Scared Straight… if you want to go outside… Authenticate Locally, Act Globally.

Slides:



Advertisements
Similar presentations
GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.
Advertisements

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.
PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.
From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…
User Attributes; who, where, how many? Daan Broeder TLA – MPI for Psycholinguistics.
Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
Identity Federation: Some Challenges and Thoughts OGF 19 Jan 30, 2007 Von Welch
Internet Scale Identity, Collaboration and Higher Education.
Some Frontier Issues from the Wild, Wild West Ken Klingenstein.
NSF Middleware Initiative: GridShib Tom Barton University of Chicago.
Widely Distributed Access Management Tom Barton University of Chicago.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
New CyberInfrastructure for Collaboration between Higher Ed and NIH.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
NOS Objectives, YR 4&5 Tony Rimovsky. 4.2 Expanding Secure TeraGrid Access A TeraGrid identity management infrastructure that interoperates with campus.
Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
BfB: Supporting Collaboration with Infrastructure.
I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.
The Rise of Federations…Almost Everywhere. Topics Federation Basics Drivers Components International and pulic sector developments InCommon and its uses.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
VO Identity, Attributes, and Infrastructure: Some Basics.
InCommon, other federations, the attribute ecosystem, and some killer apps needing guns…
Campus middleware in the service of Science Keith Hazelton Internet2 Middleware Architecture Committee for Education NSF Internet2 Day October 19, 2006.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
CLARIN Infrastructure Vision (and some real needs) Daan Broeder CLARIN EU/NL Max-Planck Institute for Psycholinguistics.
VO and Internet2 Middleware. Presenter’s Name Topics Motivations for Internet2 Middleware work Federated identity and InCommon Other IdM Groups, privileges,
What is Cyberinfrastructure? Russ Hobby, Internet2 Clemson University CI Days 20 May 2008.
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.
Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.
Integrated Institutional Identity Infrastructure: Implications and Impacts RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005.
A Role for Libraries in Helping Users Manage Collaboration.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
Access Information Management Tom Barton University of Chicago.
Virtual organizations: Team Science, Team Shakespeare.
Taking Care of Our Core Business: Managing Collaborations Dr. Ken Klingenstein, Senior Director, Internet2 Middleware and Security.
Federations Penn State Case Study Renée Shuey Senior Systems Engineer ITS – Emerging Technologies October 13, 2003.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
More Allergic Reactions Some Potential Next Steps Tom Barton University of Chicago.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Federated Identity in the Global Landscape. Presenter’s Name Topics Federated identity basics International deployments and issues National, local and.
Advanced CAMP Emerging from the mists: Requirements for supporting VOs voReqs ppt Keith Hazelton
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
InCommon Federation: Federating Relationships. Topics Administration Library Research Student Services Personal and Collaborative Applications Federal.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD
THE CAMPUS IDENTITY SYSTEM Lucy Lynch, NSRC. Learning Objectives Discovering the key role campus networks play in trusted identities for R&E Authoritative.
LIGO Identity and Access Management
eduTEAMS platform for collaboration Niels Van Dijk
eduTEAMS – Current status & Future Plans
I2/NMI Update: Signet, Grouper, & GridShib
John O’Keefe Director of Academic Technology & Network Services
Federated Identity Management for Researchers (FIM4R)
CLARIN Federated Identity Vision
ESA Single Sign On (SSO) and Federated Identity Management
New CyberInfrastructure for Collaboration between Higher Ed and NIH
Topics The simple life The Simple Life GUI The full IdM life
Context, Gaps and Challenges
Guests and Collaborators
A History of the Next Five Years: (the rise of indoor plumbing)
TeraGrid Identity Federation Testbed Update I2MM April 25, 2007
NSF Middleware Initiative: GridShib
Presentation transcript:

Scared Straight… if you want to go outside… Authenticate Locally, Act Globally

Topics Externalities who care about our IdM Content Services Government Virtual organizations Internal federations Security, usability and privacy And now, for the rest of the story…

Externalities Relying Parties want to use campus authn For economies Not another sso to incorporate into the app Avoid much of the costs of account management For scaling in users Interest is tempered by legal considerations, policy considerations, and unintended disruptive economic consequences

Content To protect IPR (the JSTOR incident…) To open up markets Popular content – Ruckus, CDigix, etc MS Scholarly content – Google, OCLC WorldCat Scope of IdM may be an issue

Services Student travel, charitable giving, web learning and testing, plagiarism testing service, etc. Allure for alumni services and other internal businesses Student loans, student testing, graduate school admissions, etc. The Teragrid

Government NSF Fastlane Grant Submission Dept of Agriculture Permits Social Security NIH Dept of Ed

Virtual Organizations The big team science efforts, and even smaller collaborations with real resources to be managed seriously Have their own IdM issues Collaboration tools Domain science identity management Today’s solutions are non-existent, insecure or widely despised… Could leverage federated identity for both ease of use and better security

Peering

Possible peering parameters LOA Attribute mapping Economics Liability Privacy

VOs plumbed to federations

Inviting Attributes into your life… For privacy and secrecy Albeit for a refined view of privacy For better security Federated identity allows for stronger security where needed in a manner scalable for both RP and the user. For efficiency

The impacts on cyberinfrastructure “ The event was a nice example of why you get on an airplane and travel to a workshop - to make progress about 50 times faster than exchanging and position papers! Having made this investment, we are ready to take the next concrete steps to make this vision a reality. Improving security and usability at the same time. How often do you get a chance to do that? “ Charlie Catlett, Teragrid Director

And Now for the Rest of the Story The Simple Life and the Simple User The Full IdM Life Real IdM Life and the Attribute Economy

User Application access controls (including network devices) IdP Shib p2p

User Application access controls (including network devices) IdP Shib p2p Source of Authority Source of Authority Source of Authority Authn Autograph A Simple Life GUI

User Application access controls (including network devices) IdP Shib p2p Source of Authority Source of Authority Source of Authority A Full IdM Life Local apps

Relative Roles of Signet & Grouper Grouper Signet RBAC (role-based access control) model Users are placed into groups (aka “roles”) Privileges are assigned to groups Groups can be arranged into hierarchies to effectively bestow privileges Grouper manages, well, groups Signet manages privileges Separates responsibilities for groups & privileges

User Application access controls (including network devices) Shib p2p Source of Authority Source of Authority Source of Authority Authn Autograph A Full Life GUI Signet/ Grouper IdP Local apps

User Application access controls (including network devices) IdP Shib p2p Source of Authority Source of Authority Source of Authority Portal Gateway Proxy Source of Authority Source of Authority Source of Authority Source of Authority Source of Authority Real Life

User Application access controls (including network devices) IdP Shib p2p Source of Authority Source of Authority Source of Authority VO Service Center Gateway Source of Authority Source of Authority Source of Authority IdP

User Application access controls (including network devices) IdP Shib p2p Autograph Authn Source of Authority Source of Authority S/G VO Service Center Source of Authority S/G A VO Service Center Flow

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.