Internet Scale Identity, Collaboration and Higher Education.

Slides:



Advertisements
Similar presentations
The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.
Advertisements

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.
From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Leading in a new IT environment: Old saws and new technologies.
Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.
Widely Distributed Access Management Tom Barton University of Chicago.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
New CyberInfrastructure for Collaboration between Higher Ed and NIH.
Federations and Security: A Multi-level Marketing Scheme Ken Klingenstein Director, Internet2 Middleware and Security.
Stitching It All Together. Discussion Topics Peering and confederation Privacy principles Working with other sectors Virtual Organizations (VO's) Moving.
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.
The InCommon Federation The U.S. Access and Identity Management Federation
Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.
Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco.
BfB: Supporting Collaboration with Infrastructure.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
Federations: success brings new challenges Ken Klingenstein Director, Internet2 Middleware and Security.
Federated Identity and the International Research Community Dr Ken Klingenstein Director, Internet2 Middleware and Security.
Campus middleware in the service of Science Keith Hazelton Internet2 Middleware Architecture Committee for Education NSF Internet2 Day October 19, 2006.
Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Federated Identity: What It Brings to Open Government Dr Ken Klingenstein Director, Internet2 Middleware and Security.
VO and Internet2 Middleware. Presenter’s Name Topics Motivations for Internet2 Middleware work Federated identity and InCommon Other IdM Groups, privileges,
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
Stuff, including interfederation stuff Dr Ken Klingenstein, Director, Middleware and Security, Internet2.
Middleware, Ten Years In: Vapority into Reality into Virtuality Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist,
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Internet2 Middleware Initiative. Discussion Outline  What is Middleware why is it important why is it hard  What are the major components of middleware.
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.
COmanage and InCommon: Present and Future Activities and Interactions Heather Flanagan, COmanage Project Coordinator, Internet2.
Integrated Institutional Identity Infrastructure: Implications and Impacts RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005.
A Role for Libraries in Helping Users Manage Collaboration.
Access Information Management Tom Barton University of Chicago.
Virtual organizations: Team Science, Team Shakespeare.
Taking Care of Our Core Business: Managing Collaborations Dr. Ken Klingenstein, Senior Director, Internet2 Middleware and Security.
Scared Straight… if you want to go outside… Authenticate Locally, Act Globally.
1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
Shibboleth Trust Model Shibboleth/SAML Communities (aka Federated Administrations) Club Shib Club Shib Application process Policy decision points at the.
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
Internet2 and Cyberinfrastructure Russ Hobby Program Manager,
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.
Federated Identity in the Global Landscape. Presenter’s Name Topics Federated identity basics International deployments and issues National, local and.
E-Science Security Roadmap Grid Security Task Force From original presentation by Howard Chivers, University of York Brief content:  Seek feedback on.
Attribute Release and Scalable Consent \. Part of the original vision for federated identity and necessary for it to succeed Federated identity is less.
InCommon® for Collaboration Institute for Computer Policy and Law May 2005 Renee Shuey Penn State Andrea Beesing Cornell David Wasley Internet 2.
Growth. Interfederation PKI is globally scalable Unfortunately, its not locally deployable… Federation is locally deployable Can it.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Collaboration and Federated Identity Two powerful forces being leveraged – the rise of federated identity – the bloom in collaboration tools, most particularly.
The State of Federations
Data and Applications Security Developments and Directions
New CyberInfrastructure for Collaboration between Higher Ed and NIH
Topics The simple life The Simple Life GUI The full IdM life
Context, Gaps and Challenges
Overview and Development Plans
The Attribute and the ecosystem
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

Internet Scale Identity, Collaboration and Higher Education

Presenter’s Name Topics Internet Scale Identity Federated identity R&E federations, US activities and Shibboleth User centric identity Hybrids and integration The Bloom of Collaboration Tools Putting the Parts Together For new Internet services For human collaboration

Presenter’s Name Requirements for Internet identity Fewer Internet sign-ons Preservation of privacy, especially across international boundaries Several layers of assurance of identity, to deal with low-risk to high-risk applications Ease of deployment Ease of use

Presenter’s Name Types of Internet identity Federated Leveraging enterprise identity for inter-realm purposes Authentication, entitlements and attributes are the common payloads Privacy, security and trust are the critical issues Is hard to do User-centric Originally PGP, now Infocard, OpenId, SXIP, etc. Need trust fabrics - may be coupled with reputation systems or p2p processes for trust Is easy to do Both are growing at exponential rates

Presenter’s Name Federated Identity Enterprises exchanging assertions about users Often identity based but can provide scale and preserve privacy through the use of attributes Real time exchanges of standardized attribute/value pairs Basis for trusting the exchanged assertions via common policies, legal agreements, contracts, laws, etc. Federations offer a flexible and largely scalable privacy preserving identity management infrastructure

Presenter’s Name Shibboleth Sidebar Shib 1.3 the widely deployed base OpenSAML libraries widely used Shib 2.0 now in beta “Shib 2.0 will interoperate with other SAML 2.0 products better than they interoperate with each other.” License is Apache; contributor base broadening; Google and MS among supporters Support services businesses developing in the US and overseas

Presenter’s Name The rise of federations Federations are now occurring broadly, and internationally, to support inter-institutional and external partner collaborations Almost all in the corporate world are bi-lateral; almost all in the R&E world are multilateral They provide a powerful leverage of enterprise credentials Federations are learning to peer Internal federations are also proving quite useful

Presenter’s Name Technical Aspects of Federations Federating protocol Enterprise signing keys Metadata management and WAYF service Enterprise Identity Management practices

Presenter’s Name Policy Aspects of Federations Participant operational practices Agreement between federation and members Standardized attributes eduPerson Levels of Assurance (LOA)

Presenter’s Name An adoption curve

Presenter’s Name International R&E federations Substantial deployments in many countries, including UK, Norway, Switzerland, US, Australia, France, Denmark, Finland, Spain, Germany, Netherlands, etc. Most are Shib based; some use other SAML products. Scope of membership usually higher ed, but some are broader, e.g. UK, Spain, Netherlands Use cases range from content access to collaboration support to learning management systems to wireless roaming to…

Presenter’s Name InCommon US R&E Federation, a 501(c)3 Addresses legal, LOA, shared attributes, business proposition, etc issues Members are universities, service providers, government agencies Over 70 organizations and growing steadily; 1.3 million user base now, crossing 2 million by the end of the year Uses range from popular and academic content access to wiki and list controls to access NIH applications to … Almost all use is transparent to users (its middleware) but that is about to change

Presenter’s Name Key aspects of InCommon Federating software Shib 1.3 (other possibilities in the future) Shared attributes and schema eduPerson based Levels of authentication POP (participant operational practices) for LOA-today InCommon Bronze and Silver will map to LOA 1 & 2 Management Steering committee of members IT executives Operations staffed by Internet2

Presenter’s Name The complex nature of privacy Shift from no one knows to “I control who knows” Most users want the defaults to work International deeply compounds Differing policies A US citizen using a Swiss IdP A roaming network user from Australia in the EU. User consent matrix not well understood Legal considerations and log files Paradigm clashes happen, e.g. federated identity meets federated search

Presenter’s Name Relationships among federations Peering Confederation Presumes peering, adds multi-federation support Leveraged Specialized federations that extend a common base federation – e.g. the California system Intersecting

Presenter’s Name Peering Parameters Parameters: LOA Attribute mapping Legal structures Liability Adjudication Metadata VO Support Economics Privacy

Presenter’s Name Some inter-federation key issues Multi-protocols Sharing metadata Aligning policies WAYF functionality Dispute resolution Virtual organization support

Presenter’s Name Prague Meeting on Inter-federation International R&E federations (5 continents) plus Liberty Alliance and a few others Prague, September 3 Lots of topics: Attribute mapping, Privacy Policies, Dispute resolution, Financial considerations, Technical direction setting Next steps: UK drafting an analysis of International Peering needs, opportunities, etc. Discussions with Liberty EGov SIG (e.g SAML 2.0 profiles, attribute schema)

Presenter’s Name User-centric Identities Provides tokens for interpersonal trust Initially PGP, now OpenId, Infocard Use cases include blogs and wikis, file and photo sharing, some encrypted , etc. Active space – Cardspace in MS Vista, Higgins and the Bandits, OpenId, etc. Several layers Globally unique identifier Hooks to a trust or reputation system Mobility solution Protocol layers

Presenter’s Name User-Centric Development Growth is dramatic Plugs into almost any application Integration with Infocard Starting to hit the hard issues: Revocation Delegation and transitive trust Privacy

Presenter’s Name Identity integration goals First, of federated and p2p identity Many levels of integration – tokens, GUI, privacy management paradigm, trust fabrics… Then, of identity, group and privilege management Assignment and management of permissions to users by those with authority to grant such access Addresses the static aspects of the authorization space, with audit, delegation, prerequisites, etc. Permissions can be enterprise or virtual organization

Presenter’s Name A Bloom of Collaboration Tools An over-abundance of new tools that provide rich and growing collaboration capabilities (aka Web 2.0) Do you Wiki, blog, moodle, , sakai, IM, Chat, videoconference, audioconference, calendar, flikr, netmeeting, access grid, dimdim, listserv, webdav, etc Share files among workgroups, access Elsevier, work with the IEEE, etc No uber-app – limits invention and community of users Use of apps is manageable, but more per user is hard Leads to the need for management of collaboration

Presenter’s Name Collaboration Tools and Identity Management Deeply enriches collaboration tools Fine-grain access control and wikis spaces.internet2.edu “member of the community” processes Transparently shared file stores Collaboratively visible calendaring Embedded VO IM channels in campus portals

Presenter’s Name Relieving the Pain of Rich Collaboration Management Commonly manage which identities and which attributes can use the capabilities of the collaboration tools Can offer delegation, privacy management, maybe even diagnostics COmanage

Presenter’s Name Collaboration Tools and Identities Enterprise, VO, and P2P persona are in all of us – our day job, our second job, the rest of our life… When and how we integrate the persona needs to be carefully done – legal, ethical, personal issues The abundance of communication and collaboration devices makes this harder

Presenter’s Name Putting It All Together Real life and the attribute ecosystem “Internet-scale” collaboration Comanage …

Presenter’s Name User Application and network access controls IdP Shib p2p Source of Authority Source of Authority Source of Authority Portal Gateway Proxy Source of Authority Source of Authority Source of Authority Source of Authority Source of Authority Real life and the attribute ecosystem IdP Source of Authority

Presenter’s Name Comanage Management of collaboration a real impediment to collaboration, particularly with the growing variety of tools Goal is to develop a “platform” for handling the identity management aspects of many different collaboration tools Platform includes a framework and model, specific running code that implements the model, and applications that take advantage of the model This space presents possibilities of improving the overall unified UI as well as UI for specific applications and components.

Presenter’s Name Comanage 2 Leverages federated identity and the attribute ecosystem heavily Uses Grouper to manage groups and Signet to manage privileges Built completely on open protocols, using open source components Open and proprietary applications can be plumbed to work with it

Presenter’s Name Comanageable applications Already done Sympa, Federated wikis, Asterisk (open- source IP audioconferencing), Dim-Dim (open-source web meeting) Immediate targets Rich access controlled wikis Web-based file shares

Presenter’s Name Comanage dimensions of growth In the applications that can be driven by it Collaboration and domain science prime areas Largely a function of the application’s respect for middleware In the areas being managed Diagnostics? Others? In the identities being managed In the coupling of autonomous and diverse instances Deployment instances may be at many layers of organization and shift as it matures Underlying stores may be db, directory, or other

Presenter’s Name Higher Ed is an interesting sector A driver for advanced collaborative approaches TCP/IP and the Internet SAML and Federated identity Collaboration management We engage deeply with government agencies and in international research activities We also educate the next gen user, and many of those in this room…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.