IGTF Generalised Assurance comments by federation operators with a SAML background September 19-21, 2016 CERN, Geneva, CH.

Slides:



Advertisements
Similar presentations
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Advertisements

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – IGTF LoA generalisation David Groep Interoperable Global Trust Federation IGTF Documents at.
INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Chapter 10: Authentication Guide to Computer Network Security.
SWITCHaai Team Federated Identity Management.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.
IOTA Questions for RPs Sept 9, 2013 Bucharest, Romania.
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
Ning Zhang, the University of Manchester, UK David Groep, National Institute for Nuclear and High Energy Physics, NL Blair Dillaway, OGF Security Area.
Identity Assurance: When it Matters David L. Wasley Internet2 / InCommon.
IOTA Questions for RPs Sept 9, 2013 Bucharest, Romania.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Authentication and Authorisation for Research and Collaboration Mikael Linden AARC all hands Milan Authentication and Authorisation.
The UK Access Management Federation John Chapman Project Adviser – Becta.
IOTA AP Towards Differentiated Identity Assurance David Groep, Nikhef supported by the Netherlands e-Infrastructure and SURFsara.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.
Identity Federations: Here and Now David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Networks ∙ Services ∙ People Daniela Pöhn REFEDS EWTI, Vienna IdPs and Federations Service Aspects of Assurance SA5T1.
F8: Audit and Assurance. 2 Audit and Assurance Designed to give you knowledge and application of: Section A: Audit Framework and Regulation Section B:
David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.
Summary of Poznan EUGridPMA32 September EUGridPMA Poznan 2014 meeting – 2 David Groep – Welcome back at PSNC.
Authentication and Authorisation for Research and Collaboration Heiko Hütter, Martin Haase, Peter Gietz, David Groep AARC 3 rd.
On live video supported F2F May 9-11, 2016 Abingdon, Oxfordshire, UK.
CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland.
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
7/10/20161 Computer Security Protection in general purpose Operating Systems.
PRACE user authentication and vetting Vincent RIBAILLIER, 29 th EUGridPMA meeting, Bucharest, September 9 th, 2013.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014.
The IGTF to eduGAIN Bridge
WLCG Update Hannah Short, CERN Computer Security.
RCauth.eu CILogon-like service in EGI and the EOSC
The Policy Puzzle Many groups and (proposed) policies, but leaving many open issues AARC “NA3” is tackling a sub-set of these “Levels of Assurance” –
CHANGE CONTROL.
InCommon Participant Operating Practices: Friend or Foe?
AAI Alignment Nicolas Liampotis (based on the work of Mikael Linden)
Minimal Level of Assurance (LoA)
Policy in harmony: our best practice
Sustainability and Operational models
Towards an Initial LoA Baseline Assurance Profile?
Policy and Best Practice … in practice
Doug Bellows – Inteliquent 10/4/2018
PASSHE InCommon & Federated Identity Workshop
Update - Security Policies
AARC Blueprint Architecture and Pilots
Supporting communities with harmonized policy
EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.
InCommon Participant Operating Practices: Friend or Foe?
RCauth.eu CILogon-like service in EGI and the EOSC
Moving forward with assurance
Appropriate Access InCommon Identity Assurance Profiles
Technical Issues with Establishing Levels of Assurance
Computer Security Protection in general purpose Operating Systems
REFEDS Assurance WG REFEDS meeting 16 June 2019
Combined Assurance Model
REFEDS Assurance Suite
Presentation transcript:

IGTF Generalised Assurance comments by federation operators with a SAML background September 19-21, 2016 CERN, Geneva, CH

37 th EUGridPMA Abingdon – May David Groep – Assurance development Increased assurance interest  definition of a minimal ‘baseline’ across R&E  interest in re-using BIRCH for selected IdPs in R&E  ensure IGTF Assurance Profiles are really technology-agnostic

37 th EUGridPMA Abingdon – May David Groep – Baseline assurance: AARC result 1.The accounts in the Home Organisations must each belong to a known individual 2.Persistent user identifiers (i.e., no reassign of user identifiers) 3.Documented identity vetting procedures (not necessarily face-to-face) 4.Password authentication (with some good practices) 5.Departing user’s eduPersonAffiliation must change promptly 6.Self-assessment (supported with specific guidelines) AARC TNA3.1 “Baseline Assurance” by Mikael Linden et al.

37 th EUGridPMA Abingdon – May David Groep – IGTF BIRCH  Higher then base line assurance  Still feasible for a largish number of IdPs, for (a subset of) their users  Is different from ‘Kantara LoA2’ in terms of assessment, and independence of auditing  Proposed for InCommon by Jim

37 th EUGridPMA Abingdon – May David Groep – Discussing it with ‘SAML’ FedOps  whether it is to be applied per-Subject, per-IA, or what  Per-Subject is probably more successful (cf. David’s mail on the GEANT TCS success in Europe).  how trust is established, compliance attested  The standard SAML approach would be an Entity category attribute in SAML metadata + eduPersonAssurance attribute released for the qualifying users in the Authentication response.  role(s) of various actors in achieving and registering compliance, process in case a concern arises, etc  I think the IGTF experience on peer-audits could be useful, supported by the self-assessment tool the SIRTFI and LoA people are developing [1].  adapting to non-PKI credential types  That is something I’m wondering as well. The BIRCH definition[2] for sections 4.5 and 4.6 Credential strength and validity tastes like a certificate, and in the SAML-based federations I would expect 2-factor authentication to be carried out somehow else (e.g. a smartphone app).

37 th EUGridPMA Abingdon – May David Groep – Trying to explain intent of BIRCH in 4.5 and 4.6’ (at least in my understanding … ) The issued credential must be protected …  would translate into protecting the passwords your database with a good cryptographic hash (the 8-character crypt(3) DES hash would not suffice ;-) Credentials and [] transport channels [.] must be appropriately protected with [] 112 bits (symmetric).  you should send passwords only over encrypted channels (not in plain text), and they are hashed in the password database in a salted way. Credential life time should be no more than 400 days if the credential is stored in a file and is further protected with a single authentication factor [strange indeed]  interpret as the requirement for password aging (expiry) with the user having to choose a new strong password at least every 400 days. the single factor here is obviously knowledge

37 th EUGridPMA Abingdon – May David Groep – More statements that appear PKIish to SAML federations 3.2 Identifier Assignment The name elements contained in the issued credential must be sufficient to uniquely identify an individual entity. The identifier for human entities should contain an appropriate presentation of the actual name of the entity. 4.6 Credential validity The IA should provide for mechanisms to determine validity of an issued credential at the applicable point in time. 4.7 Identification of credentialing policies The credentialing policies used must be identifiable by relying parties. I can imagine how these might be adapted, just noting that they appear to be statements that pertain to a PKI context.

37 th EUGridPMA Abingdon – May David Groep – Judgement calls are apparently hard  Unrelated to adapting to non-PKI credentials, statements such as they following caused many problems in with Silver and Bronze because of their vagueness. I agree that good practice arises by using good judgment guided by such statements, but it seems that is not the only perspective held by IT professionals, many of whom are uncomfortable using judgment in this manner. Here's an example: 4.4 IT systems security Systems used by the IA must be located in a secure environment where access is controlled and limited to specific trained personnel. IA service systems must be dedicated machines[.] Any virtualization techniques employed (including the hosting environment) must not degrade the context as compared to any secured physical setup.  For example, is "secure environment" defined by the phrase "access is controlled and limited to specific trained personnel", or is something else being asked for? does "dedicated virtual environment" mean that a completely separate VMware (say) instance is required, ie, separate ESX boxes, control instance, etc. And what does "degrade the context" refer to? If not specified, it might lead to people rejecting virtual because of minor performance lost to hypervisor overhead.

37 th EUGridPMA Abingdon – May David Groep – Evolving the document …

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.