Policy in harmony: our best practice

Slides:



Advertisements
Similar presentations
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Advertisements

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Authentication and Authorisation for Research and Collaboration Mikael Linden AARC all hands Milan Authentication and Authorisation.
Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.
David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Utrecht NA3 Task 4 – Scalable Policy Negotiation.
IGTF in 10 years enabling the interoperable global trust federation Nikhef, Amsterdam supported the Dutch national e-Infrastructure funded and coordinated.
SCI & Sirtfi David Kelsey (STFC-RAL) EGI Conference, Lisbon 19 May 2015.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014.
Building Trust for Research and Collaboration
Introduction to AAI Services
David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017
Boosting AAI for research and collaboration
RCauth.eu CILogon-like service in EGI and the EOSC
Cross-sector and user-centric AAI
The Policy Puzzle Many groups and (proposed) policies, but leaving many open issues AARC “NA3” is tackling a sub-set of these “Levels of Assurance” –
LoA Policy Harmonisation and Best Practices
EGI Updates Check-in Matthew Viljoen – EGI Foundation
AARC Update What’s been happening in AARC which matters for GÉANT
User Community Driven Development in Trust and Identity
Policy and Best Practices … the Story So Far
eduTEAMS platform for collaboration Niels Van Dijk
Policy and Best Practice Harmonisation
David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016
AARC Strategy and Approach
Policy and Best Practices … the Story So Far
CheckIn: the AAI platform for EGI
AAI Alignment Nicolas Liampotis (based on the work of Mikael Linden)
Boosting AAI for research and collaboration
Incident Response Hannah Short Sirtfi and Beyond
Incident Response for Federated Identities
Updates on Training Andrea Biancini (AARC2.AHM)2 NA2 WP leader
Federated Identity Management for Scientific Collaborations
Bringing Harmonized Policy and Best Practice
Towards hamonized policies and best practices
The AARC Project Licia Florio (GÉANT) Christos Kanellopoulos (GRNET)
The AARC Project Licia Florio AARC Coordinator GÉANT
LoA Policy Harmonisation and Best Practices
Minimal Level of Assurance (LoA)
GÉANT 4-2 JRA3 T1 and T2 Federations and Campus (CaFe) e-Infrastructures and Service Providers (RASP) Daniela Pöhn JRA3 T1 LRZ/DFN-AAI Technology Exchange.
Frameworks for harmonized policies and practices
Policy and Best Practice Harmonisation (‘NA3’)
Leveraging the IGTF authentication fabric for research
Leveraging the IGTF authentication fabric for research
Towards hamonized policies and best practices
Policy and Best Practice … in practice
WP3: Policy and Best Practice Harmonisation
AARC Athens AHM meeting – NA3 session
Meeting summary Licia Florio
Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)
Updated (VO) Community Security Policies
AARC Blueprint Architecture and Pilots
Supporting communities with harmonized policy
EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.
OIDC Federation for Infrastructures
AARC2 JRA1 Update Nicolas Liampotis
RCauth.eu CILogon-like service in EGI and the EOSC
WP3: Policy and Best Practice Harmonisation
David Groep for the entire AARC Policy Team I2TechEX18 meeting
GÉANT 4-2 JRA3 Daniela Pöhn JRA3 T1 LRZ/DFN-AAI
David Groep for the entire AARC Policy Team AARC2 AHM4 meeting
Tom Barton (WG Chair) University of Chicago and Internet2
Baseline Expectations for Trust in Federation
Federated Incident Response
WISE, SCI & policy templates David Kelsey (STFC-RAL, UK Research and Innovation) FIM4R & TIIME, Vienna, 11 February 2019.
REFEDS Assurance Suite
Presentation transcript:

Policy in harmony: our best practice A Kit List for Communities David Groep NA3 Coordinator Dutch National Institute for Subatomic Physics Nikhef AARC2 AHM3 Athens meeting April 2018

A tour of the policy space in AARC2 Operational Security for FIM Communities supporting policies for Infrastructures bulk model 167 entities Baseline Assurance known individual Password authenticator Documented vetting Persistent identifiers Self-assessment Fresh status attribute few unalienable expectations by research and collaborative services ‘low-risk’ use cases generic e-Infrastructure services access to common compute and data services that do not hold sensitive personal data protection of sensitive resources access to data of real people, where positive ID of researchers and 2-factor authentication is needed Slice includes: assumed ID vetting ‘Kantara LoA2’, ‘eIDAS low’, or ‘IGTF BIRCH’ Affiliation freshness better than 1 month Good entropy passwords Verified ID vetting ‘eIDAS substantial’, ‘Kantara LoA3’ Multi-factor authenticator support for Researchers & Community Engagement and Harmonisation 2

Improving operational security readiness for FIM (“T1”) Define & test model for organizations (IdP) to share info on account compromises Attribute authority operations (security) practices Access control, integrity and availability of IdP-SP-Proxies Detect, connect, mitigate 243 IdPs now support Sirtfi and 65 SPs and proxies What happens when you try the model? How does this work when you involve community AAs? How can Sirtfi protect the communities and proxies? Hannah Short: before coffee

Impact of GDPR and risk assessment guidance Service-centric policy support: ‘helping out’ the Infrastructures (“T2”) Develop traceability and accounting data-collection policy framework based on SCI e.g. why SCI & peer review may more appropriate than trying 27k and audits for Infrastructures? construct (‘service’ part of) a Policy Development Kit for Infrastructures Impact of GDPR and risk assessment guidance Protection of aggregations of accounting data by (user) communities Policy recommendations accompanying technical ‘JRA1’ recommendations Uros Stevanovic: after coffee

Researcher-centric policy support (“T3”) Recommendations for baseline “policy profiles” for FIM Communities & Infrastructures for users, communities, identity providers: reducing “policy silos” hindering interoperation commonality between acceptable use policies through assurance profiles support community management, also to ease use of the generic e-Infrastructures can you support trustworthy community operations? How should a community collaborate in the Infra ecosystem, now that we have very ‘powerful’ communities? Mikael & Jule: Assurance after Coffees Ian Neilson: after coffee

Policy guidance: generic and community-targeted

Engagement and coordination with the global FIM community (“T4”) Develop Adopt Through WISE/SCI REFEDS IGTF … and all willing policy & CSIRT groups In your Community, use Persistent, non-reassigned identifiers Snctfi Trusted Community Attributes Self-assessment and peer review methods Snctfi Scalable Negotiator for a Community Trust Framework in Federated Infrastructures Derived from SCI, the framework on Security for Collaboration among Infrastructures Structure for the wider policy development kit AEGIS AARC Engagement & FIM4R help us progress by adopting results assessment of SCIv2 Dave Kelsey: FIM4R before coffee

We will need your input today … and thereafter! Operational Security and Incident Response Beyond Sirtfi, involving the proxies and proxy operators: we need volunteers to try (& ‘buy’) Cross-domain trust groups spanning Infrastructures & eduGAIN Support Desk to aid resolution Service-centric policies Community Risk Assessment, GDPR, and TF-DPR impact on accounting (and your use cases!) Policy framework: what do you need in a policy development kit for Infrastructures? e-Researcher-Centric Policies Assurance profiles: exchanging information between Infrastructures and the ‘Snctfi’ scenario Align practices for community policies, and a baseline AUP Policy Development Engagement and Coordination Policy development and engagement ‘kit’ – via existing groups, and trainings, WISE, IGTF, and FIM4R Targeted guidance for (AARC) use cases and communities – ‘/guidelines’

Best Practice session 10:00-11:00 10.00 Introduction to the NA3 activities (DavidG) 10.15 Operational Security: the Sirtfi Challenge (Hannah) 10.35 FIM4R and the FIM4R Paper (DaveK) 11:00-11:30 Break 11:30- 13:00 11.30 REFEDS Assurance evolution (Mikael, Jule) 11.45 Data Protection and Risk Assessment for communities (Uros) and input from the AARC use cases (Uros) 12.15 Acceptable Use Policy alignment study and towards a basic AUP (IanN) 12.35 Policy Development Kit: supporting communities with template policies (Hannah, Uros)

davidg@nikhef.nl

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.