REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation.

Slides:



Advertisements
Similar presentations
Federated Identity for Grid Architects Tom Scavo NCSA
Advertisements

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…
TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
REFEDS. Rome, October 2009 The OpenID Case Why It’s Not a Bad Idea to Play with The Big Guys.
Europe Latin America Collaborative e ‑ Infrastructure for Research Activities A Model for Federated Services Brook Schofield, TERENA ● Sofia, Bulgaria.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a.
2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Shibboleth Update a.k.a. “shibble-ware”
18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.
SAML Right Here, Right Now Hal Lockhart September 25, 2012.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)
Campus Identity Management Requirements (=IAP) REFEDs meeting Mikael Linden,
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
GFIPM FICAM Status Update GFIPM Delivery Team Meeting November 2011.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent.
Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011.
Diego R. Lopez, RedIRIS JRES2005, Marseille On eduGAIN and the Coming GÉANT Middleware Infrastructure.
Diego R. Lopez, RedIRIS TF-EMC2, Umea SIR, FedSSH and more to come…
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
More Allergic Reactions Some Potential Next Steps Tom Barton University of Chicago.
AAI Developments AAI for e-infrastructures UK T0 workshop, Milton Hill Park October 2015
Why Scoping a is MUST HAVE in a centralized federation model Jacob-Steen Madsen WAYF-sekretariatet
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
A uthentication & A uthorization for R esearch & C ollaboration Pilots in SA1 Paul van Dijk, SURFnet AARC.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
Workshop on Security for Web Services. Amsterdam, April 2010 Applying SAML to Identity Data Exchange.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.
Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.
Designing Identity Federation Policy, the right way Marina Vermezović, Academic Network of Serbia TNC2013 conference 4 May 2013.
Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.
10/08/20041 © 2004 Pete Palmer Federated Identity Management and Regional Health Information Organizations Pete Palmer, Principal Security Analyst, Guidant.
EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.
Cross-sector and user-centric AAI
EGI Updates Check-in Matthew Viljoen – EGI Foundation
User Community Driven Development in Trust and Identity
eduTEAMS platform for collaboration Niels Van Dijk
eduTEAMS – Current status & Future Plans
SIROPE OAuth and OAuth2 Living in SIR
GÉANT project update eduTEAMS - AAI as a Service for Collaborative organisations Introduction Status Pilots New Features – input requested InAcademia –
Topics The simple life The Simple Life GUI The full IdM life
Technical Approach Chris Louden Enspier
AARC Blueprint Architecture and Pilots
GridShib: Grid/Shibboleth Integration Update GGF 18 Shibboleth Developers BoF September 10-11, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey,
It Is All about Identity (Whatever the Sphere)
Community AAI with Check-In
Moving forward with assurance
Shibboleth 2.0 IdP Training: Introduction
The Attribute and the ecosystem
Presentation transcript:

REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation

REFEDS. Rome, October 2009 Setting the Landscape

REFEDS. Rome, October 2009 LoLoAs (not an erratum) The LoA concept has originally been associated to quality of credentials  Two-factor authentication vs username/password…  SAML AuthN Context emphasized this  NIST (and NIST-like) classifications did as well Attributes constitute the core of an identity LoA on asserted attributes are key to take informed decisions And that brings us to different Levels of Levels of Assurance

REFEDS. Rome, October 2009 The Axes

REFEDS. Rome, October 2009 Attribute Authorities Entities providing additional attributes about users  Not available at their home IdP  Mostly because of management reasons Key for the VO promise Explosion of authoritative AttAuts is a concern And they may pose additional privacy challenges Several implementations currently available  VOMS (originally X.509-based, now with SAML gateway)  SWITCH VO management system (Shib-based)  FEIDE VO PoC (OAuth)  RedIRIS AA (SAML-based)  GN3 JRA3T2 (starting)  …

REFEDS. Rome, October 2009 Attribute Aggregators User-controlled sources of attributes Collecting them from AttAuts The SHINTAU project  Shib-based  Demo available at The Kantara UMA Working Group  Mostly influenced by the OAuth community  Attribute access can be considered a particular case  No implementation yet 

REFEDS. Rome, October 2009 Reputation Systems AttAggs that offer additional interfaces to update attribute values Social trust and beliefs  Social does not mean necessarily “massive” The next step in IdM? Object of a work-item in TF-EMC2 Few (if any) implementations  The ARETUSA model for BitTorrent  Plans to extend the RedIRIS AA

REFEDS. Rome, October 2009 The Possible Next Steps Attribute source discovery  Open AttAut, AttAgg, Reputation sources?  Are they total or partial members of federations? Representation for attribute sources and LoAs  Meta-attributes? Evaluation procedures for trust on attributes  Attribute algebra?  LoA set operations? Keeping all this in the appropriate practical limits  Avoid to make this an academic issue

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.