

English / 日本語

This page contains information for those who are in charge of the "GakuNin" and off-campus networks at institutions (universities, etc.) that use our online analysis system.

Outline of the Demonstration Experiment

National Institute of Informatics (NII) is developing an "Online Analysis System" as part of Japan Society for the Promotion of Science (JSPS) project to promote the construction of a data infrastructure for the humanities and social sciences. Prior to the full-scale launch of the service, we will conduct a demonstration experiment targeting a small number of institutions (universities, etc.) in order to evaluate the practicality of the system and identify missing functions.

Users from your institution will need to change the Shibboleth IdP settings in order to participate in the demonstration experiment. We would like to ask the department in charge to please read this guide and take the necessary actions.

Incident Response Policy

The terms of service for this service will be established by the end of the demonstration experiment. During the period of the demonstration experiment, the service will be used in a way that trusts the good intentions of the users, but the following response policy is provided in case problems occur due to the intentional or negligent actions of the users.

•  NII will record the user's behavior on the Service. Specifically, the following information will be logged.

  • User information obtained from IdP (eduPersonPrincipalName, mail).

  • Login time, logout time.

  • Unique ID, IP address, and port number of the container.

  • Other information necessary for follow-up investigation.

• When NII detects that a user is using the service illegally, NII will take the following actions.

  • Temporarily prohibit the user from using the System.

  • Maintain a log of the user's activities.

  • Notify the department in charge of GakuNin at the institution to which the user belongs, and provide them with the log.

If you receive a notification that a user at your institution is using the service illegally, please cooperate with the following measures.

• Take the same action against the user as you would have taken if the user had committed the same act on your system.

• Report the status of the action to NII.

NII will decide whether or not to allow the user to resume using the system based on the status of the reported action.

Definition of unauthorized use

During the period of the demonstration experiment, NII will examine the line of abuse by observing the user's behavior. Currently, we consider the following actions to be abuse.

• Using the functions of this service to configure a crawler to generate high frequency/volume communications to a third party's web server.

• Configuring a web server using the functions of this service to enable the transmission of data to an unspecified third party.

• Sending e-mail to unspecified third parties by configuring a mail server using the functions of this service.

• Any other acts that NII deems to cause trouble to a third party.
• Mining of virtual currency using the functions of the Service.
• Use of P2P file sharing software using the functions of the Service.
  
• Other acts that NII recognizes as causing trouble to other users of the Service.

We will add or modify this definition as the situation demands.

GakuNin Idp Setup Guide

In order for users to use this system, the Shibboleth IdP operated by your institution needs to be configured to send the user's attribute values to the SP of this service.

Prerequisite

• The IdP must have already been registered with GakuNin (Operational Federation). If you have not completed the registration to the operational federation, please contact us separately.
• This explanation assumes that the IdP has been built according to the procedures described in the Technical Guide for GakuNin; if the IdP has been installed using a method specific to your institution, please change the file path accordingly.

Updating Metadata

If automatic metadata refresh is not enabled, follow the steps below to refresh the metadata cache file.

1. Locate the cache file. It is usually located in /opt/shibboleth-idp/metadata/gakunin-metadata.xml

1. .
2. Open the cache file and search for the string "

1. https://jupyter.cs.rcos.nii.ac.jp/shibboleth-sp

1. ".
2. If not found, get the latest metadata from

1. https://metadata.gakunin.nii.ac.jp/gakunin-metadata.xml

1. and replace the cache file.

Configuring Attribute Sending

Follow the steps below to edit the Shibboleth IdP configuration file. For more details, please refer to the GakuNin Technical Guide.

1. Open

1. /opt/shibboleth-idp/conf/attribute-resolver.xml

1. and search for the string "id="eduPersonPrincipalName"

1. ".

2. If the following XML element is valid (not commented out), you are good to go. → Reference 

1. <resolver:AttributeDefinition xsi:type="ad:Scoped" id="eduPersonPrincipalName" scope="%{idp.scope}" sourceAttributeID="uid">     <resolver:Dependency ref="myLDAP" />     <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />     <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" /> </resolver:AttributeDefinition>

1. Similarly, make sure that "id="mail""

1. is also valid. → Reference

   <resolver:AttributeDefinition xsi:type="ad:Simple" id="mail" sourceAttributeID="mail">     <resolver:Dependency ref="myLDAP" />     <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />     <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" /> </resolver:AttributeDefinition>

2. Open /opt/shibboleth-idp/conf/attribute-filter.xml

1. and search for the string "</AttributeFilterPolicyGroup>".

2. Add the following XML element just before the found tag. → Reference

1. <AttributeFilterPolicy id="PolicyforNiiRdcDataAnalysisPlatform">     <PolicyRequirementRule xsi:type="Requester" value="https://jupyter.cs.rcos.nii.ac.jp/shibboleth-sp" />     <AttributeRule attributeID="eduPersonPrincipalName">         <PermitValueRule xsi:type="ANY" />     </AttributeRule>     <AttributeRule attributeID="mail">         <PermitValueRule xsi:type="ANY" />     </AttributeRule> </AttributeFilterPolicy>

2. Restart the Shibboleth IdP

1. service.

Operation check

1. Access https://jupyter.cs.rcos.nii.ac.jp/

1. with a browser.
2. If you are redirected to https://jupyter.cs.rcos.nii.ac.jp/hub/home

1. after going through the authentication screen, you are OK.　
   

Contact Information

　　Research Center for Open Science, National Institute of Informatics

　　Ikki Fujiwara, Online Analysis System <cs-support@nii.ac.jp>