Updates on Shib, a bit of InCommon and International Federations

Slides:



Advertisements
Similar presentations
The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.
Advertisements

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.
The rise, slowly, of a middleware infrastructure Ken Klingenstein Director, Internet2 Middleware and Security Ken Klingenstein Director, Internet2 Middleware.
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.
Federated Access: Identity Management and Access to Protected Resources Renée Woodten Frost Associate Director, Middleware & Security
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Internet Scale Identity, Collaboration and Higher Education.
Some Frontier Issues from the Wild, Wild West Ken Klingenstein.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
EAuthentication in Higher Education Tim Bornholtz Session 58.
InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
New CyberInfrastructure for Collaboration between Higher Ed and NIH.
1 Update on the InCommon Federation, Higher Education’s Community of Trust EDUCAUSE 2005 October 19 10:30am-11:20am.
Updates on Shib, a bit of InCommon and International Federations.
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation Clair Goldsmith,
Federations and Security: A Multi-level Marketing Scheme Ken Klingenstein Director, Internet2 Middleware and Security.
Stitching It All Together. Discussion Topics Peering and confederation Privacy principles Working with other sectors Virtual Organizations (VO's) Moving.
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
CILogon and InCommon: Technical Update Jim Basney This material is based upon work supported by the National Science Foundation under grant numbers
The InCommon Federation The U.S. Access and Identity Management Federation
Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco.
1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.
1 The InCommon Federation John Krienke Internet2 Spring Member Meeting Tuesday, April 25, 2006.
The Rise of Federations…Almost Everywhere. Topics Federation Basics Drivers Components International and pulic sector developments InCommon and its uses.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
Federations: success brings new challenges Ken Klingenstein Director, Internet2 Middleware and Security.
InCommon as Infrastructure: How Recommended Practices and Federation Features Help Scale Federated Identity Management Michael R. Gettes, Carnegie Mellon.
InCommon, other federations, the attribute ecosystem, and some killer apps needing guns…
VO and Internet2 Middleware. Presenter’s Name Topics Motivations for Internet2 Middleware work Federated identity and InCommon Other IdM Groups, privileges,
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
InCommon Update Internet2 Meeting April 20, 2004 Ken Klingenstein and Carrie Regenstein.
Identity Federations: Here and Now Renée Shuey Penn State and InCommon.
Stuff, including interfederation stuff Dr Ken Klingenstein, Director, Middleware and Security, Internet2.
HATHITRUST A Shared Digital Repository HathiTrust and TRAC DigitalPreservation 2012 July 25, 2012 Jeremy York, Project Librarian, HathiTrust.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Shibboleth A Federated Approach to Authentication and Authorization Fed/Ed PKI Meeting June 16, 2004.
1 InCommon Identity & Access Management Federation John Krienke Operations Manager, InCommon Assistant Director, Internet2
Federations 101 John Krienke Internet2 Fall 2006 Internet2 Member Meeting.
A Role for Libraries in Helping Users Manage Collaboration.
Scared Straight… if you want to go outside… Authenticate Locally, Act Globally.
National Authentication and Authorization Infrastructures and NRENs Ken Klingenstein Director, Internet2 Middleware and Security.
Internet2: building and using an advanced network environment for research, teaching and learning APRU CIO Forum, 23 March 2007 Heather Boyles,
The InCommon Federation The U.S. Access and Identity Management Federation
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
Shibboleth: Molecules, Music, and Middleware. Outline ● Terms ● Problem statement ● Solution space – Shibboleth and Federations ● Description of Shibboleth.
The UK Access Management Federation John Chapman Project Adviser – Becta.
Federated Identity Management at NIH…NIH Login and Beyond Debbie Bucci September 2009.
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
AAI in Europe ++ Ken Klingenstein Director, Internet2 Middleware and Security.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Federated Identity in the Global Landscape. Presenter’s Name Topics Federated identity basics International deployments and issues National, local and.
InCommon® for Collaboration Institute for Computer Policy and Law May 2005 Renee Shuey Penn State Andrea Beesing Cornell David Wasley Internet 2.
InCommon Federation: Federating Relationships. Topics Administration Library Research Student Services Personal and Collaborative Applications Federal.
Shibboleth Roadmap
Federation Systems, ADFS, & Shibboleth 2.0
The State of Federations
John O’Keefe Director of Academic Technology & Network Services
InCommon and Federated Identity Update
New CyberInfrastructure for Collaboration between Higher Ed and NIH
Topics The simple life The Simple Life GUI The full IdM life
Some data about the CBIC Federation
Context, Gaps and Challenges
Overview and Development Plans
Shibboleth as Attribute Delivery for Authorization
Shibboleth: Status and Pilots
Shibboleth 2.0 IdP Training: Introduction
Presentation transcript:

Updates on Shib, a bit of InCommon and International Federations

Topics Shib 2.0 and Autograph Non-federal aspects of InCommon International peering Others will do InCommon and the US Gov, Usher, etc…

State University Federations State university federations - Texas, California, CSU, etc Leverage existing infrastructure in both policies and shared applications Some, such as the California Digital Marketplace, reach very broad populations

InCommon US R&E Federation www.incommon.org Members join a 501(c)3 Addresses legal, LOA, shared attributes, business proposition, etc issues Approximately 55 members and growing A low percentage of national Shib use…

InCommon Members 5/1/07 Case Western Reserve University Clemson University Cornell University Dartmouth Duke University Florida State University Georgetown University Indiana University Miami University New York University Ohio University Penn State Stanford University Stony Brook University SUNY Buffalo Texas A&M The Ohio State University The Johns Hopkins University The University of Chicago University of Alabama at Birmingham University of California, Davis University of California, Irvine University of California, Los Angeles University of California, Merced University of California, Office of the President University of California, Riverside University of California, San Diego University of Maryland University of Maryland Baltimore County University of Maryland, Baltimore University of Rochester University of Southern California University of Virginia University of Washington University of Wisconsin - Madison Cdigix EBSCO Publishing Elsevier ScienceDirect Houston Academy of Medicine - Texas Medical Center Library Internet2 JSTOR Napster, LLC OCLC OhioLink - The Ohio Library & Information Network ProtectNetwork Symplicity Corporation Thomson Learning, Inc. Turnitin WebAssign

Key aspects of InCommon Federating software Shib 1.2+ (other possibilities in the future) Shared attributes and schema eduPerson right now Levels of authentication POP (participant operational practices) for LOA-today InCommon Bronze and Silver will map to LOA 1 & 2 Management Steering committee of members IT executives Operations staffed by Internet2

InCommon Management/Governance Steering Committee of campus/vendor CIO’s and policy people – sets policies for membership, business model, etc. Technical advisory committee - Sets common member standards for attributes (eduPerson 2.0) , identity management good practices, etc.

Shibboleth Shib 1.3 widely deployed; 1.2 still common Along the way, other capabilities added: ADFS compatibility for WS-Fed, (MS $) Eauthentication certification (with waiver form:)) Shib 2.0 completes the SAML+Shib integration More compatible with COTS SAML 2.0 products than they are with each other A Shib/SAML to TCP/IP analogy isn’t bad; Shib adds multi-party federation support through metadata, ARPS, etc. Also eases support for n-tier, non-web and other capabilities Alpha for Unix and Windows now being released

The Shibboleth 2.0 Sidebar Support for the attribute ecosystem attribute handling, including policy, in both SP and IdP designed to be reusable for other protocols (eg CardSpace) sets stage for further work on multiple attribute sources, reputation management, etc. All Java SP (in addition to current Java/Apache), easing integration for some applications Trust management PKI still seems too hard, even at the simpler enterprise level Supports a broad set of trust choices – CA’s, certs, plain keys, managing site metadata (naming, acquisition, validating) A product of years of painful experience 

Federated Applications Mostly access controls to content The first shibbed collaborative apps are appearing… Several wikis Digital repositories such as DSpace and Fedora Learning Management Systems such as WebCT IM, p2p fileshare (Lionshare), CVS Grid-Shib integration in several ways SIP based tools (videoconferencing, audioconferencing) within reach Bootstrapping from duct tape sometimes a problem

Membership in InCommon 53 members, perhaps 25 million students covered, growing slowly but steadily Some interesting discussions Apple, Google, Microsoft all as SP’s The assertion of student-ness National Energy Labs, as IdP’s and SP’s And off in testshib… The Navy, Google, …

International Federations Many nations now have federations; OECD and the UN are looking at ways to address the other Status ranges from fully developed (Finland, Switzerland, Norway, Netherlands) to rapidly growing (France, UK) to struggling but moving forward (Denmark, Belgium) to just starting (Germany, Italy) Several uses cases are already emerging for interfederation arrangements Wikis, grids…

Key takeaways: state of the R&E world state of the commercial world 9-9:30 Welcome and intros Desired Outcomes: a prototype agreement between federations that all attendees can take back to their federation for discussion. 9:30-10:30. A Few Federation Updates, with some emphasis on interfederation or inter-sector issues FEIDE UK Access Manage InCommon Liberty Instances. Others? Key takeaways: state of the R&E world state of the commercial world 11:00-11:30 Use cases Common Interfederation needs Use of proxies 11:30 -12:00 Agreement on terms Categories of relationships between federations (peering, overlapped, leveraged, confederation, hierarchical, etc.) Multi-homed institutions - pros and cons Transitivity situations - necessary? desirable? Categories of policy issues Service models - trust broker, bulk services provider, etc. Business models - uniform fees, RP pays, subsidized, etc.

Afternoon of International Peering Attributes Validity requirements Eppn policy Privacy requirements Special identifiers User specified? RP specified? Transient? LOA Credentials? Attributes? Both?? POP management and/or requirements Standard levels: Can we agree...?? Audit: requred? who does it? who sees it? Federation practices in support of LOA Standard practises between federations

Late afternoon international peering Legal and Financial Liability issues Financial Considerations (dues, transactions, etc) Dispute Resolution Can the federation commit its members? Working with commercial federations? Non NREN academic federations? Kinda technical issues WAYF Trust anchors (use of commercial CA’s) Help desk and problem resolution Wrap-ups and Next Steps OECD? UN? OASIS? etc. Where to continue and how Who's got the ball? Nice dinner if we’ve earned it…

Collaboration tools Expanding enterprise and federated versions of popular tools Adding identity, group and privilege management Providing security and privacy Adding the middleware extensions for virtual organizations Integrating the VO life with the campus life in portals, videoconferencing, etc.

VOs plumbed to federations

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.