To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

Slides:

Advertisements

Similar presentations

Athens and Shibboleth ® : the choices Phil Leahy Athens Product Manager.

Advertisements

Lousy Introduction into SWITCHaai

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

Network Identity Kai Kang 27 th October Outline Introduction –Definition –Five drivers –Basic services –Roadmap Network Identity management approaches.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Electronic Authentication for Flexible Learning Workshop Presentation (5 August 2003) Chris Connolly, CEO, Galexia Consulting.

Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

FIM-ig Federated Identity Management Interest Group.

Supporting further and higher education Authentication & Authorisation for JISC and UK e-Science Alan Robiette, JISC Development Group.

Gary Brown, Senior Systems Developer, Portal Development Team Identity Management Toolkit a JISC sponsored project.

Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.

SWITCHaai Team Introduction to Shibboleth.

The InCommon Federation The U.S. Access and Identity Management Federation

Multi-faceted Cyber Security Research Group edited strategy.

Developments and challenges in authentication and authorisation Klaas Wierenga Berlin, 23 May 2006.

Supporting further and higher education AA(A) – What does it mean to the service provider? Alan Robiette, JISC Development Group.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.

TNC 2008 JANET(UK) Shibboleth on Windows Trial TNC May 2008 Louis Searchwell Please note that the Shibboleth installer for Windows described in this presentation.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.

E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.

Shibboleth at Columbia Update David Millman R&D July ’05

Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.

Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie.

Edugate Glenn Wearen HEAnet.. Summary 1 year Pilot Project / 2 years in production All IoT’s, Universities, Colleges, but only half of HEAnet’s members.

Copyright JNT Association 20051Optional Copyright JNT Association The UK federation Mark Tysom, JANET(UK) 9 October 2007.

Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.

State of e-Authentication in Higher Education August 20, 2004.

Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.

Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.

Payment in Identity Federations David J. Lutz Universitaet Stuttgart.

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

Connect. Communicate. Collaborate The MetaData Service Distributing trust in AAI confederations Manuela Stanica, DFN.

Federated Identity Graduates Nate Klingenstein Internet2 APAN 27 高雄台湾, March 3, 2009.

GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.

University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.

The UK Access Management Federation John Chapman Project Adviser – Becta.

Federated Identity in Texas Paul Caskey The University of Texas System HEAnet National Conference Kilkenny, Ireland 13 November 2008.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Programme ›TERENA ›Overview of the middleware initiatives in the European Higher Education ›What is eduroam: the technology and how to set up eduroam ›eduroam-in-a-box:

Growth. Interfederation PKI is globally scalable Unfortunately, its not locally deployable… Federation is locally deployable Can it.

Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.

Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,

Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Project Moonshot Daniel Kouřil EGI Technical Forum

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Designing Identity Federation Policy, the right way Marina Vermezović, Academic Network of Serbia TNC2013 conference 4 May 2013.

Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.

Copyright © 2009 Trusted Computing Group An Introduction to Federated TNC Josh Howlett, JANET(UK) 11 June, 2009.

Access Policy - Federation March 23, 2016

Shibboleth Roadmap

Extending Authentication to Members of Social Networks

Identity Federations - Overview

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

UK Access Management Federation

UK Federation 101 Ian A. Young EDINA, University of Edinburgh (and the UK Federation) Internet2 Fall Member Meeting, 7 Dec Shibboleth Development.

Presentation transcript:

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008

Identity Federations Key characteristics  Composed of self-governing regions  Research & Education Institutions  Research & Education Institutions and organisations that serve them  Coming together to solve common problems  Network connectivity  Access management  Governed by a common constitution  Acceptable Use and other Policies  Federation agreement  Realised and enforced through common instruments  Network infrastructure and norms (routers, naming, numbering, etc)  Identity infrastructure and norms (trust, schema, protocols, etc) FederationsHEAnet

Trust Assertion How does federated identity work?

You already do ‘federated identity’ Visiting academics ERASMUS students Library visitors These tend to be ad hoc systems, relying on separate processes that may take days or weeks to complete. Wouldn’t it be handy if there was a single way to manage federated identity?

SAML Security Assertion Mark-up Language August 2002: SAML 1.0 November 2003: SAML 1.1 –Liberty Alliance ‘Identity Federation Framework’ –Internet2 ‘Shibboleth’ Project, Profile and Software March 2005: SAML 2.0 November 2008: Microsoft ‘Genesis’

About the UK federation The Athens service Interest in FAM from both JISC and Becta UK federation established in Nov 2006 Over 600 member organisations –Almost all Higher Education Institutions –Half of all Further Education Colleges –About half of the Schools sector ~30,000 schools  regional aggregation –Several million users

About the UK federation Why federate access management? –Privacy –Single sign-on –Common technology supporting a broad range of applications, internal and external. –Integrates easily into existing identity infrastructure

Participation Eligible to all education and research organisations, and those that serve them. Rules of Membership –Legally binding agreement –User accountability Technical Recommendations –SAML 1.1 –Shibboleth 1.3

To identity federation…

…and beyond? Beyond national boundaries –Considerable interest in ‘inter-federation’ and ‘confederation’. –eduGAIN Beyond the Web –non-Web infrastructure and services –federated filestore, consoles, network access, etc…

Conclusions You already do federated identity, even if you don’t call it that! SAML is a well-established and widely deployed technology. Federated Access Management is acceptable to Institutions.

Thank you for your attention Any questions?