Identity & Access Management InCommon Research and Scholarship

Slides:

Advertisements

Similar presentations

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

Advertisements

Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Federated Identity for Scientific Collaborations: Policy Issues Jim Basney 2 nd Workshop on Federated Identity Systems for Scientific.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

REFEDS RESEARCH AND EDUCATION (R&S) ENTITY CATEGORY NICOLE HARRIS.

Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

SWITCHaai Team Federated Identity Management.

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Identity and Access Management PM COP Forum May 20, 2014Tuesday10100 AMLamont Library.

Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.

Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.

InCommon as Infrastructure: How Recommended Practices and Federation Features Help Scale Federated Identity Management Michael R. Gettes, Carnegie Mellon.

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Stuff, including interfederation stuff Dr Ken Klingenstein, Director, Middleware and Security, Internet2.

Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Identity Management Practical Issues Associated with Sharing Federated Services William A. Weems The University of Texas Health Science Center at Houston.

University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.

Towards a Unified Authentication, Authorisation and Accounting Infrastructure Patrick Kirk Chief Technical Officer (YHGfL) Lifelong Learning Infrastructure.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Is Federation Putting you at Risk? Presenter: Dan Dagnall – Chief Operating Officer, Fischer International Identity, LLC.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Understanding deployment issues on the Supply Chain Ann Harding, SWITCH, Nicole Harris, TERENA Cambridge July 2014.

IAM VISION OUR CREATIVE INSPIRATION IAM STRATEGY & ROADMAP TEAM JUNE 3, 2015.

1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)

Progress Report on the U.S. NSTIC Efforts Jack Suess – Delegate for Research, Development, Education & Innovation

Networks ∙ Services ∙ People Ann Harding Networkshop 44, Manchester Thinking globally, acting locally Trust and Identity in the GÉANT project.

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

© 2011 The University of Chicago Organizational Grouping, or Some New Authority & Risk Issues In Absentia: RL "Bob" Morgan, Kevin Morooney, Michael Gettes.

Makerere University Outreach Workshop. Stakeholder Theory – Broad Context  An entity, person, group, neighborhood, organization, institution, societies.

Innovation through participation Data Protection Code of Conduct (DP CoC) TNC2013 conference, 4 June 2013 Mikael Linden, CSC – IT Center for Science

Trust Profiling for Adaptive Trust Negotiation

CoCo and R&S in the UK federation

Linda J. Sax, Professor, GSEIS/UCLA

CIO Council Update Research Computing James Cuff Assistant Dean for Research Computing Jan 11th 2016 Monday 2:25-2:50p Gund Hall 522.

The Policy Puzzle Many groups and (proposed) policies, but leaving many open issues AARC “NA3” is tackling a sub-set of these “Levels of Assurance” –

Use case: Federated Identity for Education (Feide)

Innovative Solutions from Internet2

SciVal & SciVal Funding Quick Guide

Housing with Services Portland, Oregon

CIO Council User Experience Strategic Initiative Update

Research Administrators Open Forum E-Verify Requirements in Federal Contracts SPA/Human Resources Harvard Medical School December 8, 2017.

AARC2 JRA1 Nicolas Liampotis

Minimal Level of Assurance (LoA)

GÉANT 4-2 JRA3 T1 and T2 Federations and Campus (CaFe) e-Infrastructures and Service Providers (RASP) Daniela Pöhn JRA3 T1 LRZ/DFN-AAI Technology Exchange.

President’s Administrative Innovation Fund: Connecting IT Subject Matter Expertise CIO Council Update

CIO Council Update: HarvardKey

AAHRPP Accreditation Welcome to the University of Georgia’s presentation for accreditation of the human research protection program (HRPP). This presentation.

Frameworks for harmonized policies and practices

Identity and Access Management Program Update CIO Council Update

Green IT CIO Council Update

Policy and Best Practice … in practice

A Business Case for Identity Management in Higher Education

IITG Review Process First Stage: Peer Review

PASSHE InCommon & Federated Identity Workshop

Registrars are a Barrier to Collaboration: Truth or CIO Pretext?

Certified Healthy Congregations

Supporting communities with harmonized policy

Collaboration Is Our Future

Community AAI with Check-In

Appropriate Access InCommon Identity Assurance Profiles

Shibboleth 2.0 IdP Training: Introduction

Office of Research Integrity and Protections

Baseline Expectations for Trust in Federation

Presentation transcript:

Identity & Access Management InCommon Research and Scholarship August 7, 2017 CIO Council 2:00 p.m. Smith Center, 561

Meeting Purpose and Intended Outcomes To discuss whether Harvard should decide to become an InCommon Research and Scholarship institution Intended Outcomes Recommendation from the CIO Council

Opportunity Harvard is already federated with InCommon as an Identity Provider (IdP) By deciding to also identify as an Research and Scholarship institution (R&S), Harvard can simplify access for Harvard scholars to other applications that are federated as R&S services. What it means: Minimal work by IAM to release Name, Email, Institutional Affiliation and Unique Identifier (EPPN) by default to any R&S Service providers What it gets us: Scholars instantly access participating services using campus credentials without administrator involvement Eliminates the overhead of reviewing whether to federate with these providers on a case by case basis

Use Case: Access Other Institutions using InCommon R&S

Harvard Use Case IQSS wants Harvard to be R&S The Dataverse Project Benefit: Dataverse can be opened up to the world Sponsors of the R&S Request: Merce Crosas James Cuff

Harvard’s Decision CIO Council is being consulted to confirm releasing this limited set of data by default to InCommon certified R&S institutions is acceptable. Potential Risk Discussion/Mitigation Harvard releases data to applications that it has not personally vetted Data are not sensitive; tend to be exchanged by researchers already, or be public If FERPA block exists, we need user consent No attribute release to R&S for anyone with FERPA (Common practice in H.E.) It is not crystal clear what the InCommon certification process entails; we must trust their process Review who else is participating Users would not realize their data are being released Provide outreach and communication through Schools and departments, describing the benefits

Here’s How InCommon Describes Value Proposition: “The immediate and most tangible benefit is that researchers and scholars on campuses that support R&S may seamlessly access a growing list of R&S services without friction or administrator involvement. In other words, the end result may be characterized as: Federation for Research and Scholarship that Just Works. Many potential R&S services choose not to federate because IdP support for R&S across our campuses is spotty and uneven. We expect a threshold number of campuses to cause a "Cambrian Explosion" of valuable R&S services to appear in the InCommon Federation, which will spur collaboration and research in the US. Continuing our participatory role in the global R&E community, InCommon has introduced an international version of the Research & Scholarship Service Category to the REFEDS community, which requires broad support from InCommon participants to be successful.”

Discussion and Close For research community there is a sense of urgency to move towards this model The approach (of case by case) is simply not scalable to the thousands of campus IdPs and thousands of SPs supporting research and scholarship that InCommon anticipates in the future. List of institutions who are R&S Identity Providers: https://incommon.org/federation/info/all-entity-categories.html#IdPs Service Providers: https://incommon.org/federation/info/all-entity-categories.html#SPs

Thank you!