Federated Identity in the Global Landscape. Presenter’s Name Topics Federated identity basics International deployments and issues National, local and.

Slides:

Advertisements

Similar presentations

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.

Advertisements

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.

From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.

Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,

Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.

Internet Scale Identity, Collaboration and Higher Education.

Fed-Ed Dec 08: Updates on Federations Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

New CyberInfrastructure for Collaboration between Higher Ed and NIH.

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Federations and Security: A Multi-level Marketing Scheme Ken Klingenstein Director, Internet2 Middleware and Security.

FIM-ig Federated Identity Management Interest Group.

Stitching It All Together. Discussion Topics Peering and confederation Privacy principles Working with other sectors Virtual Organizations (VO's) Moving.

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.

Stuff Ken Klingenstein. Stuff sack InCommon Stuff Infocard, Open Id, etc… Federation soup Cormack slides on EU (and US) privacy International.

The InCommon Federation The U.S. Access and Identity Management Federation

Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco.

Accelerating Events in Internet Identity and Privacy Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University.

BfB: Supporting Collaboration with Infrastructure.

1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

Federations: success brings new challenges Ken Klingenstein Director, Internet2 Middleware and Security.

Federated Identity and the International Research Community Dr Ken Klingenstein Director, Internet2 Middleware and Security.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity: What It Brings to Open Government Dr Ken Klingenstein Director, Internet2 Middleware and Security.

VO and Internet2 Middleware. Presenter’s Name Topics Motivations for Internet2 Middleware work Federated identity and InCommon Other IdM Groups, privileges,

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Stuff, including interfederation stuff Dr Ken Klingenstein, Director, Middleware and Security, Internet2.

What is Cyberinfrastructure? Russ Hobby, Internet2 Clemson University CI Days 20 May 2008.

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.

Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.

Integrated Institutional Identity Infrastructure: Implications and Impacts RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005.

A Role for Libraries in Helping Users Manage Collaboration.

Virtual organizations: Team Science, Team Shakespeare.

Taking Care of Our Core Business: Managing Collaborations Dr. Ken Klingenstein, Senior Director, Internet2 Middleware and Security.

Scared Straight… if you want to go outside… Authenticate Locally, Act Globally.

Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.

Federated Identity Graduates Nate Klingenstein Internet2 APAN 27 高雄台湾, March 3, 2009.

Middleware Futures Internet2 Member Meeting Arlington VA, April 2006 RL “Bob” Morgan, University of Washington and Internet2.

Internet2 and Cyberinfrastructure Russ Hobby Program Manager,

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Interfederation RL “Bob” Morgan University of Washington and Internet2 Internet2 Member Meeting Chicago, Illinois December 2006.

InCommon® for Collaboration Institute for Computer Policy and Law May 2005 Renee Shuey Penn State Andrea Beesing Cornell David Wasley Internet 2.

Growth. Interfederation PKI is globally scalable Unfortunately, its not locally deployable… Federation is locally deployable Can it.

InCommon Federation: Federating Relationships. Topics Administration Library Research Student Services Personal and Collaborative Applications Federal.

1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.

Collaboration and Federated Identity Two powerful forces being leveraged – the rise of federated identity – the bloom in collaboration tools, most particularly.

Shibboleth Roadmap

Use case: Federated Identity for Education (Feide)

eduTEAMS platform for collaboration Niels Van Dijk

John O’Keefe Director of Academic Technology & Network Services

InCommon and Federated Identity Update

New CyberInfrastructure for Collaboration between Higher Ed and NIH

Stuff Ken Klingenstein.

Fed-Ed Dec 08: Updates on Federations

Topics The simple life The Simple Life GUI The full IdM life

Context, Gaps and Challenges

Virtual organizations: Team Science, Team Shakespeare

Presentation transcript:

Federated Identity in the Global Landscape

Presenter’s Name Topics Federated identity basics International deployments and issues National, local and sector deployments Gaps and OpenId Capabilities it could provide Real-time delivery of identity and attributes Supports role-based access controls Providing privacy and secrecy Collaboration management platforms

Presenter’s Name Federated identity basics Two sets of agreements among enterprises Technical: Federating software version, common attributes and schema, metadata management among members, LOA Policy: Participant operational practices statements, contracts between members and federated operator, privacy and security agreements

Presenter’s Name Types of federations Bilateral and hub-and-spoke Corporate Outsourced services, specific business alliances, industry trade associations and members Primarily SAML-based, some WS-* Multilateral R&E Sector General collaborative environments, shared science and data such as grids and repositories All SAML based, many are Shibboleth

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining soon) New types of members Non usual suspects – Lafayette, NITLE, Univ of Mary Washington, etc. National Institute of Health Student service providers Energy Labs MS, Apple Steering Committee chaired by Clair Goldsmith of Univ of Texas; Technical Committee chaired by Renee Shuey of Penn State

Presenter’s Name Uses Access controlled wikis Access to academic content, such as Elsevier Access to popular content, such as Cdigix Access to Microsfoft Access to services, such as student travel agencies, testing services, Grid computational resources, portal providers, recruitment services, etc (Trust base for dynamic circuit authorization/accounting) (Google Apps for Education)

Presenter’s Name Federations Almost everywhere now Internationally – UK (2-3 new members a day), Spain, France, Sweden, Finland, Switzerland, Netherlands, Germany, Denmark, Norway, Australia, Brazil, Japan, Canada, etc. State university systems Community college libraries Medical associations DoJ and DoD Limited interfederation interactions – Kalmar Federation, UK-Australia, MS, Elsevier

Presenter’s Name International federation highlights Several countries at 100% coverage, including Norway, Switzerland, Finland Community served varies somewhat by country, but all are multi-application and include HE UK intends a single federation for HE and Further Education ~ tens of millions of users Real use cases involving international team science now driving interfederation peering urgency

Presenter’s Name International Activities A summary of discussions among R&E networks, including a survey of national efforts Excellent policy analytics, especially around international issues of privacy, peering, and attributes TransEuropean activities in IdM for use among citizens, governments, and businesses

Presenter’s Name IDABC IDABC stands for Interoperable Delivery of European eGovernment Services to public Administrations, Businesses and Citizens. eID Interoperability for PEGS -Report on interoperable eIDM technical solutions, December 2007 ( Offers technical assessment of several technologieshttp://ec.europa.eu/idabc/servlets/Doc?id=29619 Final recommendations due soon. Federated approaches are likely; open source standards may be identified

Presenter’s Name Interfederation We used to know more… We thought there was primarily peering and we could do that Things changed… A rich mix of emerging relationships – nested, leveraged, peered, orthogonal, etc.

Presenter’s Name Some of those relationships Nested – UC Trust and InCommon eduRoam – single application cross- federation Texas Multi-homed SP –Microsoft, Elsevier, student service industry, etc.

Presenter’s Name Peering Efforts between InCommon and EAuth collapsed a while ago We got close, but EAuth priorities changed International Peering UK Feasibility analysis Attribute Alignment Privacy due out in May Peering drafts to follow

Presenter’s Name Some of the bases to touch in peering Typical issues - Problem resolution and adjudication, liability and indemnification, financial considerations, impact on member agreements, etc. New issues - Metadata exchange Attribute mapping Transitive trust

Presenter’s Name Peering Parameters Parameters: LOA Attribute mapping Legal structures Liability Adjudication Metadata VO Support Economics Privacy

Presenter’s Name Federation Soup Workshop to held early June Bringing together all manners of federation to figure out federation relationships InCommon, JISC, state federations, library federations, university system federations, grid federations, etc. Topics include alignment of policies, technologies, attributes, metadata, etc. Approaches include peering, nested, leveraged, and a whole lot of ad hoc Outputs may include best practices, multi-homing, etc.

Presenter’s Name Other pieces of federation space Liberty Alliance and OASIS both have eGov SIGs. Liberty holds some important elements of policies and operational standards OASIS is interested in development of additional technical elements ITU claimed to be working peering… Vertical sector federations starting in financials, pharmaceutical, others Overlays (special schema, discovery services, etc.) for team science projects now occurring

Presenter’s Name Gaps End user attribute release mechanisms Infocards+Cardspace+Higgins+… ARPviewer from Swiss Dynamic metadata protocols

Presenter’s Name OpenId A rapidly growing identifier, particularly in the blogosphere and related very low-assurance applications Needs a reputation or trust system Easy for application developers to incorporate Starting to hit hard issues of privacy, attributes, etc. OpenId 2.0 fixes some things, makes others hard, begins to look like “a federation of 1”

Presenter’s Name Capabilities of federated identity Real-time delivery of identity and attributes Supports role-based access controls Providing privacy and secrecy Collaboration management platforms

Presenter’s Name Real time access controls Delivery of attributes to control points Initially via web browsers and now via web services and a variety of native api’s Rich controls at policy control points ISOC “Identity, Trust and the Internet” will apply identity and trust to a growing suite of Internet RFC’s.

Presenter’s Name Relative Roles of Signet & Grouper Grouper Signet RBAC (role-based access control) model Users are placed into groups (aka “roles”) Privileges are assigned to groups Groups can be arranged into hierarchies to effectively bestow privileges Grouper manages, well, groups Signet manages privileges Separates responsibilities for groups & privileges

Presenter’s Name Privacy, secrecy and security Privacy via minimal disclosure, user consent and control Secrecy via ability of trusted agency or IdP to provide opaque, auditable identity Security via levels of authentication, reduction of password exposure, provision of attributes

Presenter’s Name Collaboration and Federated Identity Two powerful forces being leveraged the rise of federated identity the bloom in collaboration tools, most particularly in the Web 2.0 space but including file shares, list procs, etc Collaboration management platforms provide identity services to “well-behaved collaboration applications” Results in user and collaboration centric identity, not tool-based identity

Presenter’s Name Comanage A collaboration management platform, supported in part by a NSF OCI grant, being developed by the Internet2 community, with Stanford as a lead institution Open source, open protocol Uses Shibboleth, Grouper, and Signet Parallels activities in the UK and Australia

Presenter’s Name Comanageable applications Already done Sympa, Federated wikis, Asterisk (open-source IP audioconferencing), Dim-Dim (open-source web meeting), Bedeworks (federated open-source calendar) Immediate targets Rich access controlled wikis Web-based file shares, IM, Google Apps for Education Domain science resources Instruments Grids

Federated Wiki Domain Science Grid Domain Science Instrument University AUniversity B Laboratory X Collaboration Management Platform Collaboration Tools/ Resources Application Attributes Home Org & Id Providers/ Sources of Authority Attribute Ecosystem Flows Attribute/Resource Info Data Store Collaboration Management Platform (CMP) and the Attribute Ecosystem Sources of Authority C o Authorization – Group Info Authorization – Privilege Info Authentication People Picker Other Functions manage File Sharing Calendar Phone/ Video Conference List Manager