Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Slides:

Advertisements

Similar presentations

Lousy Introduction into SWITCHaai

Advertisements

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

FIM-ig Federated Identity Management Interest Group.

SWITCHaai Team Federated Identity Management.

AAI with simpleSAMLphp

ESA EO Federated Identity Management Initiatives A. Baldi ESA: M. Leonardi RHEA:

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Aoife Lawton Systems Librarian HSE. Outline eLibrary models of authentication Library/Librarian visibility – some tips Mobile technologies Federated Search.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Edugate Glenn Wearen HEAnet.. Summary 1 year Pilot Project / 2 years in production All IoT’s, Universities, Colleges, but only half of HEAnet’s members.

1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.

Géant-TrustBroker project overview Slides assembled by the Géant-TrustBroker team at Leibniz Supercomputing Centre, Germany for a short presentation by.

Copyright JNT Association 20051Optional Copyright JNT Association The UK federation Mark Tysom, JANET(UK) 9 October 2007.

Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.

Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.

SAML a mature six year old? Glenn Wearen, Paul Caskey & Josh Howlett.

UK Access Management Federation Matthew Dovey Programme Director, Digital Infrastructures (Research) 10 June 2011 CERN.

Towards a Unified Authentication, Authorisation and Accounting Infrastructure Patrick Kirk Chief Technical Officer (YHGfL) Lifelong Learning Infrastructure.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.

The UK Access Management Federation John Chapman Project Adviser – Becta.

Copyright JNT Association 20051Optional Copyright JNT Association The UK federation TNC - 22 nd May 2007 Mark Tysom, UKERNA.

Géant-TrustBroker Project Overview Daniela Pöhn 7 th FIM4R meeting Frascati, Italy April 24 th, 2014.

Diego R. Lopez, RedIRIS TF-EMC2, Umea SIR, FedSSH and more to come…

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Identity Federations: Here and Now David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team

Networks ∙ Services ∙ People Nicole Harris UK federation meeting eduGAIN, REFEDS and the UK 23 June 2015 Project Development Officer GÉANT.

Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,

Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.

Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Networks ∙ Services ∙ People Marina Adomeit TNC16 Conference, Prague Towards a platform for supporting collaboration GÉANT VOPaaS

Networks ∙ Services ∙ People Ann Harding Networkshop 44, Manchester Thinking globally, acting locally Trust and Identity in the GÉANT project.

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

The FederID project The First Identity Management and Federation Free Software.

WACREN EduID Fostering Identity Federations in West and Central Africa 3rd Sci-GaIA Workshop Dar es Salaam, Tanzania – 5 th September Omo Oaiya.

User authentication on the e-Culture Science Gateway with Identity Federations and Identity Providers INDICATE Final Conference, Ankara,

David Millman—Columbia January 2005

Using Your Own Authentication System with ArcGIS Online

Federation Systems, ADFS, & Shibboleth 2.0

Extending Authentication to Members of Social Networks

Géant-TrustBroker Dynamic inter-federation identity management

Building a National Access Management Infrastructure

ESA Single Sign On (SSO) and Federated Identity Management

Some data about the CBIC Federation

UK Federation 101 Ian A. Young EDINA, University of Edinburgh (and the UK Federation) Internet2 Fall Member Meeting, 7 Dec Shibboleth Development.

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot project Inter-federation prospects

Question Q: How do you enable access to your services for users registered at other institutions ? A: Central directory of users B: Issue accounts for remote user C: OpenID D: Federated Access

Question Q: What is federated access? A: A way to authenticate users without having to know the users username/password B: A way to authenticate yourself using the same credentials you use at your institution. C: A way to authorize users based on their role at the remote institution or based on your own rules..

UK Access Management Federation

Project beginnings and funding Forfás report -short term infrastructure National Development Plan (PRTLI)‏ Application for SIF-II funding of mini-grants for IdP's and SP's approved (but paused)‏ Other revenue streams under consideration.

Federation Purpose Initially... –Foster cross institutional collaboration Now... –Enable shared services (e.g. NDLR)‏ –Enable SaaS (e.g. Google Apps)‏ –Supplement GRID/HPC –Validate student identity (e-commerce)‏ –Potential alternative to Athens AM

Federation Members IdP's –Any entity within Ireland with a student body SP's... –Any entity providing services to institutions –Any entity providing services to students

Notable Members IdP's –Open to primary/second level schools (single IdP)‏ SP's... – Commercial entities offering a 'student discount' – GRID to supplement existing authorisation

Potential Members SP's... –Institutional libraries –Elsvier, EBSCO, Thomson Reuters –Any member of the UK Federation –National Library –National Digital Learning Repository –Exptertise Ireland –IReL

Potential Members IdP's... –Universities –Institutes of Technology –Schools –Research agencies (ESRI, EPA etc.)‏ –Athens AM (or similar)‏

Federation Protocol Initially... –SAML1/SAML2/ADFS/Shibboleth 1.3 and 2.0 Now –SAML2 with specific binding/protocol Interoperability between SAML implementations......allowing commercial SAML products......alongside open-source

Options for IdP's Self-managed IdP –No fee (for HEA funded institutions)‏ –Small fee (for non HEA-funded)‏ Managed or Hosted IdP. –Additional fee –Shibboleth 2.1

Options for SP's Self-managed SP –No fee for HEA funded institutions –Membership fee for non HEA-funded Managed or Hosted SP. –Additional fee –Shibboleth 2.1 and simpleSAMLphp

Special features Collaboration and access to resources –Federation established for cross-institutional access to protected content –Virtual Learning Environments –Digital Libraries –Centralised, pooled, or shared services –Intra-library loans

Special features Shibboleth web-based administration –Config. can be difficult for those new to Shibb. –Web-based interface is designed to make configuration easier. –Wizard outputs downloadable configuration files –The wizards are based on SWITCH RR*

Special features IdP default release policy...

Special features View SP attribute requirement policy.

Pilot Project Call for participation. Response from GRID and one institution Workshops. Another call for participation; –Response from small group of IdP and SP's including HPC. Technical trial commenced

Pilot Project Pilot project will continue in parallel to; –Call to libraries –Further workshops –Additional pilot participants

Pilot Project Expected Outcomes; –Technical Agreed Attribute Schema Agreed Protocol –Policy Agreed Rules of Membership Agreed Membership criteria Agreed model to steer the federation in the future Agreed production launch date.

Inter-federation Bilaterally –Attribute schema based on UK Federation Schema to ease bilateral federation. –UK Federation will be ready for SAML2 in the future

Inter-federation Multilaterally. –As number of Bilateral agreements grow an interfederation agreement will emerge. –Technical solution may be based on SAML2 metadata mergers where possible –eduGAIN where not possible

Summary Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features Pilot project Inter-federation prospects Some final words...

Final words...  IP Address rules can not be relied upon.  Use SAML for allow access to your content and services for users on or off your campus.  'Must support federated access' in your tenders.  Do you have resources of interest to the wider academic community.  Thank You