4th Annual Conference on Technology and Standards Washington

Slides:

Advertisements

Similar presentations

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.

Advertisements

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

Presented by: Doug Falk National Student Clearinghouse Student Access to Federal Loan Data and Other Online Student Services.

Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.

Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Extending Enterprise Authentication and Authorization in Higher Education: Building on the Success of Project Meteor.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.

The InCommon Federation The U.S. Access and Identity Management Federation

1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.

Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

Integrated Institutional Identity Infrastructure: Implications and Impacts RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005.

5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill A Discussion on Project Meteor.

Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.

Shibboleth: An Introduction

EDUCAUSE LIVE EDUCAUSE/Internet2 Computer and Network Security Task Force Update Jack Suess January 21, 2004.

State of e-Authentication in Higher Education August 20, 2004.

E-Authentication in Higher Education April 23, 2007.

Federated Identity Graduates Nate Klingenstein Internet2 APAN 27 高雄台湾, March 3, 2009.

E-Authentication & Authorization Presentation to the EA2 Task Force March 6, 2007.

Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck

6 February 2004 Internet2 Priorities 2004 Internet2 Industry Strategy Council Douglas Van Houweling.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Project Presentation to: The Electronic Access Partnership July 13, 2006 Presented by: Tim Cameron, Meteor Project Manager The.

NMI-EDIT AND Small College Security & ID Management Issues Discussion John Bruggeman, Director of Information Systems, Hebrew Union College-Jewish Institute.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Stanford University & National Student Clearinghouse Shibboleth Pilot CAMP Phoenix, AZ February 5, 2009.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

E-Authentication briefing for 11th Fed/Ed PKI Meeting Thursday June 16th, 2005.

Services Information University Project Sentinel: A Response to Bio-Terrorism funded by the National Library of Medicine Common Solutions Group University.

NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.

SEPARATE ACCOUNTS FOR PROSPECTS? WHAT A HEADACHE! Ann West Assistant Director, InCommon Assurance and Community Internet2 at Michigan Tech.

1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)

10/08/20041 © 2004 Pete Palmer Federated Identity Management and Regional Health Information Organizations Pete Palmer, Principal Security Analyst, Guidant.

Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Community of Practice K Lead Project Team: الالتزامالتحفيز التفكير المؤسسي المرونةالتميزالشراكةالاستقامة.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Tom Barton, Senior Director for Integration, University of Chicago

Federated Identity Management at Virginia Tech

Shibboleth Roadmap

Data and Applications Security Developments and Directions

Ian Bird GDB Meeting CERN 9 September 2003

John O’Keefe Director of Academic Technology & Network Services

Higher Education’s Role in the Identity Ecosystem

InCommon Steward Program: Community Review

Procuring Accessible IT at the University of Washington: Background, Policy, Guidelines, Checklist, Resources Sheryl Burgstahler, Director Accessible Technology.

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Registrars are a Barrier to Collaboration: Truth or CIO Pretext?

HIMSS National Conference New Orleans Convention Center

The E-Authentication Initiative

Shibboleth 2.0 IdP Training: Introduction

Fy ‘08 NETWORK PLANNING TASK FORCE

Presentation transcript:

Electronic Authentication, Authorization, and Identity Management: The PESC EA2 Task Force 4th Annual Conference on Technology and Standards Washington April 24, 2006 Charles F. Leonhardt Principal Technologist Georgetown University leonhardt@georgetown.edu

EA2 Task Force: Defined Dramatically increase the number of users who have access to federated authentication and authorization in the United States and beyond Dramatically increase the number of applications / service providers that are EA2 capable Assist in the resolution of policy issues Assist in the resolution of technology and implementation issues Enhance awareness of EA2 initiatives Assist in current efforts wherever possible

EA2 Task Force: Membership Rob Abel, IMS Global Learning Consortium Ellen Blackmun, NASFAA Tim Cameron, NCHELP/Project Meteor Charlie Coleman, FSA, U.S. Department of Education Larry Fruth, SIFA Ken Klingenstein, Internet2/InCommon Nancy Krogh, AACRAO Hans L’Orange, SHEOO Charlie Leonhardt, Georgetown Adele Marsh, AES/PESC Georgia Marsh, GSA/Federal E-Authentication Initiative Brett McDowell, Liberty Alliance David Temoshok, GSA/Electronic Authentication Partnership Steve Worona, EDUCAUSE

EA2 Task Force: Motivation Our customers (students, parents, faculty, staff, alumni, donors, visitors) want: Everything Anywhere Anytime (i.e. “now”) They would like it delivered: Inexpensively or “free” Conveniently and painlessly (“don’t make me login 15 times to 15 different services) With guarantees of information security and privacy

EA2 Task Force: Federations There is an excellent case for a federated approach for authentication (“I am who I say I am”) and authorization (“I can do this based on my role / location / other attributes as defined”) Federated approach implies trust and agreement among “service providers” (hosted applications) sites and “consumer” (provider of credentials) sites Internet2 middleware technology known as Shibboleth allows service providers to refer to consumer sites for authentication Once authenticated, a second referral is made to a consumer site to obtain attribute data to be used in making application authorization decisions An excellent example: the worldwide ATM network

EA2 Task Force: Shibboleth Internet2 middleware initiative developed by a number of Universities and funded by NSF InCommon Federation formed – now has 50 members; info at http://incommonfederation.org Attempts to solve inter-institutional trust / authentication / authorization issues; has wide applicability among H.E. institutions and organizations that serve higher education Standards-based, open source implementation Policy based, trusted federations Common goal: use non-native, non-centralized, trusted “third party” authentication/authorization

EA2 Task Force: Key Problems Trust has not yet been established between InCommon and the Federal E-Auth Initiative Policy and Procedural Issues (particularly around identity management and “levels of assurance”) are unresolved Variability in the deployment of Identity Management systems Easy-to-use toolkits to connect identity management systems to federated environments are not generally available Challenges in the deployment of open source environments for EA2 Variability in implementation of Credential Management Policies and Procedures

EA2 Task Force: Towards a Solution Shibboleth 2.0 (including SAML 2.0) to be released this quarter NIST is publishing revisions to Credential Assessment Framework and associated levels of assurance Willingness on the part of FSA/US Dept of Education to EA2 enable their applications (limited in scope) Higher Education needs to work with the vendor community to embed EA2 services in Applications (Google, Apple, Publishers, VLEs, and many business applications) Establishment of inter-federation trust Assist in policy issues whenever and wherever possible

EA2 Task Force: Future Monthly Conference Calls Policy Development Work Pilot Projects Convincing Government Agencies, Commercial application providers, Open Source Initiatives, and K-20 computing environments to embed EA2 frameworks within as many applications as possible Work on deploying tools and methods to expand EA2 initiatives Increasing awareness of the importance of EA2 frameworks to achieve the level of customer service and security that we all envision