Innovation through participation eduGAIN as a service (T3) in Multi-Domain User Applications (SA3) Valter Nordh, NORDUnet / GU NORDUnet conference, Köpenhamn, 16 Sep 2009

Innovation through participation NORDUnet - eduGAIN Welcome and introduction Agenda Basics of federations What is eduGAIN eduGAIN workforce, overview Business Case and Service Description Use case selected Policy issues MDS - State of Affairs Q&A

Innovation through participation Basics of federations What is a federation and what are the benefits? Identity Providers (IdP) and Service Providers (SP) connected Existing federations differ in many ways, technical, policy, target users etc Most federations today connect using SAML Web Single Sign-on (WebSSO) is a strong driver in federations How much does an e-id cost to maintain/year?

Innovation through participation Basics of federations A federation simplifies the authentication process, but not necessarily the authorization-process Two options for federations (simplified): A federation should by default offer attributes that the SP can use to take decisions (mostly authorisation decisions) A federation should only connect IdP and SP and leave all question about attributes to some one else (most often SP)

Innovation through participation What is eduGAIN eduGAIN started in GN2, under JRA5 and a pilot installation is running During GN3 eduGAIN will focus on transition to a service eduGAIN aims to connect federations in Europe The more the merrier! eduGAIN will initially restrict itself to WebSSO-support eduGAIN will evolve over the coming years eduGAIN does not aim for total attribute harmonisation!

Innovation through participation eduGAIN workforce, overview Valter Nordh, NORDUnet / SUNET / GU, Task leader Juergen Rauschenbach, DFN, edugain-development Mikael Linden, CSC, Policy issues Support / information, TERENA, Brook Schofield Operations? Josh Howlett, JANET, Activity leader for SA3 Licia Florio, TERENA, Activity leader JRA3

Innovation through participation eduGAIN workforce, overview SA3-T3, contribution from NRENS TERENA 1 BS AMRES 2 MV, ES, MR CARNET 1.0 MM, DV CESNET 1.2 IN CYNET 0.8 AT NIIFI 1.0 KrB?, TF, AL, JaM? NORDUNET 4.3 VN,LJ, MiL?, LK, AnL? ( ~22%) PIONIER 3.5 LD, WoB?, TW, MW, ZO REDIRIS 1.6 CR, AD, JP, OC, GL, AS SURFNET 1.0 ?? SWITCH0.7 LH, TL DFN 0.8 JR, TK?

Innovation through participation Next step in eduGAIN Five use cases have been selected. eduGAIN aims to focus on these (but not excluding others!) and build the first eduGAIN on top of these CLARIN Eduroam OTRS Wiki.edugain.org New wiki for GEANT3 (Microsoft Sharepoint) Foodle ->eduGAIN will initially only support webSSO

Innovation through participation Policy issues for eduGAIN (some) IdPs: higher education and research only? SPs: higher education and research only? eduGAIN participants; who may join? Is data protection in or out of scope for eduGAIN? Is it allowed to pass personally identifying information (PII) in eduGAIN? The unique identifier in Europe? trademarks and domain names: who registers and controls them?

Innovation through participation MDS - State of Affairs MDS, Metadata Distribution Service Used on a technical level do distribute the involved metadata. This is expected to develop under GN3 life with input from JRA3

Innovation through participation Goal of this meeting, review Get input on eduGAIN and present basic eduGAIN challanges Demonstrate Business Case and Service Description Show use cases Get an understanding of policy and legal aspects of (inter) federations See where we are regarding the MDS work Questions