International Task Force Meeting Internet2 meeting, 8 October 2007, San Diego Jane Charlton, JISC I work for JISC, one of the two organisations that is funding the UK Access Management Federation. Joint Information Systems Committee Supporting education and research

Inter-federation policy: enabling collaboration Jane Charlton Access Management Outreach Co-ordinator, JISC

JISC www.jisc.ac.uk Provides world-class leadership in the innovative use of ICT to support education and research Funded by UK further and higher education funding councils to provide: National services (network, content, advisory) R&D programmes and projects Themes: network, content, e-learning, e-research, access management, information environment, e-admin, business & community engagement

What is an access management federation? A group of organisations that sign up to an agreed set of policies for exchanging information about users to enable access and use of resources and services. Trust relationship between identity providers and service providers, devolving authentication to the user’s home institution. Authorisation – secure exchange of information through the use of attributes. These definitions and models taken from a recent report on International Aspects of Access Management Federations by consultants Curtis + Cartwright.

The UK Access Management Federation Launched November 2006 Jointly funded by JISC and Becta Hosted by JANET (UK) Schools, FE, HE and Research Organisations and institutions providing services to these sectors Policy Board and Technical Advisory Group www.ukfederation.org.uk Provides consistency across the education sectors Facilitates sharing of content and collaboration within and across sectors

Supporting the transition Becta – schools sector JISC – further and higher education JISC 2 year transition programme Access Management Outreach Team Further and higher education Service providers (eg. publishers) National and international organisations Identity providers and service providers inter-dependent on each other joining federations.

Supporting the transition From Athens legacy system (centralised system) to federated access management (devolved system) More choice and flexibility 3rd party providers Open source or commercial Security Institutional readiness Identity providers and service providers inter-dependent on each other joining federations.

UK Access Management Federation Find out more about the UK Access Management Federation Internet2 meeting, Sunset room Tuesday 9 October, 1.15 – 2.30pm Nicole Harris (n.harris@jisc.ac.uk) and Mark Tysom (mark.tysom@ja.net)

International Task Force Meeting Enabling collaboration: Current issues and International work

The International scene Federations in operation: Croatia, Finland, France, Norway, Switzerland, UK, USA Federations in development or testing: Australia, Belgium, Denmark, Germany, Netherlands, New Zealand, Spain, Sweden This number likely to grow… All except Norway, Netherlands, New Zealand and Spain are Shibboleth-enabled (interoperate with Shibboleth)

Drivers for inter-federation policy Service Providers currently required to join each federation because of licensing laws Time consuming: differences in legislation and federation set-up Not scaleable

Drivers for inter-federation policy Collaboration and shared access to institutional resources Research Institutional repositories Learning environments

Knowledge Exchange Partnership between Denmark (DEFF), Germany (DFG), Netherlands (SURF) and UK (JISC) Content working group International licensing agreement funding 4 publishers Access Management working group JISC study on federation policy agreements www.knowledge-exchange.info

Terena Terena (Trans-European Research and Education Networking Association) A forum to collaborate, innovate and share knowledge in order to foster the development of Internet technology, infrastructure and services to be used by the research and education community. http://www.terena.org/

Terena: 1st International Confederation Workshop Define inter-federation models Identify and co-ordinate use cases of major research projects that would benefit from inter-federation connections Legal aspects - JISC study on federation policy agreements Attributes, levels of assurance Watching brief: eGovernment, OpenId, CardSpace

International Task Force Meeting JISC study: Feasibility of a cross-jurisdiction Common Access Management Federation Agreement

JISC study on federation policy Follows on from earlier study on International aspects of federated access management JISC Legal Project acronym JISC Legal FACT (Feasibility of a Common Template)

JISC study on federation policy Led by Mahesh Madhavan, Legal Information Specialist Master of Laws, Australia e-Repositories, e-collections, service agreements & templates Managed by Jason Campbell, Service Manager European and contract law Supported by 2 other Legal Info Specialists, Research Assistant and Senior Librarian

JISC study on federation policy Aims: To identify common elements between federation policies and agreements and To determine the feasibility of creating a template agreement to make it easier for publishers and service providers wishing to join multiple federations.

JISC study on federation policy Intended outcomes: If feasible, to allow the development of a template agreement for use across multiple access management federations and ultimately: To encourage more publishers and service providers joining federations To make access to online resources easier for users through publishers joining federations To enable inter-federation collaboration and exchange of information A template won’t necessarily be created as part of the study. The studies main purpose is to establish if a template policy is feasible.

JISC study on federation policy Objectives: Analyse 9 countries’ federation policy agreements and legal documentation including: the Nordic countries (Denmark, Finland, Norway, Sweden), France, Switzerland, Netherlands, UK, USA Identify commonalities between federation policies and agreements Evaluate whether a common template is possible and consider if it could be used in peering federations or confederations Consider how a template could be updated and adapted as legislation changes and new technologies emerge

JISC study on federation policy Policy differences in: Rules and regulations of membership Legal requirements Data protection, privacy, IPR, liability EU and US law Fees for joining No fee (Switzerland, UK and France) Full fee (Norway and US) Subsidised by government (Finland)

Countries involved in the study Six operational federations: Finland, France, Norway, Switzerland, UK, US Three in test/development: Denmark, Sweden, the Netherlands “Kalmar Union” confederation: Denmark, Finland, Norway, Sweden Norway and Switzerland – earliest federations UK – potentially one of the largest federations The Netherlands and US have other national federations

JISC study on federation policy Stakeholders include: federation staff publishers and other service providers relevant international organisations eg. Terena Institutional staff from two JISC projects Outputs will include: Website: www.jisclegal.ac.uk/access final report

JISC study on federation policy Timescales: August: project plan and website in place September: survey of federation agreements October: analysis of common elements, frameworks and mechanisms for updating November: draft report available January: final report published

JISC study on federation policy Further information Website www.jisclegal.ac.uk/access Blog http://jisc-legal-fact.blogspot.com Email list www.jiscmail.ac.uk/jisc-legal-fact

International Task Force Meeting Defining inter-federation models

Inter-federation models Peering federation – agreement between two federations Confederation – agreement among several federations Leveraged federation – membership of smaller federation and also an overarching federation Peering federation - when a federation establishes a trust relationship with one or more national or international federations through bi or multi-lateral agreements with the common purpose of allowing the secure exchange of information about users and resources Virtual organisations are groups of users from one or more federations collaborating on a joint project to achieve a common goal. A confederation is when a group of federations are managed by an overarching organisation which determines standards and policy, whilst individual federations retain local management.

Inter-federation model: Peering UK Federation Bi-lateral policy agreement Swiss Federation Difficult to scale due to multiple and divergent policies

Inter-federation model: Confederation Difficult and expensive to establish, not dynamic

Inter-federation model: Leverage Smaller Federation

International Task Force Meeting Identifying inter-federation use cases

Use case: Potential for cross-federation collaboration Proposal for a small scale inter-federation demonstrator that will enable collaboration on a research project between UK and Australia Focus on practical issues of peering federations Series of use cases for researchers Exchange of data between the two federations More information: James Farnhill, JISC (j.farnhill@jisc.ac.uk)/ Patty McMillian, AAF (patricia.mcmillan@uq.edu.au)

Why explore federation peering model? Many federations still being set-up and uptake of membership is currently slow, therefore global confederation model unlikely in next 3 – 5 years Easier to establish than confederation Testing ground for confederations, particularly for establishing use cases DPA and IPR issues could be resolved by informed consent by the user.

Inter-federation policy: enabling collaboration Thank you for listening – any questions? Jane Charlton, JISC j.charlton@jisc.ac.uk

What is an attribute? Identity information about a user eduPersonScopedAffiliation (member@jisc.ac.uk) – user’s relationship with institution eduPersonTargetedID (r001xf4rg2ss) – persistent psuedonym for personalisation eduPersonPrincipalName (charltonjl) – mostly used for internal services eduPersonEntitlement (Universal Resource Identifier) – restrict access to specific groups