Andrew Cormack Chief Regulatory Adviser, Access Management and Security WG.

Slides:

Advertisements

Similar presentations

EBSCOadmin Authentication

Advertisements

VOStore meetings, Slide 1 Ticket-based access control for VOStore? Guy Rixon March 2005.

Two Components IMAT consists of two components

IMAT Attendee Instructions. Intro There are four steps to using this system, only one of which is recurring – the first three are onetime. Prior to or.

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Josh Howlett Head, International Collaboration 22 May 2013 CEENGINE, Kiev Connecting research & education in the UK.

(Re)using existing AAI experiences and future --- AAI Soapbox --- Jens Jensen, STFC-RAL Terena VAMP, 0-1 Oct 2013.

Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.

Updating User Details and Password Tutorial 5. Step 1.1 From the Energy Infrastructure Portal Home Page, click the Enter Site link to access the Portal.

Copyright JNT Association JANET Briefing, 20 th Jan, Digital Economy Act 2010 Andrew Cormack Chief Regulatory Adviser, JANET(UK)

© JANET(UK) 2011 Running a Public Communications Service Andrew Cormack Chief Regulatory Adviser, Janet

John Chapman, Janet Fall 2012 Internet 2 Member Meeting 3 October 2012 Trust me, I’m an engineer: Engineering trust using a Trust Router infrastructure.

May 2013 Janet Cloud Services SWIT3E –update. UK wide Cloud Services Framework – cloud and hybrid cloud services Sector agreements Microsoft/Google/Dropbox/Amazon-

August 2013 Introduction to Moonshot. Why Moonshot? Within education, there are a number of specialised federations: – UK federation - Access to web-based.

John Littledale Service Lead Network Services Group Janet(UK) East Scotland.

Methodbox: Preparing for National Service Shoaib Sufi 11/10/11.

Why Web services should care about grid security Taavi Hupponen, CSC.

Federated access to e-Infrastructures worldwide

How-to Use iLab Solutions software within Auckland Science Analytical Services in the Faculty of Science, the University of Auckland Auckland Science Analytical.

Trust Router Workshop 15 th October Introduction to the Day Moonshot Workshop.

Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.

Moonshot Workshop 14 th October Introduction to the Day Moonshot Workshop.

E-Infrastructure and Janet6 review and update Bob Day Chief Technology Officer

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.

A case for Shibboleth and grid security: are we paranoid about identity? UK e-Science All Hands Meeting, 2006 Mark Norman 19 Sept 2006.

Authz work in GGF David Chadwick

BOLD 2.0 Login and Access Help Guide Note: BOLD will be inaccessible from 9:00 pm ET on Friday, June 1, to 7:00 am ET on Monday, June 4, so that the upgrade.

FIM-ig Federated Identity Management Interest Group.

1 Secure Internet browsing and Support for staff in schools.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Usable Security for Science Challenges and Next Steps Jens Jensen Science and Technology Facilities Council Trust and Security 2 nd Workshop Oxford 8-9.

Dspace Workflow, Administration and Customization Dr. Noorhidawati Abdullah Digital Library Research Group, FCSIT, UM

Account Forwarding ICS100 David Pai Spring 2007.

Project Moonshot update ABFAB, IETF 80. About Moonshot Moonshot is implementing ABFAB Developer meeting, 24 March 2011 Testing event, 25 March 2011 A.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Presentation of the Online Pre-Screening Process on EasyAppsOnline.

Grid Authorization Landscape and Futures Von Welch NCSA

How to Create Your ILLiad Account Here is a step-by-step guide to creating an ILLiad Account, your gateway to your extended library.

Authentication and Authorisation for Research and Collaboration Mikael Linden AARC all hands Milan Authentication and Authorisation.

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

 Here you will learn how to access  The Library Catalog and search for a book  Your Library and Textbook account.

Setting up an on-line account The Alberta Teachers’ Association.

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.

Shibboleth for Middle Schools James Burger -

RemoteXs User Guide for accessing e-resources India Institute of Technology Jodhpur Library For more details and any query please contact us Phone: (91.

Single Sign-on with stoneware Presented by:. Access Stoneware Visit the district home page. In the main menu, hover over LCS Employees and choose Stoneware.

Breach Notification and Incident Response Andrew Cormack Janet TLP: White.

B2access.eudat.eu B2ACCESS User Training How to register with B2ACCESS Version 1 February 2016 This work is licensed under the Creative Commons.

Project Moonshot Daniel Kouřil EGI Technical Forum

Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.

Securing the Cloud Authentication Perspective. Moving to the Cloud is like Moving your data from your own personal safe, to a safety deposit box.

Andrew Cormack Janet Who Burnt the Cookies?. One portion... Mix with... Bake into... Resulting in... Recipe for Trouble Good intentions – They’re breaching.

Kernel Key Management. Red Hat: Kernel Key Management Kernel Key Management Overview Designed to hold keys ready for fast use by kernel services ● Mainly.

P-p-pick up a Pathfinder

AAI for a Collaborative Data Infrastructure

SECURE SAFE AND EASY WEBSITE GUIDE

Remove History on Netflix. Check here.

My Settings allows a user to manage their Business Banking personal information and preferences, including: Contact information Username and Password Security.

AAI Architectures – current and future

UK Access Management Federation

1.7.1 People who help me and look after me: People who are special to me I can identify the adults in my life who care for me and look after me. I can.

Password Reset and Access Management

Protecting Privacy with Federated AA

Employee Self-Service (ESS) Portal

Student Registration Guide

Presentation transcript:

Andrew Cormack Chief Regulatory Adviser, Access Management and Security WG

With thanks to David F: Identify common requirements Reuse existing stuff where we can Guide development of new stuff where efficient Use “specials” when needed Unofficial high level aims

Common user life-cycle? StagePolicyControllingCommon?Delegated? ApplicationInfrastructureWho gets accessHeadings?No Identity linkingAuthenticationHow identifiedYesYes: home org Group formingCollaborationMaybe?Yes: to PI Service useData/serviceLegal/ethical/etcPer discipline?? May I use? Here’s my team Use service This is me

e.g. Policy enforcement e.g. Revocation time e.g. Credential strength e.g. Policy enforcement e.g. Revocation time e.g. Credential strength Delegated Authentication If needed, link ‘me’ to #ID# etc. Login Linked account Authentication policy promises Authenticated as #ID# SystemProtectsProtocol eduroamNetwork accessRADIUS SAMLWebpagesHTTP Moonshot“Anything”HTTP, SSH,...

Probably common to many e-Infrastructures Need to agree it with organisation you’re delegating to – Easiest if they’re doing it already – Otherwise need to persuade them it’s worth it HE employers can probably already provide – Persistent identifier + accountability when required Unique, opaque, identifier Authenticated by username/password Revoked when person leaves Hold person accountable for reported policy breaches Getting more likely to need individual negotiations – How many organisations do users belong to? – Do you have users with no organisation? How many different policies do we need? Authentication policy

Infrastructure Policy – Who uses this infrastructure, for what – Probably unique to each infrastructure – May have common headings? Data Policy – Who uses this dataset, for what – Includes regulatory, ethical, commercial issues – May be common to a discipline – But maybe unique to the dataset Other Policies

Workflow – Maybe orthogonal to initial AuthN/AuthZ? Group management/authorisation tools Citizen scientists (and other homeless users) – Social login? Part of group management? Other? Secure operations etc. Sharing experiences of all of these Other possible areas of WG interest

Is this picture wrong? Do you need more than basic delegated authentication? What sources of authentication do you need? Is delegated group management needed? Can you provide/develop infrastructure & data policies? What’s missing? Questions

Janet, Lumen House Library Avenue, Harwell Oxford Didcot, Oxfordshire t: +44 (0) f: +44 (0) e: b: Questions?