TrustTech - Task Overview (GN4-2 JRA3-T3)

Slides:

Advertisements

Similar presentations

The European Activities of BR Communication e-CODEX e-Justice Communication via Online Data Exchange Bucharest, June 14 th 2013.

Advertisements

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.

The importance of being ERIC Developments in cross-European data sharing.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

C ross-European data sharing made easy EDAF Luxembourg.

Connect communicate collaborate GÉANT3plus Enabling Users Pilots Lukas Hämmerle Task Leader "Enabling Users"

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI CF, FIM workshop 11 Apr 2013.

Géant-TrustBroker project overview Slides assembled by the Géant-TrustBroker team at Leibniz Supercomputing Centre, Germany for a short presentation by.

Géant-TrustBroker Project Overview Daniela Pöhn 7 th FIM4R meeting Frascati, Italy April 24 th, 2014.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.

NREN Trust and Identity Strategy Ann Harding, SWITCH Cambridge July 2014.

Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team

Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.

Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,

Networks ∙ Services ∙ People Ann Harding eduGAIN Town Hall eduGAIN in the GÉANT Project Activity Leader GÉANT Trust and Identity.

Connect communicate collaborate Case Studies in Federated Identity Management for Research Communities Ann Harding, SWITCH/GN3plus Peter Gietz, DAASI International.

David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Authentication and Authorisation for Research and Collaboration Heiko Hütter, Martin Haase, Peter Gietz, David Groep AARC 3 rd.

Networks ∙ Services ∙ People Marina Adomeit TNC16 Conference, Prague Towards a platform for supporting collaboration GÉANT VOPaaS

Networks ∙ Services ∙ People Mandeep Saini AARC/CORBEL Workshop Collaborative Organisation Platform as a Service June 1, 2016, Paris Product.

Single Euro Payments Area (SEPA) Nicoletta Stella (Market Infrastructures)

Introduction to AAI Services

CALIPSOplus JRA2 Kickoff: Task 6 – Authentication + Identity

CES Road Map on statistics for SDGs

The Future Digital Identity Landscape in Europe Stefane Mouille/Detlef Houdeau World eID Congress, 27th of Sep. 2017, Marseille, France.

Boosting AAI for research and collaboration

ESA EO Federated Identity Management Activities

Cross-sector and user-centric AAI

Authentication and Authorisation for Research and Collaboration

Update from the Faster Payments Task Force

EGI Updates Check-in Matthew Viljoen – EGI Foundation

AARC Update What’s been happening in AARC which matters for GÉANT

User Community Driven Development in Trust and Identity

eduTEAMS platform for collaboration Niels Van Dijk

Wrap up Licia Florio AARC Coordinator

Identity Federations - Overview

AARC Strategy and Approach

AAI Alignment Nicolas Liampotis (based on the work of Mikael Linden)

OpenID Connect Identity Federations at lightning speed

An AAI solution for collaborations at scale

Boosting AAI for research and collaboration

Updates on Training Andrea Biancini (AARC2.AHM)2 NA2 WP leader

Minimal Level of Assurance (LoA)

GÉANT 4-2 JRA3 T1 and T2 Federations and Campus (CaFe) e-Infrastructures and Service Providers (RASP) Daniela Pöhn JRA3 T1 LRZ/DFN-AAI Technology Exchange.

Policy in harmony: our best practice

ESA Single Sign On (SSO) and Federated Identity Management

Sustainability and Operational models

Policy and Best Practice … in practice

EduTEAMS at a Glance Mandeep Saini Linz, Austria 30 May 2017.

OIDC Federation for Infrastructures

Multi-Domain User Applications Research (JRA3)

AARC Blueprint Architecture and Pilots

OIDC Federation for Infrastructures

AARC2 JRA1 Update Nicolas Liampotis

AAI Architectures – current and future

Björn Erik Abt :: Paul Scherrer Institut

Single Sign-On (SSO) Authentication

Community AAI with Check-In

NATIONAL STRATEGIES FOR IMPLEMENTING THE

Mr Sanopoulos Dimitrios

THE FRENCH DIVERSITY CHARTER: A SUCCESSFUL STORY

Authentication and Authorisation for Research and Collaboration

eIDAS-enabled Student Mobility

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Umbrella ID Federated Identity for PaN facilities

Presentation transcript:

TrustTech - Task Overview (GN4-2 JRA3-T3) Next-Gen T&I Technology Development Maarten Kremers (SURFnet) Tasklead TrustTech JRA3 Kick-off Zürich, July 2016

Next Generation T&I Technology Development Introduction Next Generation T&I Technology Development “This Task integrates developments that go beyond or significantly disrupt the current models, technologies or approaches to trust and identity that are in operation in the eduGAIN platform.” “It aims to widen the engagement of federated identity approaches to other sectors, including e-Government and potential social identity providers, allowing greater engagement by individuals and citizen scientists in research.”

173 ManMonths / 14,4 ManYear / 5,4 FTE per Year TrustTech People 24 persons 173 ManMonths / 14,4 ManYear / 5,4 FTE per Year People from: Austria, Czech Republic, Estonia, Finland, Germany, Greece, Ireland, Italy, Moldova, Norway, Spain, Sweden, Switzerland & The Netherlands

SubTasks T3.1 Federated identity, the next generation Carry out development based on OpenID Connect (OIDC), specifically for extending the standard to make OIDC “federation and interfederation capable” (i.e. OIDC metadata, discovery, etc.), including engaging with and contributing to the IETF and developing a potential OIDC profile for eduGAIN. Making OpenID Connect work for federations (Based on proposal Roland, Rebecka & others) Standardize claims (REFEDS OIDCre workgroup) Reference implementation Specify OpenID Connect profile for eduGAIN Pilot, pilot, pilot Much interest in this topic, but standarization be a time consuming process

SubTasks T3.1 Federated identity, the next generation Develop user-centric identity federation: user-managed access. Engage with federations on the principle of user-managed access, not only technically, but also reflecting the principle that the user is the resource owner and should therefore be in control of their own “data”. Develop pilots based on eduKEEP- and eduID-like approaches, currently at TRL 6–8 in various national developments, to enhance to scale for international interoperability. Best Current Practice for User centric Identity Federation based on reference architecture, policy/legal framework and interfed recommendations (prescriptive) and the overview of current activities in eduID-like approaches (descriptive) Pilot Advanced aspects? Migration path? : Great to have but complicated.

SubTasks T3.2 Two-factor authentication in eduGAIN Develop procedures/metadata profiles for including two-factor support in eduGAIN. NOTE: not two-factor / MFA service itself. Building on on top of / reusing the work from the Incommon MFA WG

SubTasks T3.3 Services to support mobile federated identity GN3plus and GN4-1 delivered research into technical facilities to support non-web use cases for rich client applications and mobile devices (using OpenID Connect and Moonshot). Service options for integrating these results in a service context for GÉANT will be developed, integrated into the harmonisation framework and piloted with eduGAIN to attain TRL 8. MoonShot enhancements (Portal) SDK for platforms to have safe federated login OpenID Connect, mobile and federation Goal is clear (added value service for eduGAIN), exact path to be determined.

SubTasks T3.4 Cross-sector interoperability (eduGAIN) Identify and pilot methods to organise and incorporate eIDAS and social identities with eduGAIN. Collaborate with Task 2, since interoperability with government eID/eIDAS may also facilitate step-up assurance, and social identity may provide coverage for some homeless users (i.e. users without an account within a R&E federation). AARC results will be examined for adoption as they become available. Update of eduPEPS (eIDAS to eduGAIN proxy) Recommendations for business model Pilot Step-up assurance service based on eIDAS (?), in collaboration with task 2 (RASP), based on recommendations of AARC. To be determined in due time. Social ID proxy service, satosa development? Too early to determine now.

Formal Milestones and Deliverables Deliverable D9.3: Best Practice for User Centric Federated Identity Due M18 - 31 October 2017 Milestone M9.8: User Centric Federated Identity Business Case Due M30 - 31 October 2018

Division of Work

Dependencies Inside GN4-2 With JRA3 - task 2 (RASP) : Step-up / assurance based on a cross-sector federation (eIDAS) JRA3 and SA2 in general With AARC Step-up / assurance based on a cross-sector federation (eIDAS Others / Stakeholders (short list) REFEDS (especially OIDCre WG) eduGAIN OpenID Connect standardization people eIDAS And of course: Federations, Institutions and our Users !!

More information Wiki: https://wiki.geant.org/display/gn42jra3/Task+3%3A+Next+Generation+Trust+and+Identity+Technology+Development+-+TrustTech Email: trusttech@lists.geant.org

maarten.kremers@surfnet.nl