Towards Interconnecting the Nordic Identity Federations TNC2007 Walter M Tveter, UiO Mikael Linden, CSC/HAKA Ingrid Melve, Uninett/Feide.

Slides:

Advertisements

Similar presentations

Lousy Introduction into SWITCHaai

Advertisements

Federation management A mess? Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.

Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki Mikael Linden, CSC – IT Center for Science

Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) FIM for research collaboration workshop Mikael Linden,

EduGAIN – Are we there yet? Lukas Hämmerle (ghost writer, Brook Schofield) FIM4R, Helsinki – 2 October 2013.

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

Kalmar Union Mikael Linden CSC, the Finnish IT Center for Science.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

ERASMUS+ EMREX – Supporting Student Mobility CIMO

Stitching It All Together. Discussion Topics Peering and confederation Privacy principles Working with other sectors Virtual Organizations (VO's) Moving.

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

SWITCHaai Team Introduction to Shibboleth.

Middleware challenges to service providers, the Nordic view TERENA, Ingrid Melve, UNINETT.

CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science

Business Register Interoperability Throughout Europe Vito Giannella European Business Register eeig.

EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.

Developments and challenges in authentication and authorisation Klaas Wierenga Berlin, 23 May 2006.

Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.

Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.

CLARIN Infrastructure Vision (and some real needs) Daan Broeder CLARIN EU/NL Max-Planck Institute for Psycholinguistics.

Update Finland TF-EMC Mikael Linden CSC, the Finnish IT Center for Science.

FIM, , Nijmegen CLARIN: status of FIM Dieter Van Uytvanck 1.

Kalmar Union, a Conferedation of Nordic Identity Federations TNC2009 Mikael Linden, CSC Andreas Solberg, UNINETT.

10/25/2015 AEB/Yleisesittely Organising Federated Identity in Finnish Higher Education TNC2005 Mikael Linden June 8th, 2005.

Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)

Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie.

Connect. Communicate. Collaborate Place organisation and project logos in this area AAIEye – A Monitoring Tool For AAI’s Mika Suvanto, CSC TNC 2008, Bruges.

Kalmar Union lessons: Findings in federation harmonisation REFEDS Mikael Linden, CSC.

Baltic IT&T, Riga 2007 Identity Management within the educational sector in Norway Senior Adviser Jan Peter Strømsheim, Norwegian ministry of Education.

Géant-TrustBroker project overview Slides assembled by the Géant-TrustBroker team at Leibniz Supercomputing Centre, Germany for a short presentation by.

Federations round table Haka federation of Finland EuroCAMP Mikael Linden CSC, the Finnish IT Center for Science.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Federation Building Blocks EuroCAMP, Malaga 18 Oct 2006 Julie Frøseth, UNINETT.

Innovation through participation eduGAIN interfederation service for research and education Cern FedID workshop in RAL, UK 2-3 Nov 2011 Mikael Linden,

Connect. Communicate. Collaborate The MetaData Service Distributing trust in AAI confederations Manuela Stanica, DFN.

Innovation through participation eduGAIN policy: A worm report TF-EMC2 Vienna Mikael Linden, CSC The worm farmer.

ERASMUS+ EMREX – Supporting Student Mobility EUNIS Mats Lindstedt, Janina Mincer-Daszkiewicz, Lotten Hultgren Viklund.

Géant-TrustBroker Project Overview Daniela Pöhn 7 th FIM4R meeting Frascati, Italy April 24 th, 2014.

Copyright JNT Association 2009GN3, 8 th September Inter-Federation Agreements eduGAIN and beyond? Andrew Cormack Chief Regulatory Adviser, JANET(UK)

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Innovation through participation EduGAIN policy (working draft) Status update REFEDs 30th May 2010

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.

CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. SAML2 draft profile in Haka Vienna Mikael Linden.

Networks ∙ Services ∙ People Nicole Harris UK federation meeting eduGAIN, REFEDS and the UK 23 June 2015 Project Development Officer GÉANT.

AAI needs of the Distributed Computing Infrastructures - CLARIN Dieter Van Uytvanck Max Planck Institute for Psycholinguistics

Workshop on Security for Web Services. Amsterdam, April 2010 Applying SAML to Identity Data Exchange.

AAI Interconnection with an European style Diego R. Lopez RedIRIS.

Connect. Communicate. Collaborate Applying eduGAIN to network operations The perfSONAR case Diego R. Lopez (RedIRIS) Maurizio Molina (DANTE)

Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

Géant-TrustBroker Dynamic inter-federation identity management Daniela Pöhn TNC2014 Dublin, Ireland May 19 th, 2014.

Innovation through participation Data Protection Code of Conduct (DP CoC) TNC2013 conference, 4 June 2013 Mikael Linden, CSC – IT Center for Science

Access Policy - Federation March 23, 2016

Applying eduGAIN to network operations The perfSONAR case

Cross-sector and user-centric AAI

Mechanisms of Interfederation

Use case: Federated Identity for Education (Feide)

Géant-TrustBroker Dynamic inter-federation identity management

John O’Keefe Director of Academic Technology & Network Services

Scalability of trust and metadata exchange across federations

AARC2 JRA1 Nicolas Liampotis

Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.

GNOMIS – the northern light TF-AACE, Ingrid Melve, UNINETT

Shibboleth 2.0 IdP Training: Introduction

Feide status TF-EMC2, Malaga 17 Oct 2006 Julie Frøseth, UNINETT

Presentation transcript:

Towards Interconnecting the Nordic Identity Federations TNC2007 Walter M Tveter, UiO Mikael Linden, CSC/HAKA Ingrid Melve, Uninett/Feide

Interconnecting federations The Kalmar Union policy Cross-federation model Technical solution Crossing circles of trust Participants Consent and attributes Future works

Kalmar union First Kalmar union ( ) united the Nordic countries under a single monarch, giving up sovereignty but not independence Interconnecting Nordic AAI federations Model for exchanging traffic – My users have access to your services? – Your users have access to my services? What is the simplest solution for interconnecting access control? Policy issues for federations

Policy Minimal information disclosure, informed consent Voluntary participation in cross-federation No liability (this must be written in contract) Conflict resolution by elected board Minimal intellectual property rights, as there are minimal central components Services across borders, jurisdiction Best effort, no guarantees needed Money flow outside our scope (goes direct IdP-SP)

Kalmar cross-federation model Bi-lateral agreements Cross-federation charter Overlapping federations, may chose to leave out parts from the overlap Previous work – Aligned federation policies – Worked together in GNOMIS – norEdu* schemas developped in GNOMIS

Participants Federations – HAKA in Finland – Feide in Norway Federations to join – SWAMI in Sweden – DK-AAI in Denmark End users Identity providers (home organizations) Service Providers

Technical Kalmar solution SAML 2 metadata for federation overlap HAKA Identity Provider Feide Identity Provider HAKA Service Provider Feide Service Provider

Technical work Trial interconnect in September 2006 – Shibboleth1.3 in HAKA – Sun Access Manager (SAML2.0) in Feide eduGAIN bridging element evaluated – Backwards compatible with Shibboleth 1.3 – Not yet available, but preliminary tests running Easier to do SAML2.0-based connections

Crossing Circles of Trust User wants to access service in other Identity Federation – Must find the right login service (WFAYF or explicit links) What is really transferred – Identity Provider sends login and attributes – Service Provider must trust third party login outside his federation Opt-in at all levels: user, IdP and federation May have opt-out at the federation level, if needed

Consent and attributes Informed consent Attribute transfer – Safeguards at 3 levels: user, IdP/home, federation Voluntary participation in cross-federation – Opt-in for end user – Opt-in for identity providers (home organizations) – Opt-in for each federation Semantic interoperability based on eduPerson (with extensions) – Information about semantics – We do not enforce the same semantics

Future work Single Sign On and informed consent – How to inform users Operational service – Depends on introduction of SAML2.0 Revisit policy after we have real life experience of what problems turn up in production