Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Utrecht NA3 Task 4 – Scalable Policy Negotiation.

Slides:



Advertisements
Similar presentations
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Advertisements

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Authentication and Authorization in a federated environment Jules Wolfrat (SARA)
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
European Life Sciences Infrastructure for Biological Information Life science community update for the 7 th Federated Identity Management.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.
Authentication and Authorisation for Research and Collaboration Pilots on the Integrated R&E AAI Paul van Dijk, Activity Lead Pilots.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.
Authentication and Authorisation for Research and Collaboration Mikael Linden AARC all hands Milan Authentication and Authorisation.
Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.
Authentication and Authorisation for Research and Collaboration Milan, Italy Training and Outreach Authentication and Authorisation.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SPG future work EGI Technical Forum Lyon, 21 Sep 2011 David Kelsey, STFC/RAL.
Federated Identity Management for Scientific Collaborations The Common Vision David Kelsey (STFC) 3 Nov 2011.
Understanding deployment issues on the Supply Chain Ann Harding, SWITCH, Nicole Harris, TERENA Cambridge July 2014.
Networks ∙ Services ∙ People Ann Harding GÉANT Symposium, Vienna Users Session A3 Trust and Identity March GÉANT Activity Leader Trust.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting AARC and AARC2 Vienna, 1 st December.
David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.
Authentication and Authorisation for Research and Collaboration Heiko Hütter, Martin Haase, Peter Gietz, David Groep AARC 3 rd.
Authentication and Authorisation for Research and Collaboration Peter Solagna, Davide Vaghetti, et al. Topics for PY2 activities.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC CORBEL Workshop The AARC Project Paris, 31 May.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos David Groep 9 th FIM4R Meeting The AARC Project.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC f-2-f Meeting One Year of AARC Utrecht, 24 May.
Networks ∙ Services ∙ People TNC 2016, Prague Alice Through the Looking Glass Science DMZ goes above the network 13 June
Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.
Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.
Networks ∙ Services ∙ People Ann Harding Networkshop 44, Manchester Thinking globally, acting locally Trust and Identity in the GÉANT project.
Authentication and Authorisation for Research and Collaboration Brussels Training and Outreach Authentication and Authorisation.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Authentication and Authorisation for Research and Collaboration On behalf of the MJRA1.2 scribes J Jensen.
Security in the wider world David Kelsey (STFC-RAL) GridPP37 – Ambleside 2 Sep 2016.
SCI & Sirtfi David Kelsey (STFC-RAL) EGI Conference, Lisbon 19 May 2015.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014.
WLCG Update Hannah Short, CERN Computer Security.
David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017
Boosting AAI for research and collaboration
RCauth.eu CILogon-like service in EGI and the EOSC
The Policy Puzzle Many groups and (proposed) policies, but leaving many open issues AARC “NA3” is tackling a sub-set of these “Levels of Assurance” –
David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016
AAI Alignment Nicolas Liampotis (based on the work of Mikael Linden)
Boosting AAI for research and collaboration
Updates on Training Andrea Biancini (AARC2.AHM)2 NA2 WP leader
Towards hamonized policies and best practices
Frameworks for harmonized policies and practices
Policy in harmony: our best practice
Towards hamonized policies and best practices
Policy and Best Practice … in practice
Updated (VO) Community Security Policies
AARC Blueprint Architecture and Pilots
Supporting communities with harmonized policy
EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.
OIDC Federation for Infrastructures
RCauth.eu CILogon-like service in EGI and the EOSC
David Kelsey (STFC-RAL)
David Groep for the entire AARC Policy Team I2TechEX18 meeting
David Groep for the entire AARC Policy Team AARC2 AHM4 meeting
WISE, SCI & policy templates David Kelsey (STFC-RAL, UK Research and Innovation) FIM4R & TIIME, Vienna, 11 February 2019.
Presentation transcript:

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Utrecht NA3 Task 4 – Scalable Policy Negotiation SP/IdP Proxies and Policy Trust Framework 26 May 2016 STFC-RAL

2 Flow of attributes and trust – via SP/IdP Proxy Picture from Ann Harding (SWITCH) Attribute flow Trust flow

A framework which binds all IdPs, SPs and AAs together (within the Research Community) Enable the ID federations to trust the Proxy (and hence its community behind) To allow, encourage the release of attributes The federations only see the one Proxy as an SP Q: Why should the federations trust the Proxy? A: the Proxy needs to assert categories and assurance marks R&S Sirtfi Data Protection (CoCo) Develop a new assurance mark “This is a trust-worthy Proxy” And all SPs and AAs in the community are bound by a policy framework (but not registered in a federation) Allow downstream services to trust the Proxy Is this yet another assurance flag to be set in metadata? 3 Policy and Trust Framework – requirements and proposal

A Trust Framework for Security Collaboration among Infrastructures EGI, HBP, PRACE, EUDAT, CHAIN, WLCG and XSEDE Defined a policy framework build trust and develop policy standards for collaboration on operational security Was also used as basis for Sirtfi Sections in document Operational Security Incident Response Traceability Responsibilities of Users, Communities and Service Providers Legal issues, liability and management Data Protection 4 Build on earlier work of Security for Collaborating Infrastructures (SCI)

Start from SCI document (CC BY-NC-SA) Add new policy requirements E.g. behaviour of the Proxy and AA Remove topics not needed Reword existing topics to meet our needs Team already formed: Dave Kelsey, Mikael Linden, Ian Neilson, Hannah Short, Uros Stevanovic (and David Groep as WP leader) More welcome SCIV2-WG now active in WISE Can we merge SCI version 2, Sirtfi and this new framework? 5 Build a new Trust and Policy Framework

Security Networked-Community Trust-framework for Federated Identity Snctfi Sanctify - meaning: make legitimate or binding Synonyms for sanctify: Approve, endorse, permit, allow, authorise, legitimise, “free from sin” 6 Name? A proposal

Data Protection Federations need to trust the Proxy and downstream community SPs to handle personal data correctly See next talk by Ian Neilson 7 One very important component of the Framework

Thank you Any Questions? © GÉANT on behalf of the AARC project. The work leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No (AARC). 8

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.