7 th FIM 4 R meeting 23-24 April 2014 ESRIN Frascati.

Slides:



Advertisements
Similar presentations
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Advertisements

Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki Mikael Linden, CSC – IT Center for Science
Federated Identity Management for Research Communities: FIM 4 R CSC, Helsinki 2 nd October 2013 Bob Jones, CERN.
Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC May 2014 Dublin.
Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) FIM for research collaboration workshop Mikael Linden,
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.
FIM-ig Federated Identity Management Interest Group.
Sierra Systems itSMF Development Days Presentation March 4 th, 2014 Colin James Assyst Implementation Specialist.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Identity Management for Research Collaborations: from Pilots to Production Bob Jones IT dept CERN.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.
BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.
Authentication and Authorization in a federated environment Jules Wolfrat (SARA)
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Connect communicate collaborate GÉANT3plus Enabling Users Pilots Lukas Hämmerle Task Leader "Enabling Users"
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
European Life Sciences Infrastructure for Biological Information Life science community update for the 7 th Federated Identity Management.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI CF, FIM workshop 11 Apr 2013.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Federated Identity Management for Research Collaborations Bob Jones, CERN Daan Broeder, Max-Planck Institute for Psycholinguistics David Kelsey, Particle.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Federated Identity Management for HEP David Kelsey STFC – RAL Nijmegen workshop 22 June 2012.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.
2003 © SWITCH Authentication and Authorisation Infrastructure - AAI Christoph Graf Project Leader AAI SWITCH.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.
Federated Identity Management for Scientific Collaborations The Common Vision David Kelsey (STFC) 3 Nov 2011.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.
Federated Identity Management How do we proceed? Bob Jones, CERN.
Research Community Requirements Ann Harding, SWITCH Cambridge July 2014.
Authentication and Authorisation for Research and Collaboration Taipei Taiwan Authentication and Authorisation for Research and.
Case Studies in Federated Identity Management for Research Communities Ann Harding, SWITCH/GN3plus Peter Gietz, DAASI International GmbH/DARIAH Tommi Nyro.
Connect communicate collaborate Case Studies in Federated Identity Management for Research Communities Ann Harding, SWITCH/GN3plus Peter Gietz, DAASI International.
David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.
Federated Identity Management for Research Communities: FIM4R PSI workshop objectives Bob Jones, CERN.
Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC CORBEL Workshop The AARC Project Paris, 31 May.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos David Groep 9 th FIM4R Meeting The AARC Project.
Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.
Research Community Requirements (FIM4R) David Kelsey (STFC-RAL) VAMP Workshop 6 Sep 2012.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014.
Introduction to AAI Services
Boosting AAI for research and collaboration
AAI for a Collaborative Data Infrastructure
User Community Driven Development in Trust and Identity
Case Studies in Federated Identity Management for Research Communities
Federated Identity Management for Researchers (FIM4R)
EGI Security Policy Update
Boosting AAI for research and collaboration
Federated Identity Management for Scientific Collaborations
The AARC Project Licia Florio (GÉANT) Christos Kanellopoulos (GRNET)
The AARC Project Licia Florio AARC Coordinator GÉANT
Policy in harmony: our best practice
Policy and Best Practice … in practice
AAI For Researchers Licia Florio AARC Project Coordinator GÉANT DI4R
AARC Blueprint Architecture and Pilots
AAI Architectures – current and future
FIM4R Requirements where GN3+ (SA5) is Active and Involved (9/2013)
Presentation transcript:

7 th FIM 4 R meeting April 2014 ESRIN Frascati

Meeting agenda Agenda page online with material: A written summary will be produced of this event Bob Jones (CERN) – April 2014

Dinner pick-up at 19:30

This afternoon Objective: User Communities view of the progress made since the first publication of the Federated Identity Management for Research Collaborations paper and priorities for the future Roundtable introductions Summary of Terena AAI workshop (Licia Florio) Operational Security (Romain Wartel) Coffee Working with service providers in the future H2020 – how do we work together? End of the session: 17:30 ESA shuttles to Frascati 17:30 & 18:15 (outside main gate) Bob Jones (CERN) – April 2014

Authors: Daan Broeder, Bob Jones, David Kelsey, Philip Kershaw, Stefan Lüders, Andrew Lyall, Tommi Nyrönen, Romain Wartel, Heinz J Weyer Requirements from the research communities Status of the activities & use cases Common vision across these communities Key stages of a roadmap Set of recommendations

The FIM 4 R Vision A common policy and trust framework for Identity Management based on existing structures and federations either presently in use by or available to the communities. This framework must provide researchers with unique electronic identities authenticated in multiple administrative domains and across national boundaries that can be used together with community defined attributes to authorize access to digital resources. Bob Jones (CERN) – April 2014

Prioritisation of FIM 4 R requirements User friendliness (high) – Support for citizen scientists and researchers without formal association to research labs or univ Browser & non-browser federated access (high) Bridging communities (medium) – Bridging is a central issue with an efficient mapping of the respective attributes Multiple technologies with translators including dynamic issue of credentials (medium) Implementations based on open stds and sustainable with compatible licenses (high) Different Levels of Assurance with provenance (high) – Credentials need to include the provenance of the level under which it was issued Authorisation under community and/or facility control (high) Well defined semantically harmonised attributes (medium) Flexible and scalable IdP attribute release policy (medium) – Bi-lateral negotiations between all SPs and all IdPs is not a scalable solution Attributes must be able to cross national borders (high) – Data protection considerations must allow this to happen. Attribute aggregation for authorisation (medium) – Attributes need to be aggregated from different sources of authority including federated IdPs and community-based attribute authorities. Privacy and data protection addressed with community-wide individual ids (medium) Bob Jones (CERN) – April 2014

Technologies being piloted by resource communities Bob Jones (CERN) – April 2014

Research Infrastructures need a service Risk Analysis - implications of having a malicious SP in a federation Traceability - identifying the cause of any security incident Security Incident Response – including all IdPs and SPs Transparency - essential to gain the trust of the users and service providers Reliability and Resilience - of the framework services Smooth Transition - of the existing production systems to a federated identity management model Easy integration with local SP environment - SPs are likely to want to support multiple means of authentication Specific requirements - from some communities Bob Jones (CERN) – April 2014