Federations and Higher Education. Topics  Federations: What they may be and where they may fit The theory The practice: first instantiations –Ice9: Shibboleth.

Slides:

Advertisements

Similar presentations

Secure Videoconferencing Jill Gemmill, UAB. Room for Improvement… Videoconferencing applications today No resource discovery – need to already know address.

Advertisements

802.1AF - directions define requirements to find and create connections in terms of Discovery - Authentication - Enable 1.Discover of what can be done.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.

Understanding Active Directory

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

InCommon and Federated Identity Management 1

Peter Deutsch Director, I&IT Systems July 12, 2005

Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.

Shibboleth Update a.k.a. “shibble-ware”

SIM402. Kerberos, NTLM, Basic, Digest, Forms?

The Rise of Collaborative Tools Ken Klingenstein Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado at Boulder.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.

National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.

A Practical Guide for Joining EduRoam EuroCAMP Torino A Practical Guide for Joining EduRoam 4 March 2005 Version 1.6.

IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.

VidMid- VC 12 October 2015 Federated Secure Internet Conferencing Thread Work In Progress.

InCommon Update Internet2 Meeting April 20, 2004 Ken Klingenstein and Carrie Regenstein.

Vidmid VC working group: Scenarios & workplan Egon Verharen, SURFnet.

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Five Windows Server 2008 Remote Desktop Services,

Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.

Shibboleth: An Introduction

JISC Middleware Security Workshop 20/10/05© 2005 University of Kent.1 The PERMIS Authorisation Infrastructure David Chadwick

Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.

Ákos FROHNER – DataGrid Security n° 1 Security Group D7.6 Design Ideas

The Golden Age of Plywood Ken Klingenstein Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado at Boulder.

1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.

Security Planning and Administrative Delegation Lesson 6.

Page 1 User Accounts Lecture 3 Hassan Shuja 09/21/2004.

MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.

University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Fundamentals: Security, Privacy, Trust. Scenarios we’d like to see... Use of licensed library materials regardless of student’s location Signed .

Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.

11 Restricting key use with XACML* for access control * Zack’-a-mul.

Privileged Access Management (PAM) with MIM 2016

Web Services Security Patterns Alex Mackman CM Group Ltd

Data Security at Duke DECEMBER What happened: “At this time, we have no indication that research data or personal data managed by Harvard systems.

XACML Showcase RSA Conference What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n.

Origins: The Requirements of Participating in Federations CAMP Shibboleth June 29, 2004 Barry Ribbeck & David Wasley.

MedMid Working Group Steve Olshansky, Internet2 28 October 2002 Medical Middleware.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect.

IAM VISION OUR CREATIVE INSPIRATION IAM STRATEGY & ROADMAP TEAM JUNE 3, 2015.

The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop.

The Technology of Privacy Walter Hoehn

Kelly Whitacre, Kunal Bele, and Mike Gerschefske.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.

Federated Identity Management at Virginia Tech

Shibboleth Implementation in EZproxy

4th Annual Conference on Technology and Standards Washington

SAML/SIP Profiles and Call Initiation

Presentation transcript:

Federations and Higher Education

Topics  Federations: What they may be and where they may fit The theory The practice: first instantiations –Ice9: Shibboleth and Liberty FOO  Federations in Gov  Federations in the Business Community  InCommon Discussion Mission Key Early Issues –Membership and affiliations –Process for governance and direction –When and how to change the wings CREN CA relationship

VidMid-VC Scenario [1] Resource Discovery  Origin user initiates VC session by selecting from: Local directory (“White Pages”), or Federated directory(s), or Drop-down list of frequent targets –Directory-enabled -- always up to date  Target user entry denotes client capability(s): H.323 SIP Voice

VidMid-VC Scenario [1a] Resource Discovery  GUI tools to enable user to manage their location to receive VC, e.g.: For the next 90 minutes I will be in Conf. Room B, if anyone tries to reach me For the next 4 hours I will be at , if Jane Doe, Bob Smith, or Alice Jones tries to reach me. All others should be notified that I will be available for VC at my own station at 14:00 today. I want calls from Prof. Jones from the Medical School to be encrypted

VidMid-VC Scenario [2] Authentication  Utilize user’s authentication credential from their “home” security domain  On the target side, pop-up window appears on workstation, reading: Jane Doe from Penn State U. is attempting to initiate a videoconference with you, and Penn State U. asserts that this is in fact Jane Doe. Would you like to accept the call? [Yes] [No]  Needed: ability to utilize credentials received from local security domain, and pass them as needed to Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs) as needed

VidMid-VC Scenario [3] Authorization  Management tools to control access to VC based on role and/or location. E.g.: Dormitory student users not permitted to VC between 08:00–17:00 Mon-Fri Math Dept. Admin Asst. permitted to initiate VC on behalf of faculty/staff at any time. Only faculty/staff users permitted to exceed 384 Kbps Faculty is allowed to set up a multipoint conference call GUI tools to enable user to manage their location to receive VC Only faculty/staff users permitted to exceed 384 Kbps Faculty is allowed to set up a multipoint conference call  Need clients enabled to be controlled based on user role and/or device location, or other attributes