Schac attributes and common vocabularies TF-EMC2 16-17.10.2006 Mikael Linden CSC, the Finnish IT Center for Science.

Slides:

Advertisements

Similar presentations

Innovation through participation eduGAIN as a service (T3) in Multi-Domain User Applications (SA3) Valter Nordh, NORDUnet / GU NORDUnet conference, Köpenhamn,

Advertisements

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki Mikael Linden, CSC – IT Center for Science

Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) FIM for research collaboration workshop Mikael Linden,

Innovation through participation Attributes Release Working Group European data protection directive REFEDS meeting 22th Apr, 2012

Resource Entitlement Management System Manne Miettinen Mikael Linden Janne Lauros CSC – IT Center for Science.

EduGAIN – Are we there yet? Lukas Hämmerle (ghost writer, Brook Schofield) FIM4R, Helsinki – 2 October 2013.

InterParty Functional Requirements A presentation to the final InterParty Seminar The Hague 13 June 2003 David Martin.

European Union. Which countries are members of the European Union? More than 25 Why did the European Union form? To encourage trade within Europe What.

5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.

Kalmar Union Mikael Linden CSC, the Finnish IT Center for Science.

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011

The TERENA Academic CA Repository. eIRG Meeting. Dublin, 16/04/2004 Diego R. Lopez – TF-AACE  Task Force on Authentication and.

UKOLUG - July Metadata for the Web RDF and the Dublin Core Andy Powell UKOLN, University of Bath UKOLN.

FIM-ig Federated Identity Management Interest Group.

Internationalisation of Italian URNs Scheme Enrico Francesconi, PierLuigi Spinosa Institute of Legal Information Theory and Techniques Italian National.

CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science

Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.

Profiling Metadata Specifications David Massart, EUN Budapest, Hungary – Nov. 2, 2009.

Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Grant.

Save time. Reduce costs. Find and reuse interoperability solutions on Joinup for developing European public services Nikolaos Loutas

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

CLARIN Infrastructure Vision (and some real needs) Daan Broeder CLARIN EU/NL Max-Planck Institute for Psycholinguistics.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

TERENA Updates TF-EMC2 Meeting Bologna 7-8 Nov 2011 Licia Florio

The Final Study Period Report on MFI 6: Model registration procedure SC32WG2 Meeting, Sydney May 26, 2008 H. Horiuchi, Keqing He, Doo-Kwon Baik SC32WG2.

Update Finland TF-EMC Mikael Linden CSC, the Finnish IT Center for Science.

Shibboleth in Finnish Higher Education Organisations E-ICOLC 2005 Poznan, Poland.

High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005

FIM, , Nijmegen CLARIN: status of FIM Dieter Van Uytvanck 1.

Authentication and Authorization Overview Kimmo Koskenniemi, Antti Arppe, Mikael Lindén University of Helsinki, CSC – IT Centre for Science Consortium.

Kalmar Union, a Conferedation of Nordic Identity Federations TNC2009 Mikael Linden, CSC Andreas Solberg, UNINETT.

European Life Sciences Infrastructure for Biological Information Life science community update for the 7 th Federated Identity Management.

Towards Interconnecting the Nordic Identity Federations TNC2007 Walter M Tveter, UiO Mikael Linden, CSC/HAKA Ingrid Melve, Uninett/Feide.

10/25/2015 AEB/Yleisesittely Organising Federated Identity in Finnish Higher Education TNC2005 Mikael Linden June 8th, 2005.

Connect. Communicate. Collaborate Place organisation and project logos in this area Usage of SAML in eduGAIN Stefan Winter, RESTENA Foundation TERENA Networking.

Refrain Policy Vocabulary HL7 Security WG Kathleen Connor VA (ESC) January 2012.

Campus Identity Management Requirements (=IAP) REFEDs meeting Mikael Linden,

19 May 2003, TERENA, Zagreb Civilizing eduPerson Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group Keith Hazelton,

Kalmar Union lessons: Findings in federation harmonisation REFEDS Mikael Linden, CSC.

Federations round table Haka federation of Finland EuroCAMP Mikael Linden CSC, the Finnish IT Center for Science.

Innovation through participation eduGAIN interfederation service for research and education Cern FedID workshop in RAL, UK 2-3 Nov 2011 Mikael Linden,

Innovation through participation eduGAIN policy: A worm report TF-EMC2 Vienna Mikael Linden, CSC The worm farmer.

AuEduPerson Schema Schema Derived from: - eduPerson - person [RFC 4517, RFC 4519] - organizationalPerson [RFC 4517, RFC 4519] - inetOrgPerson [RFC 2798]

Federations, the Data Protection Directive and WP29 TF-EMC2 Mikael Linden, CSC, the Finnish IT Center for Science.

Refeds update TF-EMC2 Utrecht 3-Dec 2008 Mikael Linden CSC – the Finnish IT Center for Science.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Clain update TF-EMC Mikael Linden, CSC.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

EResearchers Requirements ELIXIR AAI Workshop Presenter: Mikael Linden (ELIXIR AAI-TF)

Programme ›TERENA ›Overview of the middleware initiatives in the European Higher Education ›What is eduroam: the technology and how to set up eduroam ›eduroam-in-a-box:

Innovation through participation EduGAIN policy (working draft) Status update REFEDs 30th May 2010

Diego R. Lopez RedIRIS update Middleware activities at the South-western Border.

CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. SAML2 draft profile in Haka Vienna Mikael Linden.

Aalto Research Data Management Policy Ella Bingham 8 April 2016 This work is licensed under the Creative Commons Attribution 4.0 International License.

AAI needs of the Distributed Computing Infrastructures - CLARIN Dieter Van Uytvanck Max Planck Institute for Psycholinguistics

Course on persistent identifiers, Madrid (Spain) Information architecture and the benefits of persistent identifiers Greg Riccardi Director Institute for.

OGSA Attributes: Requirements, Definitions, and SAML Profile Abstract This document specifies elements and vocabulary for expressing attribute assertions.

AAI Interconnection with an European style Diego R. Lopez RedIRIS.

Connect. Communicate. Collaborate Applying eduGAIN to network operations The perfSONAR case Diego R. Lopez (RedIRIS) Maurizio Molina (DANTE)

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

Innovation through participation Data Protection Code of Conduct (DP CoC) TNC2013 conference, 4 June 2013 Mikael Linden, CSC – IT Center for Science

Towards integrating European research information

Applying eduGAIN to network operations The perfSONAR case

eduPersonAffiliation semantics – a spin-off of eduGAIN policy

Metadata in Digital Preservation: Setting the Scene

Federated Identity and Data Protection Law

GEANT Data protection Code of Conduct 2.0 REFEDS meeting 16 June 2019

Presentation transcript:

Schac attributes and common vocabularies TF-EMC Mikael Linden CSC, the Finnish IT Center for Science

Outline  Why vocabularies?  Why cross-national vocabularies?  schac attributes with no vocabulary  schac attributes with obvious vocabulary  Vocabulary definition for HomeOrganizationType, UniqueCode and UniqueID  Vocabulary definition for PersonalPosition and UserStatus

Why vocabularies?  If we intend to use attributes for authorization, there should be common understanding on their semantics between the users (for example, IdPs and SPs)  for example ”this service is authorised for university students”  what is a university?  what is a student?  eduPerson defines one vocabulary: eduPersonAffiliation student/staff/faculty/employee/member/affiliate/alum (it still leaves the interpretation quite open…)

Why cross-national vocabularies?  If we are some day going to have cross-national confederation (e.g. eduGAIN), we need common vocabularies as part of the schema  it’s easier to design the vocabularies now, when our federations are still young later it will be painfull – too many changes to too many production level systems  How to define vocabularies in an interoperable but still flexible way?

No vocabulary, no problem  schacDateOfBirth for example:  schacPlaceOfBirth for example: Algeciras, Spain  schacSn1, schacSn2 for example, Lopez de la Moraleda  schacPersonalTitle for example, Prof  schacUserPrecenseID URIs, for example  schacExpiryDate for example: Z  schacUserPrivateAttribute for example, mail, telephoneNumber

Vocabulary is obvious (hope so!)  schacMotherTongue – ISO 639 for example, fr, es-ES  schacGender – ISO =male, 2=female, 0=not known, 9 = not specified  schacCountryOfCitizenship – ISO 3166 for example, es  schacHomeOrganization – domain names for example, tut.fi  schacCountryOfRecidence – ISO 3166 for example, es  schacUUID – UUID defined by RFC 4530 for example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6

Outline of the proposed solution  for HomeOrganizationType, UniqueCode and UniqueID 1.We define an international/EU-wide vocabulary, when we can identify a common European denominator 2.Additionally, each NREN maintains a national vocabulary for national extensions may delegate namespaces for institutional vocabularies 3.Terena gathers links to the national vocabularies and publishes them in Benefits EU-wide vocabulary understood in every country National vocabularies make it possible to use and publish national semantics, even to services in another countries, if necessary

schacHomeOrganizationType  Purpose: authorization of cross-national services For example, ”for higher education students in any EU country”  Proposed international/EU vocabulary PREFIX=urn:mace:terena.org:schac:homeOrganizationType PREFIX:eu:higherEducationInstitution // HE defined by Bologna PREFIX:eu:educationInstitution // other educational institutions PREFIX:eu:NREN // NREN defined by TERENA PREFIX:eu:universityHospital PREFIX:eu:NRENAffiliate// organisations part of the NREN constituency Bologna process seems to have no definition for a university  National extensions, for example in Finland PREFIX:fi:university, PREFIX:fi:polytechnic, PREFIX:fi:researchInstitution, PREFIX:fi:other  Terena gathers links to national ”homepages”

schacPersonalUniqueID  National identification number/social security number  assigned by national governments, each country (except Germany) has at least one  considered as sensitive in many countries (strong identifier)  each NREN maintains the national namespace for example the Finnish Identification Code (FIC) urn:mace:terena.org:schac:personalUniqueID:fi:FIC: L  Terena gathers links to national ”homepages”:

schacPersonalUniqueCode  Local (=not government-assigned) identification codes Student number, Library patron number, etc Notice: employeeNumber is already defined by InetOrgPerson  One international namespace proposed for a student number to make student numbers understood automatically between countries urn:mace:terena.org:schac:personalUniqueCode:eu:studentID:‹tld›:‹code› for example, urn:mace:terena.org:schac:personalUniqueCode:eu:studentID:tut.fi:  for other local identifiers, each NREN maintains the national namespace  Terena gathers links to national ”homepages”:

The rest two without separate namespace maintenance schacPersonalPosition  defines a personal position in an institution  for example, urn:mace:terena.org:schac:personalPosition:umk.pl:programmer  to manage namespace, it is recommended to use domain name after the prefix (urn:mace:terena.org:schac:personalPosition) schacUserStatus  specifies persons status as a user of services  for example, urn:mace:terena.org:schac:userStatus:uma.es:affiliation:expired urn:mace:terena.org:schac:userStatus:uma.es:sendMail:expired urn:mace:terena.org:schac:userStatus:uma.es:getMail:active  to manage namespace, it is recommended to use domain name after the prefix (urn:mace:terena.org:schac:userStatus)