Keeping Your Federation in Shape Discussion with InCommon Technical Advisory Committee Members Jim Basney Scott Cantor Tom Barton.

Slides:



Advertisements
Similar presentations
Federated Identity for Grid Architects Tom Scavo NCSA
Advertisements

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
TIER – before, now and after If you do not talk this will be a very long hour because we can only repeat the same stuff for so long… 1.
Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.
GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch
Federated Identity, Shibboleth, and InCommon Tom Barton University of Chicago © 2009 The University of Chicago.
Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.
US E-authentication and the Culture of Compliance RL “Bob” Morgan University of Washington CAMP, June 2005.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
Federated Identity for Scientific Collaborations: Policy Issues Jim Basney 2 nd Workshop on Federated Identity Systems for Scientific.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Winter 2011 CSG Workshop: InCommon Silver January 12, 2011.
University of Chicago University of Illinois Indiana University University of Iowa University of Maryland University of Michigan Michigan State University.
1 11 th Fed/Ed PKI Meeting Some quick updates from recent HEPKI-TAG and SURA work Jim Jokl
Using InCommon Client Certs for eduroam Jeff Hagley and Ryan Martin October 3 rd, 2011 Internet2 Fall Member Meeting.
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.
Federated A(A(A))I Jens Jensen hepsysman, RAL,
SWITCHaai Team Federated Identity Management.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Jack Suess, CIO University of Maryland, Baltimore County April 5, 2009.
Demos!. Demo 1: Dropbox-like Behavior Syndicate producerconsumer.
Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Integrating with UCSF’s Shibboleth system
IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1.
InCommon as Infrastructure: How Recommended Practices and Federation Features Help Scale Federated Identity Management Michael R. Gettes, Carnegie Mellon.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
Karyn Higa-Smith, DHS S&T Program Manager, Identity & Privacy Anil John, JHU/APL Technical Lead, DHS S&T IdM Testbed September 29, 2009 OASIS Identity.
The I-Trust Federation: Federating the University of Illinois Keith Wessel Identity Management Service Manager University of Illinois at Urbana-Champaign.
Shibboleth at the U of M Christopher A. Bongaarts code-people June 2, 2011.
Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies cru.fr 7th.
Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
Shibboleth at the U of M Christopher A. Bongaarts net-people March 10, 2011.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
Unlimited SSL and personal certificates at one annual fixed fee.
The Application and the Ecosystem. Acknowledgments Home and Scott Cantorhttps://spaces.internet2.edu/display/fedapp/
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
Shibboleth Trust Model Shibboleth/SAML Communities (aka Federated Administrations) Club Shib Club Shib Application process Policy decision points at the.
1 Earth System Grid Center for Enabling Technologies ESG-CET Security January 7, 2016 Frank Siebenlist Rachana Ananthakrishnan Neill Miller ESG-CET All-Hands.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Campuses New to Shibboleth: WebSSO Barry Johnson
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
1 Managing Your Infrastructure in a Federated World CAMP – In Production: Management Tues, 22-June-2010, Raleigh, NC Kevin Morooney, Penn State, Moderator.
SAML standard – PingID? CMU, like others, spends significant resources working with vendor partners (box, skillsoft …) getting shib configured because.
Using InCommon Client Certs for eduroam Jeff Hagley and Ryan Martin October 3 rd, 2011 Internet2 Fall Member Meeting.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
Workshop on Security for Web Services. Amsterdam, April 2010 Applying SAML to Identity Data Exchange.
1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Access Policy - Federation March 23, 2016
LIGO Identity and Access Management
Federation made simple
Introduction to the GEOSS Component and Services Registry
ESA Single Sign On (SSO) and Federated Identity Management
Certificate Service Survey Summary
LionShare & USHER Title Slide Derek Morr Spring ’06 MM.
Shibboleth 2.0 IdP Training: Introduction
Baseline Expectations for Trust in Federation
Presentation transcript:

Keeping Your Federation in Shape Discussion with InCommon Technical Advisory Committee Members Jim Basney Scott Cantor Tom Barton

TAC’s Role Facilitate campus tech implementations –Metadata management –InCommon metadata schema extensions –Specifications, guidance & notifications –Supportive services Advise & recommend to Steering Committee on tech matters –SSL & end-user certs –eduRoam? Community engagement –Working groups –IAM Online (with EDUCAUSE & MACE/Internet2) –Gather feedback & requirements

Topics for Today Gotcha’s to watch out for Federated Security Incident Response Upgrading to shib 2.X uApprove Balancing metadata for InCommon, ASPs, other external federations, internal webSSO Campus openID needs What aren’t we doing that we should?

Watch out for these SOAP endpoint issues New InC signing cert Good entityId practice: use URLs –But watch out for older SPs that assume URN form Keep your metadata up to date! –Publishing schedule Keys – yes. PKI – no! Expiring certs

How to upgrade to shib 2.X (or maybe how not to) Show of hands: –Running 2.X IdP –Running 1.X IdP –# months until upgrade Stories from the room InC’s support for test IdP’s SAML/shib 2 metadata –SOAP endpoint issues

FEDERATED SECURITY INCIDENT MANAGEMENT

uApprove Who is doing it? How’s it going? Who plans to? What’s needed on campus in addition to uApprove itself? Requirements for metadata extensions?

Comodo User Certs Who wants them? –Sooner, later For what? –Authentication? –Signing? –Encryption? Key escrow? For which campus groups? Comodo-campus interface needs –How many points of contact? –What capabilities?

Balancing campus metadata management Campus stories in managing –InC metadata –Other external federation’s metadata –ASP metadata –Metadata for shib-based campus SSOWA* *SSO with Attributes

More discussion, time permitting Shib, InC, and campus openID needs What do you wish InC would do but doesn’t? –Should we stop or change something we’re doing? Silver  this afternoon at 2:30

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.