Cross-sector and user-centric AAI

Slides:

Advertisements

Similar presentations

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM( final) {SWD(2012)

Advertisements

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

CEF Building Blocks Joao RODRIGUES FRADE

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.

Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION STORK Presentation Lithuania March 2010.

Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

Identity Federation Policy Marina Vermezović, AMRES Federated Identity Technology Workshop Sofia, Bulgaria, 20. Jun 2014.

Supporting Are we ready? REFEDS, Oct 2013 Ann Harding

Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

The German eID and eIDAS

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.

eIDAS: current state of play and the Luxembourgish approach

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

NREN Trust and Identity Strategy Ann Harding, SWITCH Cambridge July 2014.

Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team

Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.

19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.

Networks ∙ Services ∙ People Nicole Harris UK federation meeting eduGAIN, REFEDS and the UK 23 June 2015 Project Development Officer GÉANT.

Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,

Facing the challenge of relevance Erwin Bleumink 4 June 2013 TNC13.

European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Connect communicate collaborate Case Studies in Federated Identity Management for Research Communities Ann Harding, SWITCH/GN3plus Peter Gietz, DAASI International.

David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION Frank LEYMAN Manager International Relations 04/06/2009.

Networks ∙ Services ∙ People Marina Adomeit TNC16 Conference, Prague Towards a platform for supporting collaboration GÉANT VOPaaS

Networks ∙ Services ∙ People Ann Harding Networkshop 44, Manchester Thinking globally, acting locally Trust and Identity in the GÉANT project.

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

Networks ∙ Services ∙ People Mandeep Saini AARC/CORBEL Workshop Collaborative Organisation Platform as a Service June 1, 2016, Paris Product.

Central Application s Office NISpVU2 and eID Mirko Stanić.

Networks ∙ Services ∙ People Di4R Network. Services. People. GÉANT 28 th September, Krakow.

Building Trust for Research and Collaboration

Introduction to AAI Services

Boosting AAI for research and collaboration

TrustTech - Task Overview (GN4-2 JRA3-T3)

The Policy Puzzle Many groups and (proposed) policies, but leaving many open issues AARC “NA3” is tackling a sub-set of these “Levels of Assurance” –

EGI Updates Check-in Matthew Viljoen – EGI Foundation

AARC Update What’s been happening in AARC which matters for GÉANT

User Community Driven Development in Trust and Identity

Bring the WLCG federation Home

eduTEAMS platform for collaboration Niels Van Dijk

eduTEAMS – Current status & Future Plans

Géant-TrustBroker Dynamic inter-federation identity management

AAI Alignment Nicolas Liampotis (based on the work of Mikael Linden)

Boosting AAI for research and collaboration

ELIXIR Safeguarding the results of life science research in Europe

Minimal Level of Assurance (LoA)

GÉANT project update eduTEAMS - AAI as a Service for Collaborative organisations Introduction Status Pilots New Features – input requested InAcademia –

Policy in harmony: our best practice

Why eIDAS? eID under eIDAS compliance

CEF eID SMO The use of eID in eHealth

AAI For Researchers Licia Florio AARC Project Coordinator GÉANT DI4R

AARC Blueprint Architecture and Pilots

Supporting communities with harmonized policy

AARC2 JRA1 Update Nicolas Liampotis

Dashboard eHealth services: actual mockup

Community AAI with Check-In

Website authentication E-registered delivery

E-identities (and e-signatures)

Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS.

eIDAS-enabled Student Mobility

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

Cross-sector and user-centric AAI Expanding federations beyond R&E Maarten Kremers Task Leader Trust and Identity Technology Development, GN4-2 Project Technical Product Manager, SURFnet, The Netherlands Internet2 Technology Exchange 2016 26th September 2016

Going cross-sector and user-centric Collaboration is worldwide & cross-sector Authentication and Authorisation Infrastructure (AAI) services will be deployed to cope with the challenges of access to networks and their connected services. These developments include: Global and cross-sector, interfederated AAI service provision for the whole of the European R&E community and potentially, the rest of the world. GÉANT Strategy2020

Going Cross-sector with GovID’s The eIDAS Regulation: ensures that people and businesses can use their own national electronic identification schemes (eIDs) to access public services in other EU countries where eIDs are available, creates an European internal market for eTS - namely electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication - by ensuring that they will work across borders and have the same legal status as traditional paper based processes. Only by providing certainty on the legal validity of all these services, businesses and citizens will use the digital interactions as their natural way of interaction. The Regulation (EU) N°910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation)

Going Cross-sector with GovID’s STORK STORK 2.0 eIDAS STORK 2.0 / eIDAS ≠ SAML2int (eduGAIN)

Use Cases & PoC Use case 1: A user with a STORK eID accesses a service provided by an SP in one of the eduGAIN Federations. Use case 2: A user with an account on an IdP in one of the eduGAIN Federations accesses a service provided by STORK in one of the STORK enabled member states.

Use Cases & PoC STORK/eIDAS : 1 node per country, full mesh between nodes

Use Cases & PoC eduPEPS: the development of a proxy element: * Situated between a STORK federation and an eduGAIN federation * Providing a trusted entity for both the STORK and the eduGAIN federations. * Acts as a protocol translation bridge PoC worked out well Deployment options: 1 proxy per country ? 1 proxy for eduGAiN ?

Next Steps Redevelopment of the eduPEPS proxy STORK 2.0 eIDAS

Next Steps Pilots with several eIDAS eIDs Technical requirements for interfederations Mapping assurance levels eIDAS eIDs to login to eduGAIN service Use of eIDAS for higher level of Assurance Combining eID assertions and university attributes

REFEDS blogpost interoperability https://refeds.org/a/1257 More information REFEDS blogpost interoperability https://refeds.org/a/1257

User-centric The EduKEEP architecture aims at transforming current Identity Federations to provide a user-centric approach for managing digital identities, that will bring user experience and simplicity of use at the heart of its processes

Starting Points User-Centric Identity Management Model Split Authentication and Authorisation (Attributes, Groups, Entitlements) Persistent Digital Identity: Same ‘identifier’ over time Longevity Make the identity reusable instead of the the lifetime of a specific role  Attributes will changes over time for one identity (e.g. affiliation) Inclusiveness To include individuals who are not (currently) affiliated with an organisation

Starting Points User-Centric Identity Management Model Low and high quality identities: To lower the entry burden for individuals accessing resources without high demands on quality  self-asserted basic attributes increase quality as needed  Enrich the identity with institutional attributes, increase LoA via vetting procedures Possibly build on eGov / eIDAS / BankID initiatives Service Provider can be a university, VO, Third Party, Cross-Sector

More information High Level Architecture document https://wiki.geant.org/display/gn41jra3/Task+1+- +Attributes+and+Authorisations

Best Practices for User Centric Federated Identity Next Steps Best Practices for User Centric Federated Identity What’s out there, Architecture, Policy, Interfederation Pilots

Next Steps https://wiki.geant.org/display/gn42jra3/T3.1B+User- centric+identity+federation

Maarten Kremers maarten.kremers@surfnet.nl