1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)

Slides:

Advertisements

Similar presentations

April 9, 2006 DINO Data In Ontario Spring Meeting University of Guelph.

Advertisements

Duke Enterprise CMS CGS Meeting 5/7/2004 Cheryl Crupi Senior Manager, Duke OIT Office of Web Services.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Copyright JNT Association 2006 The JANET Roaming Service.

Council of Australian University Directors of Information Technology Promoting and advancing the use and support of information technology in higher education.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.

Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

InCommon and Federated Identity Management 1

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney

NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.

1 MAIS & ITSS FY09 Priorities Joint UL Meeting October 27, 2008.

How can projects be controlled?

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

NSTIC ID Ecosystem A Conceptual Model v03 Andrew Hughes October October IDESG Version 1.

Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

The InCommon Federation The U.S. Access and Identity Management Federation

1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.

Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Secure Access to Research Infrastructure via the InCommon Federation.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.

Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.

Recognition: the national centre and the ENIC Network Seminar on the recognition of qualifications Baku, 22 April 2005 Gunnar Vaht Head of the Estonian.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

Holly Eggleston, UCSD Shibboleth and Library Resources InCommon Library/Shibboleth Project.

1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

State of e-Authentication in Higher Education August 20, 2004.

E-Authentication in Higher Education April 23, 2007.

Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.

E-Authentication & Authorization Presentation to the EA2 Task Force March 6, 2007.

Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Project Presentation to: The Electronic Access Partnership July 13, 2006 Presented by: Tim Cameron, Meteor Project Manager The.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

2003 © SWITCH Authentication and Authorisation Infrastructure - AAI Christoph Graf Project Leader AAI SWITCH.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.

Federated Wireless Network Authentication Kevin Miller Duke University Internet2 Joint Techs Salt Lake City February, 2005.

SEPARATE ACCOUNTS FOR PROSPECTS? WHAT A HEADACHE! Ann West Assistant Director, InCommon Assurance and Community Internet2 at Michigan Tech.

Trust and Identity Infrastructure Services Above the Network Ann Harding, SWITCH/GÉANT UbuntuNetConnect 2014.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.

Education Portal Solutions for Higher Education Education portals create a common gateway to the data and services that the people throughout your university.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Supervision of Insurance Market Conduct in Canada

John O’Keefe Director of Academic Technology & Network Services

Building a National Access Management Infrastructure

A Business Case for Identity Management in Higher Education

Protecting Privacy with Federated AA

Presentation transcript:

1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)

2 What’s CUCCIO? 45 member universities, represented by their CIOs or equivalents Managed by a Board of Directors elected by the members web site :

3 Why We Exist To provide a trusted national voice for IT in Canadian universities To foster the professional development of the higher education IT community in Canada To provide a vehicle for collaboration, cooperation and collective action among Canadian universities in matters relating to higher education IT To provide a focal point for liaison with national and international organizations and interest groups concerned with IT

4 What We’re Doing Services for members:  Building an online storehouse of requests for proposals, policies and best practices  Developing a mechanism for Canadian institutions to gather a common set of data for measuring and benchmarking Special interest groups:  Security, Business Continuity/Disaster Recovery, Cyberinfrastructure, Professional Development and Training, … Annual CANHEIT conference (Canadian Higher Ed IT) edupass.ca: The Canadian Access Federation

5 Defining Identity Management 2008/10/01 Separate two functions of identity management:  Authentication: proving who you are  Authorization : policies controlling access to resources For enterprise efficiency:  Authenticate centrally: administer one set of credentials (id/password)  Authorize locally: service provider controls access to service according to role Single Sign On:  The “authenticate once” principle

6 An Access Federation 2008/10/01 Access management across cooperating institutions  Based on trust Retain local management of identity information:  Preserves privacy  Roles based on local responsibilities Be efficient:  Don’t replicate information or technologies

7 Access Federation comprises identity providers and service providers  Identity providers authenticate users  Service providers offer services to users under agreements negotiated with the Access Federation How it Works

8 2008/10/01 The Canadian Access Federation (edupass.ca) A made-in-Canada solution  Eligible participants include higher education institutions, public research institutions, sponsored service providers, others Services delivered under two technologies:  Eduroam : for wireless mobility  Shibboleth: for web-based applications Managed by CUCCIO: technology, policies, agreements

9 What is eduroam? eduroam stands for Educational Roaming Launched in Europe in 2003 to deal with the “Roaming Scholar problem” Allows users visiting other eduroam institutions to access WLAN using home credentials CUCCIO’s Canadian service launched in June 2008

10 Calgary Saskatchewan How it Works: Eduroam

11 What is Shibboleth? Supports inter-institutional sharing of web resources subject to access controls Streamlines sharing secured online services Leverages existing campus identity and access management infrastructures  Identity provider chooses what information to send to service provider  Service provider makes final authorization decision based on verified information

/10/01 Remote Application U Saskatchewan ID Mgmt Service Confirm User is known Pass approved identity and role information so service can apply authorization policy first request use Authenticate How it Works: Shibboleth Service Provider Access Policies

13 Summary The Canadian Access Federation (edupass.ca)  A CUCCIO-sponsored trust federation providing access management to the higher ed community in Canada –Expanded services for faculty/staff/students, supporting inter-institutional collaboration –Efficiencies in use, efficiencies in negotiations Key Requirements  institutional Identity Management strategy –Enterprise identity repository –Role-based access policies –attributes & policies that recognize federation  Applications that utilize Identity Management services 2008/10/01

/10/01 Benefits of Participating For Identity Providers  Enhanced control of personal information of users  Easier to comply with regulatory requirements (e.g. PIPEDA)  Integrates with existing enterprise identity management systems  Common standardized solution for many services

/10/01 Benefits of Participating For Service Providers  Authentication is performed by the identity providers –Eliminates credential security issues –No need for user accounts database  Reduced requirements for user support  Accurate implementation of license conditions  Users take better care of their credentials

/10/01 Benefits of Participating For Users  Much less need to disclose identity  Personal data kept between user and home institution  Fewer user names/passwords to remember

/10/01 International Turnitin, eAcademy Canadian Access Federation Shared Library Scholars Portal, Elsevier Research Orgs CANARIE, Compute Canada Universities Polytechs Colleges Commercial Service Providers InCommon (US), AAF (Australia), Terena (EU), UK AMF CUCCIO CCCCIO Government -Federal -Provinces -Research Granting Councils

/10/01 Where Do We Go From Here? Finalize business plan, legal agreements, policies, procedures, etc. Recruit participants: institutions, service providers Support users “The only way to do something is to do it.”

/10/01 Questions How can the Canadian Access Federation benefit your applications/services? Which service providers would you be interested in sponsoring? For more info see

/10/01 International Turnitin, eAcademy Canadian Access Federation Shared Library Scholars Portal, Elsevier Research Orgs CANARIE, Compute Canada Universities Polytechs Colleges Commercial Service Providers InCommon (US), AAF (Australia), Terena (EU), UK AMF CUCCIO CCCCIO Government -Federal -Provinces -Research Granting Councils