Update SURFnet Bart Kerver TF-EMC2-meeting, Utrecht, 17 Oktober 2006.

Slides:

Advertisements

Similar presentations

Identity Network Ideals – Heterogeneity & Co-existence

Advertisements

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Connect. Communicate. Collaborate The eduGAIN Way Diego R. Lopez - RedIRIS.

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

SWITCHaai Team Federated Identity Management.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

AAI with simpleSAMLphp

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

SWITCHaai Team Introduction to Shibboleth.

Identity Management Report By Jean Carreon and Marlon Gonzales.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.

Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,

Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)

Shibboleth at Columbia Update David Millman R&D July ’05

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

SURFfederatie & SURFconext Federated identity system for scientific collaborations 9-10 June 2011 CERN Remco Poortinga – van Wijnen*, SURFnet

Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.

Services Information University Project Sentinel Middleware & Identity Management for the Health Sciences Chad La Joie Georgetown University.

Federation as a Service Marina Vermezović, AMRES Federated Identity Technology Workshop Sofia, Bulgaria, 20. Jun 2014.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Authentication and Authorisation for Research and Collaboration Niels van Dijk AARC General Meeting Authentication and Authorisation.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.

Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.

Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.

Copyright JNT Association 20051Optional Copyright JNT Association The UK federation TNC - 22 nd May 2007 Mark Tysom, UKERNA.

Haka federation status  24 institutions and IdPs end users 96% coverage in universities, 41% in polytechnics  41 services Elearning Libraries.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

AUSTRALIAN ACCESS FEDERATION. Who we are Shared service for R&E Provide the trusted authentication framework for:  Universities  Education  Research.

Shibboleth A Technical Overview

June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

Networks ∙ Services ∙ People Nicole Harris UK federation meeting eduGAIN, REFEDS and the UK 23 June 2015 Project Development Officer GÉANT.

Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI-InSPIRE PY5 new activities Peter Solagna – EGI.eu.

Project Moonshot Daniel Kouřil EGI Technical Forum

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

How eduGAIN can help education: a real life story Sabita Behari Product Manager TNC14.

Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.

Networks ∙ Services ∙ People Ann Harding Networkshop 44, Manchester Thinking globally, acting locally Trust and Identity in the GÉANT project.

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

Shibboleth Architecture

Cross-sector and user-centric AAI

LIGO Identity and Access Management

EGI Updates Check-in Matthew Viljoen – EGI Foundation

Federation Systems, ADFS, & Shibboleth 2.0

Use case: Federated Identity for Education (Feide)

SAML New Features and Standardization Status

Scalability of trust and metadata exchange across federations

An AAI solution for collaborations at scale

GÉANT project update eduTEAMS - AAI as a Service for Collaborative organisations Introduction Status Pilots New Features – input requested InAcademia –

InAcademia Simple Validation Service Niels van Dijk

Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007

Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)

M7: New Features for Office 365 Identity Management

AARC Blueprint Architecture and Pilots

AAI Architectures – current and future

Community AAI with Check-In

Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.

Presentation transcript:

Update SURFnet Bart Kerver TF-EMC2-meeting, Utrecht, 17 Oktober 2006

High-quality Internet for higher education and research 2 SURFnet Federation project Main components: –describe use-cases for Federated IdM; –what services; –policies; –technology;

High-quality Internet for higher education and research 3 SURFnet’s role for IdM Awareness for Identity Management (IdM) –Reports on IdM studies on current state of IdM in HE in.NL; Scenarios to realize (upgrade) IdM; Federated IdM (business drivers, solutions…). –Workshops on IdM –Workgroup for Library Access Management (‘BAM’) Development and support of open source product A-Select (development, organize OS, pilots, architecture, deployments) Stimulate deployment of A-Select (200k+ users high-ed)

High-quality Internet for higher education and research 4 Federation initiatives -.NL KennisnetPublic librarieseduPoortSURFnet Register usersYes, centrallyNo, federatedBoth local and federatedFederated only Authenticate usersyes Both local and federatedFederated only Centralized attributesYesNoBoth local and federatedFederated only WAYFnoyesnoYes SSOyesnoyesYes, federated Multi federation protocolNo Yes: A-Select and SAML Con-federationPossibly Short term ProductA-SelectA-Select ‘Proxy’A-Select ‘Cross’A-Select ‘Cross/SAML’ User typeeveryone Research/HE only service provider central components for federation Identity provider

High-quality Internet for higher education and research 5 SURFnet Federation (2006) Build a service “SURFnet Federatie” (SNF) –technical implementation (based on A-Select); –define(d): policies, contracts, legal organization?…; –organize service providers (SP); –support identity providers (IdP); –Manuals and website (end-user, IdP,SP, helpdesk etc.)

High-quality Internet for higher education and research 6 SURFnet Federation (2007) –stimulate deployment and join-in workshops; install fests for both IdP and SP. –con-federate (‘confederate’: both NL and EU) –support standards (SAML, WS*,eduGAIN) –translate assertions enabling federared SSO ( SAML <> A-Select <> WSF <> eduGAIN) –pilots/work on federated (de-)provisioning –monitoring/tracking/tracing within federation –home organization for SURFnet specific services? –Technology scouting on MW for SOA/grid-services

High-quality Internet for higher education and research 7 SURFnet Federation Policies Start simple: low level entry Contract for IdP part of SURFnet contract? Contract for all SP’s standardized; If an IdP is also SP, just one contract. IdPs make best efforts: –to issue credentials to members only –to ensure accuracy of assertions SPs agree to respect the privacy of users –don't aggregate attributes or disclose to others –report on use of federation

High-quality Internet for higher education and research 8 Implementation Linux platform (cluster of 3 nodes, scalable setup); A-Select v1.5 (authN, attributes, SSO, SAML); GlobalSign (using SCS); University of Tilburg MySQL Benelux SURFnet Helpdesk

High-quality Internet for higher education and research 9 SURFnet Federation

High-quality Internet for higher education and research 10 usersidentitiescentral federation componentsresources (SAML) SAML

High-quality Internet for higher education and research 11 Pilots with SURFnet Federation Pilots with 3 publishers and Elsevier SD Booking system for VC-equipment (appl. by Switch) Ellips project (language studies) SURFgroepen ( – MS Sharepointwww.surfgroepen.nl On the horizon (short term) -SURFnetdiensten (webshop); -3TU – 3 technical universities collaborating; -VideoPortal; -Institution specific usage stats (on services); -SURFstat (network stats);

High-quality Internet for higher education and research 12 A-Select developments Support for SAML1.1 (OpenSAML based) used for WAYF and IdP IdP: –Browser/Post WebSSO profile –Browser/Artifact WebSSO profile (type 0001 & 0002) –SAML Subject Queries (Attribute, Authentication, Authorization) Enhanced WAYF IdP discovery for SP Anonymity of users based on WS* Soon start with: –WS* (ADFS) implementation –pilot with MS CardSpace –interoperability with Oracle and Novell (IdP, SP) –Looking into Liberty support

High-quality Internet for higher education and research 13 SURFnet Statistics on SCS 2006 Jan Feb Mar Apr May Jun Jul Aug SepTotal Certs accepted Certs refused SCS institutes (unique)

High-quality Internet for higher education and research 14 SURFnet Detective Meanwhile… SURFnet Detective has reached status/level of production- service as of May ‘06.