SIF for US Science Michael Helm Esnet 09 June 2011.

Slides:

Advertisements

Similar presentations

Identity Network Ideals – Heterogeneity & Co-existence

Advertisements

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

Case Studies in Identity Management for Scientific Collaboration 2014 Technology Exchange Jim Basney CILogon This material is.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

US E-authentication and the Culture of Compliance RL “Bob” Morgan University of Washington CAMP, June 2005.

WSO2 Identity Server Road Map

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…

Federated Identity for Scientific Collaborations: Policy Issues Jim Basney 2 nd Workshop on Federated Identity Systems for Scientific.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney

Towards Cloud Federations: what we have; what we want OGF 31, Taipei Cloud security session Jens Jensen Science and Technology Facilities Council Rutherford.

Widely Distributed Access Management Tom Barton University of Chicago.

Shibboleth Update a.k.a. “shibble-ware”

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

FIM-ig Federated Identity Management Interest Group.

Federated A(A(A))I Jens Jensen hepsysman, RAL,

National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George.

The InCommon Federation The U.S. Access and Identity Management Federation

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education

BfB: Supporting Collaboration with Infrastructure.

Authentication and Authorization in a federated environment Jules Wolfrat (SARA)

IAMOhio: OARnet’s Trusted Identity Federation Internet2 Fall Member Meeting 2012 Philadelphia, PA Mark Beadles Program Manager, IAMOhio Federation

INTERNET2 COLLABORATIVE INNOVATION PROGRAM DEVELOPMENT Florence D. Hudson Senior Vice President and Chief Innovation.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Secure Access to Research Infrastructure via the InCommon Federation.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.

Identity Ecosystem for Scientific Collaboration and some related thoughts Michael Helm on behalf of Jim Basney, Greg Bell, Irwin Gaines, Dhiva Muruganantham,

Federated Identity and the International Research Community Dr Ken Klingenstein Director, Internet2 Middleware and Security.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Copyright ©2012 Ping Identity Corporation. All rights reserved.1.

Enterprise NASA GSFC April 14, 2009 Emma Antunes

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

Internet2 Middleware Initiative. Discussion Outline  What is Middleware why is it important why is it hard  What are the major components of middleware.

Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.

Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.

1 The World Bank Internet Services Program Rajan Bhardvaj

COmanage and InCommon: Present and Future Activities and Interactions Heather Flanagan, COmanage Project Coordinator, Internet2.

Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay OSG Security Officer.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

Windows CardSpace Martin Parry Developer Evangelist Microsoft

The InCommon Federation The U.S. Access and Identity Management Federation

Spacebook: Lessons Learned from NASA Emma Antunes NASA Goddard Space Flight Center

GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.

Federated Identity Graduates Nate Klingenstein Internet2 APAN 27 高雄台湾, March 3, 2009.

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

Internet2 AdvCollab Apps 1 Access Grid Vision To create virtual spaces where distributed people can work together. Challenges:

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

Challenges of Federated Authentication to TeraGrid and Open Science Grid Jim Basney

Federated Identity Management at NIH…NIH Login and Beyond Debbie Bucci September 2009.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Grid Security and Identity Management Mine Altunay Security Officer, Open Science Grid, Fermilab.

Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)

30 November 2001 Advisory Panel on Cyber Infrastructure National Science Foundation Douglas Van Houweling November 30, 2001 National Science Foundation.

Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.

Advanced research and education networking in the United States: the Internet2 experience Heather Boyles Director, Member and Partner Relations Internet2.

1 (Brief) Introductory Remarks On Behalf of the U.S. Department of Energy ESnet Site Coordinating Committee (ESCC) W.Scott Bradley ESCC Chairman

WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.

Supporting Advanced Scientific Computing Research Basic Energy Sciences Biological and Environmental Research Fusion Energy Sciences High Energy Physics.

Fermilab supports several authentication mechanisms for user and computer authentication. This talk will cover our authentication systems, design considerations,

1 Enabling Smart Cities/Campuses to Serve the Internet of People Florence Hudson Senior Vice President & Chief Innovation Officer Internet2 TNC16 June.

1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney

Bringing Federated Identity to Grid Computing Dave Dykstra CISRC16 April 6, 2016.

GEOSS Federated Single Sign-On

LIGO Identity and Access Management

Earthdata Login and Open ID A Look at Federated User Identities

Shibboleth Roadmap

Presentation transcript:

SIF for US Science Michael Helm Esnet 09 June 2011

What is driving us (crazy) in identity? Multiple axes of semi-independent variables.... Public identity to enterprise to project specific identity Convenience, low overhead to rigorous, highly secure Web apps... command line tools... mixed use SAML... OpenID Connect... pure OpenID/OAuth... Kerberos... X ssh... your legacy id NIST LOA... EU standards... industry practice... our (science) practice h/w tokens... OTP gizmos... passwords... gatewayed credentials (delegation) 29 September 2010

How do we resolve this? Focus on a few things that work... be flexible though For the US: Recognize the need for multiple, layered identity Focus on NSTIC as the model for dealing with public ID Pick SAML as the platform for doing ID business o This translates to SIF (a/k/a SciFed) and DOE-ICAM in DOE lab space Look closely at web vs command-line issues - this is a huge problem for collaborations and determines what we need to support o Can command-line tools be phased out -or- become web-dependent? 29 September 2010

What do YOU need to do? US projects: You need to tell your project leadership, your site leadership, and anyone else who makes decisions, to make sure both projects and sites join SIF and InCommon. You need to tell your Program Office and your funders that this federation needs to happen. This is how you got DOEGrids CA 10 years ago, and this is how you will get federation. It's not anybody's job to do this yet. Non-US projects: You need to make it clear to US projects that they need to do this. This is how you got DOEGrids CA 10 years ago September 2010

SIF - Science Identity Federation The next part of the slide deck is the argument for SIF to US DOE national lab participants - CIOs, IT staff, projects. 29 September 2010

Science Identity Challenges Collaborations need scalable "security" infrastructure  Authentication... Authorization... Identit y Environment is diverse  DOE sites... Projects... Academia... Industry Different security and identity objectives Internet is changing  Social network Internet identity and security environment is changing  Software, protocols, APIs, principles and practices Efficiency and process  We have a lot of identity "process" locked up in sites  Why build new identity silos for each new service? 29 September 2010

Science Identity Federation (SIF) o Interoperable Identity for DOE labs … based on the well-known o Shibboleth authentication & authorization software from Internet2Internet2 … so that labs can also o Federate with InCommon  US Higher Education Shibboleth Federation: see InCommonfederation.orgInCommonfederation.org.... and other federations as needed 29 September 2010

What Is InCommon? 29 September

SIF Why do we need this? DOE's science projects are large-scale collaborations Projects rely on sites for infrastructure Project membership: academia in US and abroad The best answer for this is InCommon federation 29 September 2010

SIF Science Collaborations (Sample) HE Physics o LHC collaborations (ATLAS, CMS,...) o Daya Bay (neutrino) Nuclear Physics o RHIC Fusion o ITER "Basic Energy Sciences" - Materials, Geo, Bio o User facilities (*-beam scattering) Biology/Environmental o Genome o Biofuels 29 September 2010

SIF DOE User facilities DOE provides over 60 scientific user facilities Unique, unparalleled "toolbox" for scientific research They come and go Can we make new and existing user facilities easier to use? 29 September 2010

SIF Entanglement Many partnerships between DOE and academia o Scientific personnel o User facilities Cross-agency support o NSF o NOAA o and others We need a broadly-supported identity infrastructure. 29 September 2010

SIF What are we doing today? SIF is functioning as a sub-federation of InCommon 3-year voluntary membership program Next: Focus on getting IDPs up and in production in InCommon 29 September 2010

SIF Challenges Just getting IDPs up! Standards - our community does not understand LOA / NIST / ICAM o Academia/foreign really don't understand this No one cares about identity - they care about applications Magical thinking - Support - this is no one's job to build 29 September 2010

SIF contact information Or Go to groups.google.com and Search for science federation Or Contact me: Michael Helm 29 September 2010