Stuff, including interfederation stuff Dr Ken Klingenstein, Director, Middleware and Security, Internet2.

Slides:



Advertisements
Similar presentations
The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.
Advertisements

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…
TF-EMC2 – Internet2 update Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at Boulder.
TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
One Year of REFEDS Licia Florio, TERENA Internet2 Meeting, Raleigh 2 Oct, 2011.
InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.
FIM-ig Federated Identity Management Interest Group.
SWITCHaai Team Federated Identity Management.
Identity Relationship Management The Next Evolution of Identity and Access Management for the Internet of Everything.
InCommon Forum Fall 2012 Internet2 Member Meeting Wednesday, October 3,
Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco.
Andrew Nash Senior Director of Identity Services Topics in Identity and Payments.
Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.
PEER (Public End-Entity Registry) (MLS -> SPIT -> BEER -> PEER)
Read Me Intent of the work The Periodic Table – Rows - Clusters - Colors – Cautions on dynamic nature of table About trust marks and trust frameworks Use.
Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.
Federated Identity and the International Research Community Dr Ken Klingenstein Director, Internet2 Middleware and Security.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Federated Identity: What It Brings to Open Government Dr Ken Klingenstein Director, Internet2 Middleware and Security.
Middleware, Ten Years In: Vapority into Reality into Virtuality Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist,
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
Identity Assurance: When it Matters David L. Wasley Internet2 / InCommon.
COmanage and InCommon: Present and Future Activities and Interactions Heather Flanagan, COmanage Project Coordinator, Internet2.
Géant-TrustBroker project overview Slides assembled by the Géant-TrustBroker team at Leibniz Supercomputing Centre, Germany for a short presentation by.
National Authentication and Authorization Infrastructures and NRENs Ken Klingenstein Director, Internet2 Middleware and Security.
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
The Application and the Ecosystem. Acknowledgments Home and Scott Cantorhttps://spaces.internet2.edu/display/fedapp/
Géant-TrustBroker Project Overview Daniela Pöhn 7 th FIM4R meeting Frascati, Italy April 24 th, 2014.
AAI in Europe ++ Ken Klingenstein Director, Internet2 Middleware and Security.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Identity Federations: Here and Now David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke.
Interfederation RL “Bob” Morgan University of Washington and Internet2 Internet2 Member Meeting Chicago, Illinois December 2006.
Growth. Interfederation PKI is globally scalable Unfortunately, its not locally deployable… Federation is locally deployable Can it.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Progress Report on the U.S. NSTIC Efforts Jack Suess – Delegate for Research, Development, Education & Innovation
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
Internet identity: Forward in All Directions Dr Ken Klingenstein, Director, Middleware, Internet2.
Identity Management Systems for Collaborations and Virtual Organizations.
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Cross-sector and user-centric AAI
Shibboleth Roadmap
Federation Systems, ADFS, & Shibboleth 2.0
InCommon Participant Operating Practices: Friend or Foe?
Higher Education’s Role in the Identity Ecosystem
InCommon Steward Program: Community Review
CLARIN Federated Identity Vision
GakuNin: Federated Identity Management Activities in Japan
A Business Case for Identity Management in Higher Education
Topics The simple life The Simple Life GUI The full IdM life
Context, Gaps and Challenges
BoF: Campus and Federation (and Interfederation) Policy Issues
InCommon Participant Operating Practices: Friend or Foe?
Appropriate Access InCommon Identity Assurance Profiles
Shibboleth 2.0 IdP Training: Introduction
The Attribute and the ecosystem
Baseline Expectations for Trust in Federation
Presentation transcript:

Stuff, including interfederation stuff Dr Ken Klingenstein, Director, Middleware and Security, Internet2

Topics InCommon Growth ISOC and Attributes NSTIC (and FICAM) Interfederation Federation Risk Assessment Gap Analysis

Growth

ISOC and Attribute Infrastructure Workshop held March 12, 2012 in DC as follow-up to workshop in Amsterdam in December. Outcomes include Planning for attribute registries Name space registries Good attribute design principles document Attributes of attributes Quality (LOA) of attributes Managing the marketplace

NSTIC and FICAM NSTIC is an initiative, intended to foster the Identity Ecosystem and the US Government’s participation in it. Works with agencies, IdP’s, standards and advocacy groups, etc. Pilot programs this fall FICAM is an operational service, setting standards (LOA, privacy, etc) and certifying compliance

Interfederation The use cases The theory and the practice Gap analysis

The use cases Between R&E feds (contacts in Turkey, Middle East and India urgently needed) Between.gov fed and InCommon With K-12 fed With OIX fed

Theory and practice In theory, there is no difference between practice and theory; in practice there is. Interfederation has several steps Ad hoc interfeds today and soon PEER to exchange metadata True interfederation

Federation Manager Risk Assessment Assesses risks in the full metadata process Internal ops Vetting of enterprise Security of metadata supply chain in organization Authentication Delegation deration+Manager+Authentication+Risk+Assessmenthttps://spaces.internet2.edu/display/InCCollaborate/Fe deration+Manager+Authentication+Risk+Assessment Immediate consequences in 2FA metadata submission

Buckets of interfed issues Exchange of metadata Policy alignment Alignment of payloads (attributes) Operational issues

Short-term and long-term A few high-level distinctions between the short-term and long-term approaches to the meeting these needs: Short-term, the flow of metadata for interfederation and the flow of trust in the values being asserted in the metadata are the same – member to federation to another federation to its members. Long-term, the flow of metadata and the flow of trust in the values within the metadata may diverge, allowing an ecosystem of other “vetters” of application or end-entity characteristics. Short-term, a limited set of widely used attributes (eduPerson, Shac) enables almost all essential needs. Long-term, richer attributes will require some mapping approaches, as well as interfederation coordination of names, identifiers, etc. Short-term, almost all operational aspects are handled on a case by case basis. Long-term, operational standards will be needed for effective use and best practices.

Alignment of policies to enable trust in the metadata being exchanged How the federation manages verification of both the organizations and their (perhaps delegated) authorized submitters (the FOP) How does the federation manage verification of other richer end-entity attributes it asserts, such as classification of applications (e.g. R&S), recommended attribute release policies, etc. How the federation operates, in terms of signing metadata approaches, legal status, etc. Aligning the LOA at basic and higher levels for authentication Aligning the relationships between IdP and SP when they are not in the same federation Direct contracts should govern where applicable If the contractual flow is member to fed, and then across interfed to an SP in another…

Interfed gap analysis Technical Interfed discovery Metadata sharing Aligned attribute bundles Policy

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.