Baseline Expectations for Trust in Federation

Slides:



Advertisements
Similar presentations
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Advertisements

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
What’s New in Government Internal Control Standards?
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.
HIPAA PRIVACY AND SECURITY AWARENESS.
The ReFEDS/GÉANT Code of Conduct (CoC) An Approach to Compliance with the EU Data Protection Directive Steve Carmody April 23, 2012.
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.
IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.
COMPDIRS NATHAN DORS APRIL 16, AGENDA  IAM – who we are, what we do  HRP Modernization & Workday  What’s new in IAM?  Identity.UW soft.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Scalable Trust Community Framework STCF (01/07/2013)
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
What’s Happening at Internet2 Renee Woodten Frost Associate Director Middleware and Security 8 March 2005.
Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.
Identity Federations: Here and Now David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
IAM VISION OUR CREATIVE INSPIRATION IAM STRATEGY & ROADMAP TEAM JUNE 3, 2015.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
Networks ∙ Services ∙ People Nicole Harris UK federation meeting eduGAIN, REFEDS and the UK 23 June 2015 Project Development Officer GÉANT.
David Groep Nikhef Amsterdam PDP & Grid Bring the WLCG federation Home Extending your trust options beyond bottom-up identity by collaborating with global.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Designing Identity Federation Policy, the right way Marina Vermezović, Academic Network of Serbia TNC2013 conference 4 May 2013.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014.
Dr. Ir. Yeffry Handoko Putra
Access Policy - Federation March 23, 2016
CoCo and R&S in the UK federation
IT Service Transition – purpose and processes
WLCG Update Hannah Short, CERN Computer Security.
WISE 2016 WISE: a global trust community where security experts share information and work together, creating collaboration among different e- infrastructures.
The Policy Puzzle Many groups and (proposed) policies, but leaving many open issues AARC “NA3” is tackling a sub-set of these “Levels of Assurance” –
Mechanisms of Interfederation
Bring the WLCG federation Home
eduTEAMS platform for collaboration Niels Van Dijk
InCommon Steward Program: Community Review
Federated Identity Management for Researchers (FIM4R)
NIST Cybersecurity Framework
Federated Identity Management for Scientific Collaborations
Minimal Level of Assurance (LoA)
GÉANT 4-2 JRA3 T1 and T2 Federations and Campus (CaFe) e-Infrastructures and Service Providers (RASP) Daniela Pöhn JRA3 T1 LRZ/DFN-AAI Technology Exchange.
Policy in harmony: our best practice
Why the Multistakeholder Approach Works
Policy and Best Practice … in practice
PASSHE InCommon & Federated Identity Workshop
Update - Security Policies
AARC Blueprint Architecture and Pilots
Supporting communities with harmonized policy
AAI Architectures – current and future
FIM4R Requirements 5 minutes per slide!.
Mary Montoya, CIO Bogi Malecki, Project Manager
Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.
Stakeholder Involvement in Nuclear issues Workshop: Milestones for Nuclear Power Infrastructure Development November 5-9, 2007 Why Stakeholders are.
Appropriate Access InCommon Identity Assurance Profiles
Collaboration Oriented Architecture COA Position Paper An Overview
Shibboleth 2.0 IdP Training: Introduction
Presentation transcript:

Baseline Expectations for Trust in Federation Nicole Harris, Brook Schofield, Tom Barton and all of you!

Outline Background - Tom Why, what, when Sharpening the value of federation: FIM4Rv2 Collaboration-ready pyramid Discussion topics - Nicole & Brook What should a global baseline be? How close are the various federations to being there? What federation-specific circumstances help or hinder achieving that baseline? More, time permitting...

Why a Baseline? What trust do we need to have in Federation? When we rely on Federation, we are partnering with other organizations to do something for us that we would otherwise do for ourselves or forgo altogether. And mostly the latter: Federation makes possible the integration of resources, services, and users across the globe into the myriad ways that the R&E mission is undertaken.1 The most needed things need to be ubiquitous. [1] Baseline Expectations for Trust in Federation

Much input over 2015-16 to arrive at: For Identity Providers The IdP is operated with organizational-level authority The IdP is trusted enough to be used to access the organization’s own systems Generally-accepted security practices are applied to the IdP Federation metadata is accurate, complete, and includes site technical, admin, and security contacts, MDUI information, and privacy policy URL

For Service Providers Controls are in place to reasonably secure information and maintain user privacy Information received from IdPs is not shared with third parties without permission and is stored only when necessary for SP’s purpose Generally-accepted security practices are applied to the SP Federation metadata is accurate, complete, and includes site technical, admin, and security contacts, MDUI information, and privacy policy URL Unless governed by an applicable contract, attributes required to obtain service are appropriate and made known publicly

and for Federation Operators Focus on trustworthiness of their Federation as a primary objective and be transparent about such efforts Generally-accepted security practices are applied to the Federation’s operational systems Good practices are followed to ensure accuracy and authenticity of metadata to enable secure and trustworthy federated transactions Frameworks that improve trustworthy use of Federation, such as entity categories, are implemented and adoption by Members is promoted Work with relevant Federation Operators to promote realization of baseline expectations

How federation enables academic collaboration Federated Identity Management for Research, version 21 40 authors, 20 research communities, 18 months [1] https://doi.org/10.5281/zenodo.1296031

Get collaboration ready Protect collaboration resources Service Providers implement Reduce risk Support high value resources Standard MFA request/response Identity assurance info Identity Providers implement Release “Research & Scholarship” attributes Enable basic collaboration Basic security Accurate & complete metadata for good user experience Everybody implements Green and yellow tiers are what FIM4R identified as needed by research e-infrastructures. The question is how to make them happen. Years of asking nicely show that isn’t enough.

Discussion #1 The Baseline concept is based on the belief that to improve and sustain the value of R&E Federation for academic collaboration, some of its characteristics must be ubiquitous. What do REFEDSians think that set of characteristics is, that over time all R&E Federations should aim to make ubiquitous? Does the collaboration ready pyramid represent the right level at which a global Baseline should ultimately be set?

Discussion #2 How do each of the R&E Federations represented in the room compare with respect to each level in the pyramid? What federation-specific circumstances help or hinder achievement of the pyramid’s levels? What federation-specific approaches might be used to implement and maintain a baseline?

Discussion #3 Some parts of the pyramid are only technically implementable on certain federating software, yet many federation members will need to operate different federating technologies. How can each federation, or all federations together, address this common need of their members?

Discussion #4 Should a Baseline approach eventually become a requirement of participation in eduGAIN? For an entire federation? For each entity?

Discussion #5 How can each entity be trusted to meet the baseline? How can we measure progress towards a global baseline?