Leveraging the IGTF authentication fabric for research

Slides:



Advertisements
Similar presentations
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Advertisements

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team
David Groep Nikhef Amsterdam PDP & Grid Bring the WLCG federation Home Extending your trust options beyond bottom-up identity by collaborating with global.
Authentication and Authorisation for Research and Collaboration Taipei Taiwan Authentication and Authorisation for Research and.
European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.
Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.
ELIXIR AAI Michal Procházka, Mikael Linden, EGI VC 15 March 2016.
IGTF in 10 years enabling the interoperable global trust federation Nikhef, Amsterdam supported the Dutch national e-Infrastructure funded and coordinated.
Security in the wider world David Kelsey (STFC-RAL) GridPP37 – Ambleside 2 Sep 2016.
The IGTF to eduGAIN Bridge
Building Trust for Research and Collaboration
Introduction to AAI Services
WLCG Update Hannah Short, CERN Computer Security.
Boosting AAI for research and collaboration
RCauth.eu CILogon-like service in EGI and the EOSC
The Policy Puzzle Many groups and (proposed) policies, but leaving many open issues AARC “NA3” is tackling a sub-set of these “Levels of Assurance” –
EGI Updates Check-in Matthew Viljoen – EGI Foundation
AARC Update What’s been happening in AARC which matters for GÉANT
User Community Driven Development in Trust and Identity
Bring the WLCG federation Home
Policy and Best Practices … the Story So Far
Christos Kanellopoulos
Building Interoperable Global Trust
Policy and Best Practices … the Story So Far
CheckIn: the AAI platform for EGI
AAI Alignment Nicolas Liampotis (based on the work of Mikael Linden)
Check-in Nicolas Liampotis
EUGridPMA Status and Current Trends and some IGTF topics March 2017 APGridPMA Spring Meeting David Groep, Nikhef & EUGridPMA.
Boosting AAI for research and collaboration
Bringing Harmonized Policy and Best Practice
Towards hamonized policies and best practices
Minimal Level of Assurance (LoA)
GÉANT project update eduTEAMS - AAI as a Service for Collaborative organisations Introduction Status Pilots New Features – input requested InAcademia –
The RCauth.eu CILogin-like TTS Pilot in EGI
Sustainability for the AARC CILogin-like TTS Pilot
EUGridPMA Status and Current Trends and some IGTF topics October 2017 APGridPMA Autumn Meeting David Groep, Nikhef & EUGridPMA.
Frameworks for harmonized policies and practices
Policy in harmony: our best practice
ESA Single Sign On (SSO) and Federated Identity Management
Assessing Combined Assurance
Assessing Combined Assurance
Policy and Best Practice Harmonisation (‘NA3’)
Leveraging the IGTF authentication fabric for research
“RaaS” – towards RCauth.eu as a Service
Towards hamonized policies and best practices
AARC Athens AHM meeting – NA3 session
OIDC Federation for Infrastructures
Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)
AAI For Researchers Licia Florio AARC Project Coordinator GÉANT DI4R
Updated (VO) Community Security Policies
Update - Security Policies
AARC Blueprint Architecture and Pilots
Supporting communities with harmonized policy
EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.
OIDC Federation for Infrastructures
AARC2 JRA1 Update Nicolas Liampotis
AAI Architectures – current and future
RCauth.eu CILogon-like service in EGI and the EOSC
Community AAI with Check-In
AAI in EGI Status and Evolution
Federated Incident Response
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

Leveraging the IGTF authentication fabric for research the IGTF-to-eduGAIN Bridge and the registration authority network David Groep Nikhef co-supported by the Dutch National e-Infrastructure coordinated by SURF, and by EGI Core Services

Leveraging the IGTF registration network for research A look at the IGTF 15 November 2018 Leveraging the IGTF registration network for research

Leveraging the IGTF registration network for research IGTF capabilities AuthN fabric and identity availability (today) Assurance requirements and assessment for Infrastructures (tomorrow morning) Registry operational guidelines (tomorrow morning) Infrastructure policy harmonisation Snctfi (tomorrow) Registry and operational capabilities (tomorrow afternoon) 15 November 2018 Leveraging the IGTF registration network for research

What we do (for authN services) User-centric authentication – across organisations Independent of user’s home organization Inspired by and aligned with research communities and e-Infrastructures Differentiated assurance derived from a both solid and transparent assurance level Ability to transfer registrations across authorities and countries (with the Registration Practice Statement) … and guidance around trust and trustworthy operations for AuthN and Attributes … and … 15 November 2018 Leveraging the IGTF registration network for research

Leveraging the IGTF registration network for research eduGAIN 40 NRENS (≈ countries) 4254 entities (of which 2533 IdPs, i.e., authentication providers) eduGAIN (status Sept 2017) organisation-centric, and with much national autonomy in policy & practice where it reaches the users and a ‘link’ is made, provides great ease of use in most organisations, research is not the primary use case (yet) for the ‘IdP’ 15 November 2018 Leveraging the IGTF registration network for research

Infrastructure specific hubs EGI CheckIn B2ACCESS CILogon ORCID … Local log-in, mangled tokens, directory auth, ‘golden’ portals that ‘snoop’ your credentials, ‘golden’ portals assuming ownership of everything, … Service-bespoke solutions 15 November 2018 Leveraging the IGTF registration network for research

Turtles all the way down … and up! 15 November 2018 Leveraging the IGTF registration network for research

TCS – CILogon – DFN SLCS – RCauth.eu 15 November 2018 Leveraging the IGTF registration network for research

Leveraging the IGTF registration network for research IGTF to eduGAIN bridge 15 November 2018 Work by Ioannis Kakavas and Nicolas Liampotis (GRNET) for the AARC project Leveraging the IGTF registration network for research

Guidance we have and use Assurance Profile https://www.igtf.net/ap/ Assessment support http://wiki.eugridpma.org/Main/AssuranceAssessment ‘Back-office’ template practices https://www.eugridpma.org/documentation/rps/ 15 November 2018 Leveraging the IGTF registration network for research

Registration Networks Although the process is labour-intensive and relatively slow, for some user categories the prevalent ‘user-held’ credential is the only one that ‘works’: non-academic users (SMEs, industrial R&S) users in a place without an eduGAIN federation users in a place that does not do unique ID users in an organization that does not release attributes users in an organization that does not provide assurance … 15 November 2018 Leveraging the IGTF registration network for research

A ‘high-quality IdP of last resort’? Most useful asset is our RA network! 15 November 2018 Leveraging the IGTF registration network for research

Leveraging the IGTF registration network for research Ideas … Promote the use of (existing) bridges Support other credential types and/or interfaces? In places without an existing federation Promote its establishment, as now eduGAIN is more open than before … join eduGAIN yourself – as a ‘trivial hub&spoke’ using the bridge IdP technology? Where a federation exists Establish direct links – there’s an opportunity in ‘long-tail’ support and IdP-of-last-resort services ? Push for a federation policy aligned with global (researcher) needs? Expose differentiated assurance model to subscribers? User-held credentials avoid much of the privacy issues? 15 November 2018 Leveraging the IGTF registration network for research

Building a global trust fabric Discussion! Building a global trust fabric Leveraging the IGTF registration network for research

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.