Identity Federations: Here and Now David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke.

Slides:



Advertisements
Similar presentations
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Advertisements

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
Trust Router. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any.
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Shibboleth Update a.k.a. “shibble-ware”
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.
SWITCHaai Team Federated Identity Management.
The InCommon Federation The U.S. Access and Identity Management Federation
Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco.
1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.
Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.
(Inter)Federation as Identity Management Policy Driver? RL "Bob" Morgan University of Washington.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Identity Federations: Here and Now Renée Shuey Penn State and InCommon.
Stuff, including interfederation stuff Dr Ken Klingenstein, Director, Middleware and Security, Internet2.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
Ning Zhang, the University of Manchester, UK David Groep, National Institute for Nuclear and High Energy Physics, NL Blair Dillaway, OGF Security Area.
Identity Assurance: When it Matters David L. Wasley Internet2 / InCommon.
Federations 101 John Krienke Internet2 Fall 2006 Internet2 Member Meeting.
Using Levels of Assurance Well, at least thinking about it…. MAX (just MAX)
GFIPM FICAM Status Update GFIPM Delivery Team Meeting November 2011.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
The UK Access Management Federation John Chapman Project Adviser – Becta.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Copyright JNT Association 2009GN3, 8 th September Inter-Federation Agreements eduGAIN and beyond? Andrew Cormack Chief Regulatory Adviser, JANET(UK)
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Origins: The Requirements of Participating in Federations CAMP Shibboleth June 29, 2004 Barry Ribbeck & David Wasley.
InCommon® for Collaboration Institute for Computer Policy and Law May 2005 Renee Shuey Penn State Andrea Beesing Cornell David Wasley Internet 2.
Growth. Interfederation PKI is globally scalable Unfortunately, its not locally deployable… Federation is locally deployable Can it.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.
Networks ∙ Services ∙ People Nicole Harris UK federation meeting eduGAIN, REFEDS and the UK 23 June 2015 Project Development Officer GÉANT.
The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop.
Interfederation: From Demo to Eternity RL “Bob” Morgan, University of Washington and Internet2 Internet2 Member Meeting, Chicago December, 2006.
Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.
Progress Report on the U.S. NSTIC Efforts Jack Suess – Delegate for Research, Development, Education & Innovation
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
Designing Identity Federation Policy, the right way Marina Vermezović, Academic Network of Serbia TNC2013 conference 4 May 2013.
Networks ∙ Services ∙ People Ann Harding Networkshop 44, Manchester Thinking globally, acting locally Trust and Identity in the GÉANT project.
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Higher Education’s Role in the Identity Ecosystem
Privacy, Security, and Identity Management Update
A Business Case for Identity Management in Higher Education
Bureau of Indian Education School Board Training Ethics
Appropriate Access InCommon Identity Assurance Profiles
Shibboleth 2.0 IdP Training: Introduction
Privacy & Interfederation
Baseline Expectations for Trust in Federation
Presentation transcript:

Identity Federations: Here and Now David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke

David L. Wasley2 Agenda Brief Federation overview Higher Ed & Research federations in Europe US Federal eAuthentication federation InCommon: the US Higher Ed federation Inter-federation Q&A

David L. Wasley3 Federations Otherwise independent entities that give up a certain degree of autonomy in order to achieve a common set of goals. Working together requires Common way to express meaning Agreed upon ways to convey information Acceptable governance and trust models

David L. Wasley4 Identity Federations Authenticate locally Campus or other Identity Service Provider IdP provides trustworthy needed identity information to Resource Providers Part of access management decision Trust established through Federation Operator by means of standards, rules, and participation agreements

David L. Wasley5 Federations and Trust Requires common IdP and RP practices Federation governance roles include Establishing the rules Overseeing adherence Degrees of trust may be inherent/useful Allows flexibility in IdP and RP services What happens when trust is violated? Liability and indemnification

David L. Wasley6 Not all Federations are the same... Identity federations may have different rules or constraints on identity release For example in Europe... Some may choose to offer on-line services as well, or hold contracts for resources on behalf of members Some are for specific business purposes or industries, etc.

David L. Wasley7 And now for some examples...

David L. Wasley8 Linking Federations How can federations interoperate? Information models must be compatible Conversion may be difficult Communication protocols Gateways are hard and may break trust models Governance and trust models Must be equivalent at some level

David L. Wasley9 Governance & Linking Federations Governance sets community standards May need to enhance or redefine somewhat Must uphold inter-federation agreement Responsible for trust between federations May require stronger role within federation May affect existing participation agreements May incur new liabilities, etc. Federation services might not interoperate

David L. Wasley10 Linking InCommon and eAuthentication Higher Ed is an important community for Federal many agency applications Both have federations in place Have been working together for ~ a year Compatible technology Similar identity attributes InCommon has richer set InCommon includes privacy protections

David L. Wasley11 Linking InCommon and eAuthentication... Trust issues eAuth defines 4 levels of identity assurance InCommon allows ‘best effort’ will need to define at least one compatible LOA Privacy... Operational issues Will need to include LOA in identity assertions Will need to tag metadata, etc...

David L. Wasley12 Linking InCommon and eAuthentication... Where we are now Draft Memorandum of Agreement Draft “InCommon Bronze” requirements Based on eAuth Level 1 Three campuses already known to qualify Working on inter-federation assessment Goal Interoperability by Fall of this year

David L. Wasley13 Q & A ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.