18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.

Slides:



Advertisements
Similar presentations
Contrail and Federated Identity Management
Advertisements

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
REFEDS. Rome, October 2009 The OpenID Case Why It’s Not a Bad Idea to Play with The Big Guys.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public University of the Future 1 TF-Mobility future Klaas Wierenga
Case Studies in Identity Management for Scientific Collaboration 2014 Technology Exchange Jim Basney CILogon This material is.
WSO2 Identity Server Road Map
A View into the Mi$t 1 RL "Bob" Morgan University of Washington Co-chair, InCommon Technical Advisory Committee.
Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.
17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Connect. Communicate. Collaborate The eduGAIN Way Diego R. Lopez - RedIRIS.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
WebFTS as a first WLCG/HEP FIM pilot
GRDevDay March 21, 2015 Cloud-based Identity for Applications.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
OFC-B317 Overview Identity Management in Office 365 Synchronization Topics Federation Topics Integration of SAML/OAUTH with Office Works with Office.
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures Grant Agreement n
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Chad La Joie Shibboleth’s Future.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.
Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies cru.fr 7th.
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
Cloud federation Are we there yet? Marek Denis CERN openlab Major Review Geneva, Switzerland › October
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.
Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011.
Diego R. Lopez, RedIRIS TF-EMC2, Umea SIR, FedSSH and more to come…
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
EGovernment Commonalities within Europe and beyond Colin Wallis & Fulup Ar Foll European Identity Conference 2011.
June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.
REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation.
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Transforming the Existing User Credentials.
WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Simplified Credential Management Henri.
Connect communicate collaborate An Infocard-based proposal for unified SSO to eduroam Enrique de la Hoz, Antonio García, Diego López, Samuel Muñoz University.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI-InSPIRE PY5 new activities Peter Solagna – EGI.eu.
Workshop on Security for Web Services. Amsterdam, April 2010 Applying SAML to Identity Data Exchange.
Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.
In Vivo Imaging Middleware — Phase 6 Ashish Sharma, Tony Pan, Y. Nadir Saghar.
Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.
The IGTF to eduGAIN Bridge
Access Policy - Federation March 23, 2016
GEOSS Federated Single Sign-On
The EGI AAI “CheckIn” Service
WLCG Update Hannah Short, CERN Computer Security.
Applying eduGAIN to network operations The perfSONAR case
Azure Active Directory - Business 2 Consumer
Shibboleth Roadmap
Identity Federations - Overview
CheckIn: the AAI platform for EGI
OAuth Assertion Documents
SIROPE OAuth and OAuth2 Living in SIR
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Windows Azure AppFabric
Azure AD Line Of Business Application Integration
The DAMe’s First Steps: eduroam and NAS-SAML
Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)
Matthew Levy Azure AD B2B vs B2C Matthew Levy
It Is All about Identity (Whatever the Sphere)
Community AAI with Check-In
Shibboleth 2.0 IdP Training: Introduction
Computer Network Information Center, Chinese Academy of Sciences
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are more widely assertable

18 th TF-EMC2. WebEx, June 2011 STORK Pilot for academic institutions successfully finished   STORK IdPs integrated as special SIR IdPs “If you are in SIR, you can deal with STORK identities” Looking forward to strengthening integration  Sub-task in the current eduGAIN workplan Module for simpleSAMLPHP Metadata management Policy issues  Additional use cases proposed for STORK extension Credential management  LoA handling

18 th TF-EMC2. WebEx, June 2011 Proxying Two proposals submitted for REFEDS funding  Federated management of central proxy instances  Central proxy configuration services Do we need and open-source proxy?  EZProxy is well-known, widely deployed, provided in reasonably fair terms  Would it scale up to National proxy services More specific usages (Web Services, AJAX…) Other access control mechanisms (OAuth, WS-Trust…) Transformations from identity data to proxy mechanisms

18 th TF-EMC2. WebEx, June 2011 OAuth (2, of course…) ID in its draft 16  Rather stable: Both kernel and side standards Including SAML and JWT  OpenID integrated flow: OpenIDConnect  UMA considering the user and consent sides Use cases on their way  The RedIRIS service panel  GN3 VOOT (three-legged OAuth1 for the moment)  And Clouds A few references if your are (still) curious

18 th TF-EMC2. WebEx, June 2011 JSON Space Proposals are blooming on RESTful services using JSON as coding mechanism Out of the common standard processes  Though many proposals are IDs Supported by many of the big dogs  Google, Microsoft, Yahoo, Facebook The good news  Essentially compatible with our current federation stuff The not-so-good news  Too many fronts to be influential enough?

18 th TF-EMC2. WebEx, June 2011 The Omnipresent Cloud SCIM, previously known as Cloud Directory  Intended for identity data exchange among actors in the cloud Cloud Service Provider Enterprise Cloud Subscriber Cloud Service User  General “neutral” schema Bindings to JSON, SAML and “bare” XML RESTful API  Security and trust models still in their initial stages Experiments on access control  OpenNebula usage of Grid certificates Others initiatives not very active  OASIS IDCloud

18 th TF-EMC2. WebEx, June 2011 GEMBus STS Demonstrator available  Adaptors for Apache ServiceMix Spring coming soon  Current token format based on GN2 relayed-trust SAML Plans for a more neutral JWT-based token  Coordination with EUGridPMA policies

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.