+ Challenges in the VO Space Heather Flanagan (Spherical Cow Group) REFEDS meeting; 4 October 2015 Cleveland, OH, US.

Slides:



Advertisements
Similar presentations
CLARIN AAI, Web Services Security Requirements
Advertisements

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
FIM-ig Federated Identity Management Interest Group.
SWITCHaai Team Federated Identity Management.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.
11-July-2011, SURFnet Heather Flanagan, COmanage Project Coordinator Benn Oshrin, COmanage Developer Scott Koranda, U. Wisconsin – Milwaukee and LIGO.
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
The ReFEDS/GÉANT Code of Conduct (CoC) An Approach to Compliance with the EU Data Protection Directive Steve Carmody April 23, 2012.
Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
COmanage and InCommon: Present and Future Activities and Interactions Heather Flanagan, COmanage Project Coordinator, Internet2.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Growth and Change in Federations and What This Means for Supporting Technologies Nick Roy and Chris Phillips
Authentication and Authorisation for Research and Collaboration Milan, Italy Training and Outreach Authentication and Authorisation.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.
Growth. Interfederation PKI is globally scalable Unfortunately, its not locally deployable… Federation is locally deployable Can it.
Is Vendor Management The New Risk Management? Douglas DeGrote.
Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team
Groups and Virtual Organizations REFEDS, TNC2015.
CHALLENGES AND OPPORTUNITIES FOR RESEARCHERS APAN 41 – TF-IAM 27 January 2016.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,
David Groep Nikhef Amsterdam PDP & Grid Bring the WLCG federation Home Extending your trust options beyond bottom-up identity by collaborating with global.
Networks ∙ Services ∙ People Ann Harding GÉANT Symposium, Vienna Users Session A3 Trust and Identity March GÉANT Activity Leader Trust.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting AARC and AARC2 Vienna, 1 st December.
AAI needs of the Distributed Computing Infrastructures - CLARIN Dieter Van Uytvanck Max Planck Institute for Psycholinguistics
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Authentication and Authorisation for Research and Collaboration Bari, Italy Training and Outreach Authentication and Authorisation.
David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.
Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC CORBEL Workshop The AARC Project Paris, 31 May.
Designing Identity Federation Policy, the right way Marina Vermezović, Academic Network of Serbia TNC2013 conference 4 May 2013.
THE VALUE PROPOSITION FOR IDENTITY FEDERATIONS APAN 41 – TF-IAM 27 January 2016.
Networks ∙ Services ∙ People Marina Adomeit TNC16 Conference, Prague Towards a platform for supporting collaboration GÉANT VOPaaS
Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.
Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.
Networks ∙ Services ∙ People Ann Harding Networkshop 44, Manchester Thinking globally, acting locally Trust and Identity in the GÉANT project.
Authentication and Authorisation for Research and Collaboration Brussels Training and Outreach Authentication and Authorisation.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Authentication and Authorisation for Research and Collaboration Licia Florio IGTF Meeting The AARC Project Amsterdam, 8 September.
Introduction to AAI Services
AARC Update What’s been happening in AARC which matters for GÉANT
User Community Driven Development in Trust and Identity
eduTEAMS platform for collaboration Niels Van Dijk
eduTEAMS – Current status & Future Plans
Ian Bird GDB Meeting CERN 9 September 2003
Identity Management and Authorization
Identity Management and Authorization
Policy and Best Practice … in practice
AARC Blueprint Architecture and Pilots
Baseline Expectations for Trust in Federation
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

+ Challenges in the VO Space Heather Flanagan (Spherical Cow Group) REFEDS meeting; 4 October 2015 Cleveland, OH, US

+ Studies Done Original FIM4R paper in 2012 described a set of recommendations to the research communities, technology providers, and funding agencies The core use cases came from large research organizations with funding The “Advancing Technologies and Federated Communities”, also in 2012, described a set of recommendations around technology, policy, funding, and legal issues. A more generalized approach than the FIM paper, but the recommendations are largely the same

+ Findings Summarized Federated technologies are good. Take advantage of them. The infrastructure needs to be improved to take advantage of federated technologies. Do it. Relying on the older models of local account creation and IP- based ACLs is easier. This is a very limited view. Stop it. If you can’t fix it all yourself (and you can’t), facilitate the efforts of groups that can. Build relationships, target your spending or funding to make the biggest impact.

+ Progress Made Technology Providers Entity Categories - Caveat: of the 1434 IdPs in eduGAIN, 43 support R&S Data Protection Code of Conduct Caveat: of the 980 SPs in eduGAIN, 64 assert compliance with the DPCoC Funding Agencies Authentication and Authorisation for Research and Collaboration (AARC) US National Science Foundation grants (CILogon false) Research Community new deployments and implementations Caveat: some big VOs are falling back on account creation rather than federation since they can’t get what they need out of federation

+ Narrowing Down to the VO Space Progress still slow Remember a VO is often not a legal entity in and of itself – so who would sign any kind of legal agreement to participate? implementing federation involves a learning curve to properly implement things like single sign on (SSO) – who handles that within the VO? not all participants will even be a member of an institution that is part of a federation – how can they be brought on-board? VOs are the test case that expands into discussing federation outside of academia. We need to get this done, and get it right. Need to make the story of federation more compelling to VOs who have an uphill battle to get here from there. We can start by RELEASING ATTRIBUTES.

+ Life After Attribute Release Are the technologies easy to deploy for your average sys admin (or, perhaps, your average grad student)? Is it clear how to handle security incidents when you’re just a little VO? Are the collaboration and domain tools ready for a federated environment?

+ Technology Shibboleth 3, CAS, Microsoft AD Support for SSO and identity federation Are they packaged and documented well enough for a small VO to be able to deploy them? OAuth2 and OpenIDConnect are easier to deploy, but the VO loses out on being able to have the variety of IdP options; what they gain in simplicity of initial deployment is potentially eaten by needing to buy or build and deploy a proxy or gateway. And what about all those tasty attribute schemas?

+ Security SIRTFI - A framework is being developed Is it something that small VOs can follow?

+ Tools and Services Collaboration Management Systems Perun – OpenConext – COmanage – Video conferencing with support for SAML BigBlueButton - WebEx – Jitsi Meet - Wikis with support for SAML Confluence - Dokuwiki - Trac - Software Development Jenkins - JFrog Artifactory - GitHub – There are more. Lots more. Progress is being made here. But remember, all these tools and services require attributes...

+ Action Items Can federations do more to offer resources to help make deploying the technologies easier? Start by providing requirements or resources back to software groups to build more easily deployed packages. Federations have a role in education and outreach to help small groups understand their roles and responsibilities in handling security incidents. Continue to find ways to get your IdPs to RELEASE THE ATTRIBUTES. Entity categories are necessary but not sufficient to make this happen.

+ The Value Proposition for Identity Federations

+ Brought to you by... or+Identity+Federations Joni Brennan (Kantara Initiative) Chris Phillips (CANARIE) Lucy Lynch (NSRC) Nicole Harris (GÉANT) Heather Flanagan (Spherical Cow Group; Editor)

+ Background Work item came out of the REFEDS meeting at APAN in March 2015 Not our usual set of federations, and they asked for assistance in establishing the business case that they needed to bring back to their campuses and countries regarding identity federation. Our goal: help them understand the value proposition, and help them avoid reinventing our broken and thrown away wheels.

+ Key Points The campus or institutional brands are critical; don’t lose out on the value they bring to the table The value here is local, regional, AND global Some of the challenges—where resources will be required— are highlighted More information is still required more on the services that might drive their use case sections need summaries; this is a lot of dense material

+ Next Steps This has been distributed to the TF-IAM APAN group (thanks, Terry!)—need to collect feedback and integrate Fill in the blank spots to summarize the sections Text for federated services Must be completed by end of calendar year (or I can’t live with myself)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.