Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT

Networks ∙ Services ∙ People When and how it all started Where we are now Where we want/should be 2 Overview

Networks ∙ Services ∙ People years of 1 st March 2005: SAML2.0 was approved Now used by 50 R&E federations! REFEDS – 10 years of discussion on how federations can interoperate. And of course federated access

Networks ∙ Services ∙ People 4 A look at the past

Networks ∙ Services ∙ People Our community realised very soon that username and password would not scale in a world: Where on-line access was becoming more and more common Where students mobility was growing and it was expected to grow more Where remote access to resources was becoming a main requirement 5 Importance of Federated Access

Networks ∙ Services ∙ People 6 From the Internet Archives Tuesday 29 Oct 2002 I2 News Item: “After two months of using Shibboleth to manage web course material at North Carolina State University, we saw an 80- to 85-percent drop in our help desk call” Dec Oct 2002 SWITCH AAI Info Day: “Demo on Shibboleth demo (v 0.7!) And an overview on other AAIs in Europe ”

Networks ∙ Services ∙ People 7 How it all started A-Select PAPI FEIDE Shibboleth Athens PermisSPOCP

Networks ∙ Services ∙ People 8 The good year! Source: Ton Verschuuren 14_Confederation_-_JISC_Workshop.pdf SAML becomes the de-facto lingua franca with multiple implementations (i.e. simpleSAMLphp and commercial products)

Networks ∙ Services ∙ People 9 Federations in 2005 Source: TERENA CompendiumTERENA Compendium 6 Federations Many NRENs planning

Networks ∙ Services ∙ People 10 Challenges back then Scalability Inter-federation Business Models Schema harmonization Support for VOs Authorization

Networks ∙ Services ∙ People 11 Please meet eduGAIN grandpa

Networks ∙ Services ∙ People 12 Federations in the past 5 years

Networks ∙ Services ∙ People April 2011: Official start of eduGAIN Nov 2013: 21 Federations are members (50%), 5 joining Apr 2014: 24 Federations are members (51%), 6 joining April 2015: 32 Federations are members (57%), 9 joining Whole (academic) SAML landscape: 56 Federations, 3007 IdPs, 6514 SPs (gathered from metadata) Not all of them need to be interfederated, e.g. many internal SPs 13 The Rise of Federations

Networks ∙ Services ∙ People 14 eduGAIN and Federations 32 eduGAIN Members 9 Joining eduGAIN 3 Candidate Federation 12 Other Federations April 2015

Networks ∙ Services ∙ People 15 Identity is QUEEN Demand for Federated Access Identity as important as the network Users want to access services across various e- Infrastructures Industry recognises the importance of identity and federated access

Networks ∙ Services ∙ People 16 Scalability Business Models Support for VOs Authorization Non-Web Browser federated access Assurance Security Incident Response in Federations Support for Guest Users Data Protection Technology translators Attribute release Schema harmonisation Schema harmonization Business Models Scalability The Challenges Inter-federation

Networks ∙ Services ∙ People 17 Work in progress

Networks ∙ Services ∙ People 18 The Project Two-year EC-funded project 20 partners NRENs, e-Infrastructure providers and Libraries as equal partners About 3M euro budget Starting date 1st May, Authentication and Authorisation for Research and Collaboration

Networks ∙ Services ∙ People 19 AARC - Objectives Build on federated access, improve its up- take and address current challenges Harmonise policies among e-Infrastructures to ease service delivery Avoid the creation of project-specific AAIs by enabling researchers to use their existing credentials to access different resources Avoid the creation of project-specific AAIs by enabling researchers to use their existing credentials to access different resources Define a training package for institutions and services to support federated access Integrate existing R&E AAIs to create an highway for identities

Networks ∙ Services ∙ People 20 The landscape 20 AARC Requirements Anchored in real use cases Pilots AARC technical and policy findings Training REFEDS/FIM4R REFEDS: Feedback and validation from Fed Operators on best practices FIM4R: Feedback on pilots from AAI user communities Requirements/feedback for training and architecture e-Infrastructures i.e. GEANT Develop business case Costing Supply chain Pilot the deployments eduGAIN Incorporate

Networks ∙ Services ∙ People 21 Where do we want to be

Networks ∙ Services ∙ People 22 Challenges in 5 years The role of the IdPs will change: To become only authentication? A national single authentication point for the R&E ? Or a hub? eduID.se to create user accounts to access courses (and more) in all Swedish universities Federations will change More hubs and mesh as needed And to cope with privacy laws Engagement with other sectors: eGov – different approaches per countries/federations Industry – OIDC, social identities and cloud services Account linking

Networks ∙ Services ∙ People 23 What will be solved Non-Web federated access Incident response in federated access Attribute release for some use- cases Many issues related to Support for VOs

Networks ∙ Services ∙ People 24 Conclusions Plenty of work ahead Environment is right to collaborate rather than reinventing the wheel

Networks ∙ Services ∙ People Thank you and any questions Networks ∙ Services ∙ People 25