Growth and Change in Federations and What This Means for Supporting Technologies Nick Roy and Chris Phillips

Slides:

Advertisements

Similar presentations

Personalising learning Bernie Zakary, Head of Curriculum and Assessment, Becta BETT 08 Wednesday, 9 January 2008.

Advertisements

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Changing Role of the Technologist as Higher Ed Embraces the Cloud Michele Decker, University of Notre Dame Jacob Farmer, Indiana University Derek D.

Agile Architecture Prabhu Venkatesan for COMP-684.

Unleash the Power of Collaboration With Peer Coaching Shelee King George.

We all know the world is changing… Upgrades may break apps We need sufficient time to test Our key software vendors need time to test & issue statements.

WebFTS as a first WLCG/HEP FIM pilot

Shibboleth and InCommon Copyright Texas A&M University This work is the intellectual property of the author. Permission is granted for this material.

Optimizing Your Clarity Support Team.

MICROSOFT AZURE ISV PROFILE: BUYING BUTLER LTD Our free concierge buying service makes complex purchases easy. Our first category is cars: We help consumers.

Problems with reuse – Increased maintenance costs; lack of tool support; not-invented- here syndrome; creating, maintaining, and using a component library.

SWITCHaai Team Federated Identity Management.

SOFTWARE AND VENDOR SELECTION

OFC 200 Microsoft Solution Accelerator for Intranets Scott Fynn Microsoft Consulting Services National Practices.

Using the Powerful Microsoft Azure Platform, e-SUAP Properly and Securely Manages All Steps for Customizable Business Activities Permissions MICROSOFT.

Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.

Java Net Project BUS517 Project Management September 12,

InCommon as Infrastructure: How Recommended Practices and Federation Features Help Scale Federated Identity Management Michael R. Gettes, Carnegie Mellon.

SAML Right Here, Right Now Hal Lockhart September 25, 2012.

Using Business Scenarios for Active Loss Prevention Terry Blevins t

Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.

MSF Overview (Microsoft Solutions Framework) Eran Kolber Vice President – LIH Ltd Regional Director – Microsoft Product Management Advisor – MSF Development.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.

Communicate with All Workers Involved in the Process of Delivering High-Quality Health Care by Choosing Dossier365 on the Azure Platform MICROSOFT AZURE.

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

Supporting Are we ready? REFEDS, Oct 2013 Ann Harding

COmanage and InCommon: Present and Future Activities and Interactions Heather Flanagan, COmanage Project Coordinator, Internet2.

Distributed Information Systems. Motivation ● To understand the problems that Web services try to solve it is helpful to understand how distributed information.

Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community

1 Microsoft Project Solution Offerings and the next chapter of EPM September 17th, 2003 Brendan Giles, PMP Systemgroup Management Services.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Actualog Social PIM Helps Companies to Manage and Share Product Information Using Secure, Scalable Ease of Microsoft Azure MICROSOFT AZURE ISV PROFILE:

Building Federations in APAN: What’s Worked? Nate Klingenstein Internet2 / Shibboleth Consortium / InCommon February 2012, APAN 33, Chiang.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

T Project Review RoadRunners [IM3] Iteration

Mariann Yeager, NHIN Policy and Governance Lead (Contractor) Office of the National Coordinator for Health IT David Riley, CONNECT Lead (Contractor) Federal.

Microsoft ® System Center Virtual Machine Manager 2008 R2 Infrastructure Planning and Design Series Published: June 2008 Updated: September 2009.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.

CISC 849 : Applications in Fintech Namami Shukla Dept of Computer & Information Sciences University of Delaware A Cloud Computing Methodology Study of.

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

+ Challenges in the VO Space Heather Flanagan (Spherical Cow Group) REFEDS meeting; 4 October 2015 Cleveland, OH, US.

Project Discovery – Monday Holyoke 561 Most updates will only have 30 minutes maximum for their presentations. At least 10 minutes should be left for Q&A.

Growth. Interfederation PKI is globally scalable Unfortunately, its not locally deployable… Federation is locally deployable Can it.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Understanding deployment issues on the Supply Chain Ann Harding, SWITCH, Nicole Harris, TERENA Cambridge July 2014.

NREN Trust and Identity Strategy Ann Harding, SWITCH Cambridge July 2014.

Axis AI Solves Challenges of Complex Data Extraction and Document Classification through Advanced Natural Language Processing and Machine Learning MICROSOFT.

Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.

Tekla Model Sharing and Microsoft Azure Create Secure and Seamless Collaboration Environment for Construction Projects, Locally and Globally MICROSOFT.

Powered by the Microsoft Azure Platform, Truck Tin Helps Your Sales Consultants Improve Efficiency, Information Sharing, Client Relations MICROSOFT AZURE.

Microsoft Azure and ServiceNow: Extending IT Best Practices to the Microsoft Cloud to Give Enterprises Total Control of Their Infrastructure MICROSOFT.

WHAT WE OFFER Go-To-Market Services Microsoft Azure Brings to Life Citizen Assistance, the Tech Solution That Improves Communication Between the People.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Chapter 8: Maintenance and Software Evolution Ronald J. Leach Copyright Ronald J. Leach, 1997, 2009, 2014,

Connect communicate collaborate Case Studies in Federated Identity Management for Research Communities Ann Harding, SWITCH/GN3plus Peter Gietz, DAASI International.

Powered by Microsoft Azure, The Tyros Allows Sports Coaches, Athletes, and Officials to Share and Analyze Game Videos Anywhere There’s an Internet Connection.

Cloud, big data, and mobility Your phone today probably meets the minimum requirements to run Windows Server 2003 Transformational change up.

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Task Performance Group Provides Cutting-Edge E-Commerce B2B EDI Integration Using MegaXML SaaS Solution on Microsoft Azure Cloud Platform MICROSOFT AZURE.

THE CAMPUS IDENTITY SYSTEM Lucy Lynch, NSRC. Learning Objectives Discovering the key role campus networks play in trusted identities for R&E Authoritative.

InCommon Steward Program: Community Review

© 2016 Global Market Insights, Inc. USA. All Rights Reserved Americas Container Technology Market to grow at 35% CAGR over

The Only Digital Asset Management System on Microsoft Azure, MediaValet Is Uniquely Equipped to Meet Any Company’s Needs MICROSOFT AZURE ISV PROFILE: MEDIAVALET.

Inter-Business Scheduling Solution Powered by Azure Makes Setting Up Meetings Faster, Easier Partner Logo “ScheduleMe on Azure gives me hours back every.

Harness the competitive advantages of Power BI and obtain business-critical insights with Adastra’s enterprise analytics platform using Microsoft Azure.

Vittorio Bertocci Principal Technical Evangelist Microsoft

Shibboleth 2.0 IdP Training: Introduction

Presentation transcript:

Growth and Change in Federations and What This Means for Supporting Technologies Nick Roy and Chris Phillips REFEDS at Internet2 TechEx

Agenda: ✧ Tech landscape, continuing the discussion ✧ What is happening in N. America? ✧ Exploring Next Steps 2

Context Goal: Stay current while meeting the needs of our community Safely and securely Effectively and efficiently In a scalable fashion

2015Q3 IdP Tech Profile (simplified) References: Original data: ADFS:

Observations ✧ Shibboleth still the ‘reference platform for Federated SSO’ ➢ Shibboleth makes up ~80% of 1828 IdP deployments as of Jul 16, 2015[1] ➢ Understanding features for next 6-18 months will be key ✧ ADFS practically everywhere, but lacks features. ➢ Driven by Active Directory & O365/Azure requirement. ➢ Downside/Upside: ADFS has classically not met functional points Upside: change is happening (see previous link:2016TP3) ✧ SSP still current ➢ Installation is more lightweight ➢ Both SP/IdP in same code base ➢ Others may speak more authoritatively on this. [1]

Additional Data Points

New IdP Platforms Emerging ✧ Ellucian * building an embedded IdP offering ➢ Partnered with WSO2[1] ➢ Guidance on implementation offered by inCommon[2] ➢ Could be a significant gain if done well. * Ellucian is an ERP vendor with many installs in Higher ed that manages Banner/SCT [1] [2]

InCommon Metadata Growing ✧ The “Steward Model” ➢ Allowing regional networks to act as InCommon registrars for their connected constituent orgs ➢ An outcome of “The Quilt” consortium discussions ➢ MCNC will be the pilot for this ✧ eduGAIN ➢ Phased Opt-Out for IdPs (~400 entities) ➢ Opt-In for SPs ➢ Planned over the next 12 months

Aggregate Size Implications Catching Up ✧ Monolithic metadata is unsustainable longterm ➢ REFEDS MDQ work seen as key ➢ InCommon is working toward production support due to critical need ✧ Symptoms of the problem ➢ Shibboleth & SSP have difficulty with signature validation rapid growth in memory usage and time to validate Current response of increase RAM buys time, but for how long? – Long enough to solve problem or introduce MDQ?

Entity Categories Key for Attribute Release ✧ Entity Categories critical to enabling attribute release ➢ Instrumental to handling attribute release at scale ➢ Unfortunately not universally enabled across tool space

Interpretations & Thoughts

Fill the Information Vaccuum ✧ Ellucian is where Microsoft was a few years ago but has the benefit of our insight from us because they asked. ✧ Microsoft only worked from spec and what they thought their customer needs were. ➢ We weren’t vocal or consulted as well as we could have been. ➢ Spec and written authoritative material key. ✧ Material with gaps between Spec and practice: ➢ OASIS ➢ SAML2Int.org ✧ Actions that may improve things ➢ Updating SAML2Int.org to be more robust Complement it with inCommon authored doc? ➢ Capitalize and act on IETF stream Migrate IETF documents (somehow) from personal submissions to a more firm posture Will vendors implement spec under an individual submission? Unlikely? Insight welcome. ➢ Does Kantara have a role here too?

Improve on Communicating Technical Needs ✧ Speak up for product features for prioritization. ➢ Different teams have different resourcing models and need to hear from us on what is important. ➢ Otherwise, they will only choose what matters to them. ✧ Case in point: ➢ ADFS is near ubiquitous, but not so good on matching our needs ✧ Understanding team constraints key & ➢ Time constrained? ➢ Resource constrained? ➢ Can we somehow assist?

Where To Continue This Dialog?