Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007

Slides:



Advertisements
Similar presentations
Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.
Advertisements

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
Update SURFnet Bart Kerver TF-EMC2-meeting, Utrecht, 17 Oktober 2006.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.
SWITCHaai Team Federated Identity Management.
(From Radius Hierarchy to AAI) Miroslav Milinović University Computing Centre - Srce EuroCAMP Ljubljana, March 2006.
CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science
11-July-2011, SURFnet Heather Flanagan, COmanage Project Coordinator Benn Oshrin, COmanage Developer Scott Koranda, U. Wisconsin – Milwaukee and LIGO.
Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Shibboleth in Finnish Higher Education Organisations E-ICOLC 2005 Poznan, Poland.
Shibboleth federations: A Publisher’s Perspective Ale de Vries Product Manager ScienceDirect Elsevier Terena EuroCAMP Malaga, October 18-19, 2006.
Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.
10/25/2015 AEB/Yleisesittely Organising Federated Identity in Finnish Higher Education TNC2005 Mikael Linden June 8th, 2005.
Federations 101 John Krienke Internet2 Fall 2006 Internet2 Member Meeting.
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)
Kerberos and Identity Federations Daniel Kouřil, Luděk Matyska, Michal Procházka, Tomáš Kubina AFS & Kerberos Best Practices Worshop 2008.
SURFfederatie & SURFconext Federated identity system for scientific collaborations 9-10 June 2011 CERN Remco Poortinga – van Wijnen*, SURFnet
Federations round table Haka federation of Finland EuroCAMP Mikael Linden CSC, the Finnish IT Center for Science.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
SAML a mature six year old? Glenn Wearen, Paul Caskey & Josh Howlett.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Connect. Communicate. Collaborate AAI scenario: How AutoBAHN system will use the eduGAIN federation for Authentication and Authorization Simon Muyal,
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Deploying Authorization Mechanisms for Federated Services in eduroam Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007.
June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.
Programme ›TERENA ›Overview of the middleware initiatives in the European Higher Education ›What is eduroam: the technology and how to set up eduroam ›eduroam-in-a-box:
Federated Identity Management for Scientific Collaborations The Common Vision David Kelsey (STFC) 3 Nov 2011.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.
Facing the challenge of relevance Erwin Bleumink 4 June 2013 TNC13.
On the design of a MfAaaS service (Multi-factor-Authentication-as-a-Service)
Tutorial on Science Gateways, Roma, Riccardo Rotondo Introduction on Science Gateway Understanding access and functionalities.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Access Policy - Federation March 23, 2016
Cross-sector and user-centric AAI
AAI for a Collaborative Data Infrastructure
Shibboleth Roadmap
Federation Systems, ADFS, & Shibboleth 2.0
Overall Roadmap and Timeline
eduTEAMS – Current status & Future Plans
University of Texas System
Géant-TrustBroker Dynamic inter-federation identity management
John O’Keefe Director of Academic Technology & Network Services
An AAI solution for collaborations at scale
Federated Identity Management for Scientific Collaborations
GÉANT project update eduTEAMS - AAI as a Service for Collaborative organisations Introduction Status Pilots New Features – input requested InAcademia –
ESA Single Sign On (SSO) and Federated Identity Management
The French federation Eurocamp 2007 Helsinki
Topics The simple life The Simple Life GUI The full IdM life
Some data about the CBIC Federation
Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)
University Computing Centre - Srce
Agenda Introductions Brief review of our project charge
UK Access Management Federation
UK Federation 101 Ian A. Young EDINA, University of Edinburgh (and the UK Federation) Internet2 Fall Member Meeting, 7 Dec Shibboleth Development.
Overview of The U.T. System Identity Management Federation
Treasury of Russia INTERACTION BETWEEN INFORMATION SYSTEMS USED IN PUBLIC PROCUREMENT AND PUBLIC FINANCE MANAGEMENT – THE CASE OF RUSSIA. Alexandr.
GEANT Data protection Code of Conduct 2.0 REFEDS meeting 16 June 2019
Presentation transcript:

Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007 SURFfederatie Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007

Contents General intro Status IdM practices/policy Policy enforcement Roles & groups Schemas LoA

General introduction Federation close to production status Model with Central Federation Component (CFC) that translates federation protocols on-the-fly (SAML/A-Select/ADFS/ID-FF) Registration at privacy body (temporary storage of user data for FederatedSSO and/or federation protocol translation). NO requirements wrt technology

Status Test/Acceptation federation now runs approx. 1.5 jaar IdP's: RUG, UU, SURFnet, TU-Delft RADIUS IdP for eduroam customers, used by: HU, Avans, HvA, Saxion, HAN Pilots with: Elsevier SD, Dutch publishers, Ellips consortium, SURFnet diensten Scheduled: EBSCO, Microsoft, SURFdiensten, OCLC Pica

IdM practices/policies 2 parties: FederatieLeden (federation members) Annex to regular contract with SURFnet Low level entry FPartners contract between SURFnet and Partner SURFnet is operator Contracts, attributes that are needed for a service published at website Userboard deputation of federation members

Policy enforcement Federation Member Sign and you’re member Club-model Weak enforcement Almost no formal rules wrt identity management Some rules wrt privacy, 'good IdM' and dealing with abuse Service Provider MUST sign contract Define service, attributes etc. Privacy regulations (best practice will be made available) Requirements on certificate organisation, hostname, ‘friendly name’

Roles & groups None Federation is transparant channel Federation is TTP (signing of certificates of SP's / IdP's)

Schemas used/planned 2 requirements: (opaque)userid@organisation organisation (IdP) Schemas: study in Shibboleth pilot SCHAC IdM at institutions NOT homegeneous Easy start with simple model Presumably 4 or 5 mandatory fields, rest optional

Levels of AuthN Unique selling point of A-Select since version 0.1! Requires authN standardisation in the policy wrt IdM, naming and issuance <authentication_methods> <identifier authsp_id="radius" uri="urn:oasis:names:tc:SAML:1.0:am:password"/> <identifier authsp_id="ldap" uri="urn:oasis:names:tc:SAML:1.0:am:password"/> <identifier authsp_id="sid" uri="urn:oasis:names:tc:SAML:1.0:am:HardwareToken"/ <identifier authsp_id="pki" uri="urn:oasis:names:tc:SAML:1.0:am:X509-PKI"/>

The SURFfederatie

Thank you! More info: http://federatie.surfnet.nl/ Klaas.Wierenga@surfnet.nl

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.