REFEDS Assurance Framework

Slides:

Advertisements

Similar presentations

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Advertisements

Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) FIM for research collaboration workshop Mikael Linden,

David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – IGTF LoA generalisation David Groep Interoperable Global Trust Federation IGTF Documents at.

Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.

EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.

Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.

Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.

Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.

STANDARDS COORDINATION COMMITTEE PLENARY BREAKOUT 18 SEPTEMBER 2014 Interoperability Requirements.

Campus Identity Management Requirements (=IAP) REFEDs meeting Mikael Linden,

Kalmar Union lessons: Findings in federation harmonisation REFEDS Mikael Linden, CSC.

GFIPM FICAM Status Update GFIPM Delivery Team Meeting November 2011.

Federations round table Haka federation of Finland EuroCAMP Mikael Linden CSC, the Finnish IT Center for Science.

Innovation through participation eduGAIN interfederation service for research and education Cern FedID workshop in RAL, UK 2-3 Nov 2011 Mikael Linden,

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.

AuEduPerson Schema Schema Derived from: - eduPerson - person [RFC 4517, RFC 4519] - organizationalPerson [RFC 4517, RFC 4519] - inetOrgPerson [RFC 2798]

Federations, the Data Protection Directive and WP29 TF-EMC2 Mikael Linden, CSC, the Finnish IT Center for Science.

Authentication and Authorisation for Research and Collaboration Mikael Linden AARC all hands Milan Authentication and Authorisation.

Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

Innovation through participation EduGAIN policy (working draft) Status update REFEDs 30th May 2010

Authentication and Authorisation for Research and Collaboration Taipei Taiwan Authentication and Authorisation for Research and.

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos David Groep 9 th FIM4R Meeting The AARC Project.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Utrecht NA3 Task 4 – Scalable Policy Negotiation.

EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.

ELIXIR AAI Michal Procházka, Mikael Linden, EGI VC 15 March 2016.

IGTF Generalised Assurance comments by federation operators with a SAML background September 19-21, 2016 CERN, Geneva, CH.

Innovation through participation Data Protection Code of Conduct (DP CoC) TNC2013 conference, 4 June 2013 Mikael Linden, CSC – IT Center for Science

Building Trust for Research and Collaboration

J Jensen, STFC Chief Soapbox Officer 23 May 2017

The Policy Puzzle Many groups and (proposed) policies, but leaving many open issues AARC “NA3” is tackling a sub-set of these “Levels of Assurance” –

LoA Policy Harmonisation and Best Practices

EGI Updates Check-in Matthew Viljoen – EGI Foundation

AARC Update What’s been happening in AARC which matters for GÉANT

User Community Driven Development in Trust and Identity

University of Stuttgart University of Murcia

InCommon Steward Program: Community Review

TF-EMC2 meeting Mikael Linden,

AAI Alignment Nicolas Liampotis (based on the work of Mikael Linden)

Towards hamonized policies and best practices

LoA Policy Harmonisation and Best Practices

Minimal Level of Assurance (LoA)

Frameworks for harmonized policies and practices

Policy in harmony: our best practice

Policy and Best Practice Harmonisation (‘NA3’)

AARC what’s next? Licia Florio

Towards an Initial LoA Baseline Assurance Profile?

Towards hamonized policies and best practices

Policy and Best Practice … in practice

Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)

AAI For Researchers Licia Florio AARC Project Coordinator GÉANT DI4R

Supporting communities with harmonized policy

AAI Architectures – current and future

WP3: Policy and Best Practice Harmonisation

Vocational Education and Training SERBIA

David Groep for the entire AARC Policy Team I2TechEX18 meeting

Community AAI with Check-In

GÉANT 4-2 JRA3 Daniela Pöhn JRA3 T1 LRZ/DFN-AAI

David Groep for the entire AARC Policy Team AARC2 AHM4 meeting

Appropriate Access InCommon Identity Assurance Profiles

JRA1: Integrated AAI Developments

REFEDS Assurance WG REFEDS meeting 16 June 2019

Combined Assurance Model

GEANT Data protection Code of Conduct 2.0 REFEDS meeting 16 June 2019

REFEDS Assurance Suite

Presentation transcript:

REFEDS Assurance Framework AARC2 AHM 21-23 Nov 2017 Mikael Linden, REFEDS assurance wg chair mikael.linden@csc.fi

Short history 11/2015 AARC publishes minimal LoA requirements for low-risk research 6/2016 REFEDS establishes the Assurance working group To write a specification to meet the requirements 4-6/2017 Public consultation on the 1st draft of the REFEDS Assurance Framework (RAF) 25 comments received and now resolved https://goo.gl/WHjEb2

REFEDS assurance fw: four dimensions of LoA Identifiers ID proofing Authentication Attributes ID is unique, personal and traceable Good enough for institution’s local systems Capacity for single-factor authentication Accurate and fresh affiliation information ePPN is unique, personal and traceable Assumed (e.g. postal credential delivery) Capacity for multi-factor authentication Verified (e.g. F2F)

”Cappuccino” profile for low risk use cases (c. f. AARC1 MNA3 ”Cappuccino” profile for low risk use cases (c.f. AARC1 MNA3.1 “minimal requirements”) Identifiers ID proofing Authentication Attributes ID is unique, personal and traceable Good enough for institution’s local systems Capacity for single-factor authentication Accurate and fresh affiliation information ePPN is unique, personal and traceable Assumed (e.g. postal credential delivery) Capacity for multi-factor authentication Verified (e.g. F2F)

”Espresso” profile for demanding use cases Identifiers ID proofing Authentication Attributes ID is unique, personal and traceable Good enough for institution’s local systems Capacity for single-factor authentication Accurate and fresh affiliation information ePPN is unique, personal and traceable Assumed (e.g. postal credential delivery) Capacity for multi-factor authentication Verified (e.g. F2F)

RAF: Key changes since 1st draft in spring Dropped SAML2 metadata entity attributes Use ePAssurance for user/IdP capacity for SFA/MFA, use AuthnContext to actually request/express it

Future Develop Single-Factor Authentication profile for IdPs (GEANT project) Draft based on NIST-800-63-3b Becomes part of Cappuccino Develop guidelines how to fullfill SFA With an AD back-end With an OpenLDAP back-end Expose RAF, SFA and the two guidelines to another public consultation Have a pilot