Kalmar Union, a Conferedation of Nordic Identity Federations TNC2009 Mikael Linden, CSC Andreas Solberg, UNINETT.

Slides:

Advertisements

Similar presentations

Lousy Introduction into SWITCHaai

Advertisements

Federation management A mess? Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki Mikael Linden, CSC – IT Center for Science

Resource Entitlement Management System Manne Miettinen Mikael Linden Janne Lauros CSC – IT Center for Science.

EduGAIN – Are we there yet? Lukas Hämmerle (ghost writer, Brook Schofield) FIM4R, Helsinki – 2 October 2013.

5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Kalmar Union Mikael Linden CSC, the Finnish IT Center for Science.

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

AAI with simpleSAMLphp

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

SWITCHaai Team Introduction to Shibboleth.

CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science

Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.

SAML Right Here, Right Now Hal Lockhart September 25, 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Update Finland TF-EMC Mikael Linden CSC, the Finnish IT Center for Science.

Shibboleth federations: A Publisher’s Perspective Ale de Vries Product Manager ScienceDirect Elsevier Terena EuroCAMP Malaga, October 18-19, 2006.

Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.

Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

Towards Interconnecting the Nordic Identity Federations TNC2007 Walter M Tveter, UiO Mikael Linden, CSC/HAKA Ingrid Melve, Uninett/Feide.

10/25/2015 AEB/Yleisesittely Organising Federated Identity in Finnish Higher Education TNC2005 Mikael Linden June 8th, 2005.

Federations 101 John Krienke Internet2 Fall 2006 Internet2 Member Meeting.

Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)

Campus Identity Management Requirements (=IAP) REFEDs meeting Mikael Linden,

7 th FIM 4 R meeting April 2014 ESRIN Frascati.

Kalmar Union lessons: Findings in federation harmonisation REFEDS Mikael Linden, CSC.

1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.

Resource Entitlement Management System Mikael Linden CSC – IT Center for Science.

Federations round table Haka federation of Finland EuroCAMP Mikael Linden CSC, the Finnish IT Center for Science.

Copyright JNT Association 20051Optional Copyright JNT Association The UK federation Mark Tysom, JANET(UK) 9 October 2007.

Innovation through participation eduGAIN interfederation service for research and education Cern FedID workshop in RAL, UK 2-3 Nov 2011 Mikael Linden,

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Innovation through participation eduGAIN policy: A worm report TF-EMC2 Vienna Mikael Linden, CSC The worm farmer.

Federations, the Data Protection Directive and WP29 TF-EMC2 Mikael Linden, CSC, the Finnish IT Center for Science.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.

Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.

CARSI: Federated Identity and Resource Sharing over CERNET Dr. PING CHEN Peking University( 北京大学 ) Jan, 24 th, 2008.

The UK Access Management Federation John Chapman Project Adviser – Becta.

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

Copyright JNT Association 20051Optional Copyright JNT Association The UK federation TNC - 22 nd May 2007 Mark Tysom, UKERNA.

Haka federation status  24 institutions and IdPs end users 96% coverage in universities, 41% in polytechnics  41 services Elearning Libraries.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Interfederation RL “Bob” Morgan University of Washington and Internet2 Internet2 Member Meeting Chicago, Illinois December 2006.

June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.

CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. SAML2 draft profile in Haka Vienna Mikael Linden.

AAI needs of the Distributed Computing Infrastructures - CLARIN Dieter Van Uytvanck Max Planck Institute for Psycholinguistics

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

6/12/2016 AEB/Yleisesittely WLAN roaming experiences using Shibboleth TNC 2004, Rhodes 7th of June, 2004 Mikael Linden, Viljo Viitanen,

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Innovation through participation Data Protection Code of Conduct (DP CoC) TNC2013 conference, 4 June 2013 Mikael Linden, CSC – IT Center for Science

Mechanisms of Interfederation

Shibboleth Roadmap

Federation Systems, ADFS, & Shibboleth 2.0

Identity Federations - Overview

Scalability of trust and metadata exchange across federations

GakuNin: Federated Identity Management Activities in Japan

The French federation Eurocamp 2007 Helsinki

Overview and Development Plans

UK Access Management Federation

Shibboleth 2.0 IdP Training: Introduction

Presentation transcript:

Kalmar Union, a Conferedation of Nordic Identity Federations TNC2009 Mikael Linden, CSC Andreas Solberg, UNINETT

What is a confederation Most academic federations cover one country FEIDE in Norway SWAMID in Sweden Haka in Finland WAYF in Denmark and Iceland To enable cross-federation use of resources the federations need to be bridged together => a confederation is a federation of federations

Confederation use cases Research collaboration – Cross-national research groups Research Infrastructure – Shared infrastructure => economics of scale Learning collaboration – Cross-national courses, LMS Licensed content – Library article databases etc

Juridical Shape of Kalmar Union Joining feds sign a Memorandum of Understanding and Charter – Not fully binding, lowers threshold to join Joining federations remain independent – IdPs&SPs join always a national federation Focuses on privacy issues Liability excluded No invoicing (money not moving between feds)

Data protection in Kalmar Union Attribute release between security domains – privacy even more important Following the Data protection directive – Only relevant attributes released from IdP to SP – End user is informed on attribute release – End user consents to attribute release

Metadata aggregation

Technical set-up WAYF Haka SWAMID FEIDE Haka SWAMID FEIDE WAYF Univ of Helsinki Univ of Turku Univ of Uppsala Univ of Umeå Univ of Oslo Univ of Bergen Univ of Iceland Univ of Copenhagen Univ of Aarhus CSC: supercomputer SP NMS in i ICT: Moodle SP Univ of Uppsala: LMS SP Univ of Umeå: wiki SP Uninett: Foodle SP NorduGrid: SLCS SP Ordbogen.com SP NIAS: AsiaPortal SP Kalmar metadata aggregate IdP SAML2 end-to-end Central Aggregate shares SAML2 metadata

National aggregate

Entity descriptors

How to use SAML Software: – As of now: Shibboleth and simpleSAMLphp SAML 2.0 Interoperable Deployment Profile: – HTTP-Redirect in request, POST in response – Encryption: either SSL or encrypted assertions SAML2 Metadata interoperability profile – Embedded certificates, no PKIX.

Optional Kalmar features Centralized SAML 2.0 Discovery Service Shibboleth ARP file generation

Homework: federation harmonisation Harmonise attributes – mandatory attributes – semantics of attributes especially: attributes for authorisation – unique identifiers Campus Identity Management requirements – The floor for IdM quality in the IdP side Usability and user experience SAML 2.0 profile Federation business models – The fee for ”external” SPs joining a federation

Conclusions It is possible and there are use cases Start with policy, then go to implementation We showed bridging elements are not needed, just use SAML2.0 end to end Harmonisation of participating federations is recommended to make it easier to confederate

A full paper is uploaded to the conference web site