INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Slides:



Advertisements
Similar presentations
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Advertisements

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
SIM402. Kerberos, NTLM, Basic, Digest, Forms?
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
SWITCHaai Team Federated Identity Management.
The InCommon Federation The U.S. Access and Identity Management Federation
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
Troubleshooting Federation, AD FS 2.0, and More…
1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.
Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Stuff, including interfederation stuff Dr Ken Klingenstein, Director, Middleware and Security, Internet2.
Federations 101 John Krienke Internet2 Fall 2006 Internet2 Member Meeting.
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
State of e-Authentication in Higher Education August 20, 2004.
Test your IdP
Connect. Communicate. Collaborate AAI scenario: How AutoBAHN system will use the eduGAIN federation for Authentication and Authorization Simon Muyal,
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.
Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.
Origins: The Requirements of Participating in Federations CAMP Shibboleth June 29, 2004 Barry Ribbeck & David Wasley.
InCommon® for Collaboration Institute for Computer Policy and Law May 2005 Renee Shuey Penn State Andrea Beesing Cornell David Wasley Internet 2.
Growth. Interfederation PKI is globally scalable Unfortunately, its not locally deployable… Federation is locally deployable Can it.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
SEPARATE ACCOUNTS FOR PROSPECTS? WHAT A HEADACHE! Ann West Assistant Director, InCommon Assurance and Community Internet2 at Michigan Tech.
The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop.
Trust and Identity Infrastructure Services Above the Network Ann Harding, SWITCH/GÉANT UbuntuNetConnect 2014.
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.
© 2016 ForgeRock. All rights reserved. Lars Gunnar Tiben – Senior Customer Engineer Nordic
Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Tom Barton, Senior Director for Integration, University of Chicago
Access Policy - Federation March 23, 2016
The Policy Puzzle Many groups and (proposed) policies, but leaving many open issues AARC “NA3” is tackling a sub-set of these “Levels of Assurance” –
Shibboleth Roadmap
Géant-TrustBroker Dynamic inter-federation identity management
InCommon Steward Program: Community Review
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Context, Gaps and Challenges
Registrars are a Barrier to Collaboration: Truth or CIO Pretext?
AARC Blueprint Architecture and Pilots
UK Access Management Federation
Community AAI with Check-In
Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.
GÉANT 4-2 JRA3 Daniela Pöhn JRA3 T1 LRZ/DFN-AAI
Shibboleth 2.0 IdP Training: Introduction
Tom Barton (WG Chair) University of Chicago and Internet2
Baseline Expectations for Trust in Federation
Presentation transcript:

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group

Trust Basics: The Actors User: Person accessing the service Identity Provider: The organization that knows that person and verifies her identity online. Service Provider: The organization the offers the service and grants access to use it. Federation Operator: The organization that vets the membership, implements the community “rules” and publishes the certified phonebook.

Trust Basics: Federation is Distributed Services Service Provider Authorization Certified Federation Metadata “Phone Book” End User Authn 6 - Authorization 1 Fed schema Enterprise Directory Federation Software Request Authentication & Access Information (attributes) 4 5 – Authentication Verified. Sending Attributes 7 2 Federation Software Campus Authentication and User Information 3 - Authentication

Trust Basics: Federation is Distributed InCommon Federation (7.8 million users and 663 organizations) Identity Provider Services (368) Application Services (1,849) InCommon Operations (1)

Trust Basics: Federation is Shared I have to trust what you do with my Data that I send you Service that you use Being comfortable with how my partners perform their roles is key.

Trust Basics: Federation is Fractal Roughly speaking… Concerns at the org level are the same at the national level: Privacy Membership Risk Control over who my partners are First step to Trust is Publish what you do

Trust Basics: Publish What you Do First Step: Publish InCommon Participant Operating Practices eduGAIN participation requirements Second Step: Decide

Refeds MAP

eduGAIN Policy Flow GEANT (governing structure) US Federation (InCommon run by Internet2) eduGAIN Service EU National R&E Federations (Gov sponsored) Feds in Asia, Middle East, India, Africa, North & South America, ….

A Word about Metadata InCommon Metadata Aggregate (Official “phone” book) Federation tags and authority Identity provider info Service connection Info

What’s in the Metadata “Phonebook”? Information about: Security (signing keys) Contacts (troubleshooting and support) Connection (URLs of services) Verifier of the orgs/metadata (InCommon) Policy and practice compliance tags (R&S, Assurance)

eduGAIN is about Metadata Exchange International Metadata Aggregate eduGAIN authority All Fed A info Limited Fed B Info

Questions?