The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, 2004 - CAMP Shibboleth Implementation Workshop.

Slides:



Advertisements
Similar presentations
The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.
Advertisements

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,
InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker.
Federated Identity, Shibboleth, and InCommon Tom Barton University of Chicago © 2009 The University of Chicago.
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
InCommon and Federated Identity Management 1
Peter Deutsch Director, I&IT Systems July 12, 2005
InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Rights / Business Models in the NSDL Columbia University David Millman April, 2001.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
The InCommon Federation The U.S. Access and Identity Management Federation
Digital Object Architecture
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
Tom Clarke VP, Research & Technology National Center for State Courts.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
Identity Federation Policy Marina Vermezović, AMRES Federated Identity Technology Workshop Sofia, Bulgaria, 20. Jun 2014.
Federated Identity: What It Brings to Open Government Dr Ken Klingenstein Director, Internet2 Middleware and Security.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.
GRA Implementations using Open Source Technologies Mark Perbix and Yogesh Chawla SEARCH.
Identity Assurance: When it Matters David L. Wasley Internet2 / InCommon.
Shibboleth Update Advanced CAMP 7/31/02 RL “Bob” Morgan, Washington Steven Carmody, Brown Scott Cantor, Ohio State Marlena Erdos, IBM/Tivoli Michael Gettes,
Navigating the Standards Landscape Andrew Owen SEARCH.
Shibboleth at Columbia Update David Millman R&D July ’05
Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University
The InCommon Federation The U.S. Access and Identity Management Federation
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
Innovation through participation eduGAIN policy: A worm report TF-EMC2 Vienna Mikael Linden, CSC The worm farmer.
The UK Access Management Federation John Chapman Project Adviser – Becta.
Level of Assurance. LOA LOA classic - The strength of the authentication assertion Depends on identity proofing, delivery of credential, repeated act.
Shibboleth Trust Model Shibboleth/SAML Communities (aka Federated Administrations) Club Shib Club Shib Application process Policy decision points at the.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Identity Federations: Here and Now David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke.
Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.
Origins: The Requirements of Participating in Federations CAMP Shibboleth June 29, 2004 Barry Ribbeck & David Wasley.
InCommon® for Collaboration Institute for Computer Policy and Law May 2005 Renee Shuey Penn State Andrea Beesing Cornell David Wasley Internet 2.
0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
SEPARATE ACCOUNTS FOR PROSPECTS? WHAT A HEADACHE! Ann West Assistant Director, InCommon Assurance and Community Internet2 at Michigan Tech.
Further Resources and Getting Involved Steven Carmody Ann West.
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
Progress Report on the U.S. NSTIC Efforts Jack Suess – Delegate for Research, Development, Education & Innovation
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
Designing Identity Federation Policy, the right way Marina Vermezović, Academic Network of Serbia TNC2013 conference 4 May 2013.
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
David Millman—Columbia January 2005
Shibboleth Roadmap
Federation Systems, ADFS, & Shibboleth 2.0
InCommon Steward Program: Community Review
The French federation Eurocamp 2007 Helsinki
PASSHE InCommon & Federated Identity Workshop
Appropriate Access InCommon Identity Assurance Profiles
Shibboleth 2.0 IdP Training: Introduction
Presentation transcript:

The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop

List of Docs  Membership guidelines and pricing  Application to join federation, which, if approved, results in a  Participation agreement, which the participant institution signs with the federation operator, based somewhat on the participant reading the  Federation operational practices statement, which describes for I/A/Metadata mgt of the federated operator  List of federated attributes  (List of common uses of various trust levels)  Participant operational practices statement  Privacy??

Federation Operational Practices  Technical Aspects How the CA is operated (InCommon CPS) How the metadata is assembled and signed How the identity proofing of the participant enterprise is done and credentials delivered  Policy Aspects Dispute resolution

Participant Operational Practices  Different for credential providers (origins) than for resource providers (targets?)  On-campus versus off-campus trust  Requirements for tight language, audit, etc. unknown  Actual use unknown  Scalability will require another approach…

Participant Operational Practices  Participant community served and baseline “member”  Authentication Policies and Practices  Attribute Assertions  Privacy  Technical standards

POP authentication details  Identification Office of record Method of identity proofing Reuse of netids  Authentication technologies  WebISO key issues Timeouts Logouts – user initiated; global or local Kiosks

Privacy statements  Two cases: Attributes associated with identity Attributes unassociated with identity –“Three or less” rule of thumb  EU privacy laws Attributes tagged with appropriate use

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.