Networks ∙ Services ∙ People www.geant.org Nicole Harris UK federation meeting eduGAIN, REFEDS and the UK 23 June 2015 Project Development Officer GÉANT.

Slides:

Advertisements

Similar presentations

CLARIN AAI, Web Services Security Requirements

Advertisements

Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC May 2014 Dublin.

Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) FIM for research collaboration workshop Mikael Linden,

Innovation through participation Attributes Release Working Group European data protection directive REFEDS meeting 22th Apr, 2012

EduGAIN – Are we there yet? Lukas Hämmerle (ghost writer, Brook Schofield) FIM4R, Helsinki – 2 October 2013.

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

REFEDS RESEARCH AND EDUCATION (R&S) ENTITY CATEGORY NICOLE HARRIS.

Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

The ReFEDS/GÉANT Code of Conduct (CoC) An Approach to Compliance with the EU Data Protection Directive Steve Carmody April 23, 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.

Connect communicate collaborate GÉANT3plus Enabling Users Pilots Lukas Hämmerle Task Leader "Enabling Users"

Identity Federation Policy Marina Vermezović, AMRES Federated Identity Technology Workshop Sofia, Bulgaria, 20. Jun 2014.

Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.

INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

10/25/2015 AEB/Yleisesittely Organising Federated Identity in Finnish Higher Education TNC2005 Mikael Linden June 8th, 2005.

Authentication and Authorisation for Research and Collaboration Pilots on the Integrated R&E AAI Paul van Dijk, Activity Lead Pilots.

Géant-TrustBroker project overview Slides assembled by the Géant-TrustBroker team at Leibniz Supercomputing Centre, Germany for a short presentation by.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Innovation through participation eduGAIN interfederation service for research and education Cern FedID workshop in RAL, UK 2-3 Nov 2011 Mikael Linden,

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.

Innovation through participation eduGAIN policy: A worm report TF-EMC2 Vienna Mikael Linden, CSC The worm farmer.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.

Networks ∙ Services ∙ People Nicole Harris, GÉANT GN4 Project Update “SA5”, or Identity Stuff Internet2 Technology Exchange 2015.

Authentication and Authorisation for Research and Collaboration Mikael Linden AARC all hands Milan Authentication and Authorisation.

Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.

Géant-TrustBroker Project Overview Daniela Pöhn 7 th FIM4R meeting Frascati, Italy April 24 th, 2014.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.

Networks ∙ Services ∙ People Daniela Pöhn REFEDS EWTI, Vienna IdPs and Federations Service Aspects of Assurance SA5T1.

Networks ∙ Services ∙ People Bert van Pinxteren General Assembly, Porto, Portugal Transition to one GÉANT Annual Review June,

Innovation through participation EduGAIN policy (working draft) Status update REFEDs 30th May 2010

Growth. Interfederation PKI is globally scalable Unfortunately, its not locally deployable… Federation is locally deployable Can it.

Understanding deployment issues on the Supply Chain Ann Harding, SWITCH, Nicole Harris, TERENA Cambridge July 2014.

Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team

Networks ∙ Services ∙ People eduGAIN Townhall Meeting Nicole Harris (or updating the eduGAIN policy suite) “Unicorns can be sued in Wales”

Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.

Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,

Networks ∙ Services ∙ People Ann Harding eduGAIN Town Hall eduGAIN in the GÉANT Project Activity Leader GÉANT Trust and Identity.

Networks ∙ Services ∙ People Ann Harding GÉANT Symposium, Vienna Users Session A3 Trust and Identity March GÉANT Activity Leader Trust.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting AARC and AARC2 Vienna, 1 st December.

Case Studies in Federated Identity Management for Research Communities Ann Harding, SWITCH/GN3plus Peter Gietz, DAASI International GmbH/DARIAH Tommi Nyro.

Connect communicate collaborate Case Studies in Federated Identity Management for Research Communities Ann Harding, SWITCH/GN3plus Peter Gietz, DAASI International.

Networks ∙ Services ∙ People Andrea Biancini #TNC15, Porto, Portugal Implementing Grouper to federate user authorization Federated Authorization.

Federated Identity Management for Research Communities: FIM4R PSI workshop objectives Bob Jones, CERN.

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Authentication and Authorisation for Research and Collaboration Heiko Hütter, Martin Haase, Peter Gietz, David Groep AARC 3 rd.

Designing Identity Federation Policy, the right way Marina Vermezović, Academic Network of Serbia TNC2013 conference 4 May 2013.

Networks ∙ Services ∙ People Marina Adomeit TNC16 Conference, Prague Towards a platform for supporting collaboration GÉANT VOPaaS

Networks ∙ Services ∙ People TNC 2016, Prague Alice Through the Looking Glass Science DMZ goes above the network 13 June

Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.

Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.

Networks ∙ Services ∙ People Ann Harding Networkshop 44, Manchester Thinking globally, acting locally Trust and Identity in the GÉANT project.

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

Networks ∙ Services ∙ People Mandeep Saini AARC/CORBEL Workshop Collaborative Organisation Platform as a Service June 1, 2016, Paris Product.

Networks ∙ Services ∙ People Di4R Network. Services. People. GÉANT 28 th September, Krakow.

Cross-sector and user-centric AAI

International Growth of Federations & eduGAIN

eduTEAMS platform for collaboration Niels Van Dijk

Federated Identity Management for Researchers (FIM4R)

GÉANT International Networking and Collaboration

ORLA – Ireland’s Online Library for Learning Analytics

Legal Basis: CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE

Why are we processing data

Baseline Expectations for Trust in Federation

Presentation transcript:

Networks ∙ Services ∙ People Nicole Harris UK federation meeting eduGAIN, REFEDS and the UK 23 June 2015 Project Development Officer GÉANT Where are we?

Networks ∙ Services ∙ People Slide 2 Lots of Federations…

Networks ∙ Services ∙ People Identity Federations: World Wide 42 Production Federations 14 Pilot Federations Last update April 2015

Networks ∙ Services ∙ People eduroam Federations: World Wide last update June 2015, eduroam (74) Pilot (16) :-(

Networks ∙ Services ∙ People eduGAIN & Federation Status April eduGAIN Members 9 Joining eduGAIN 3 Candidate Federation 12 Other Federations

Networks ∙ Services ∙ People eduGAIN & Federation Status June eduGAIN Members 8 Joining eduGAIN 4 Candidate Federation 13 Other Federations

Networks ∙ Services ∙ People eduGAIN & Federation Status June eduGAIN Members 8 Joining eduGAIN 4 Candidate Federation 13 Other Federations

Networks ∙ Services ∙ People April 2011: Official start of eduGAIN Nov 2013: 21 Federations are members (50%), 5 joining Apr 2014: 24 Federations are members (51%), 6 joining April 2015: 32 Federations are members (57%), 9 joining June 2015: 33 Federations are members (58%), 8 joining, 4 candidates Entities: 1285 IdPs, 961 SPs (2244 in total) One IdP can represent for dozens of organisations and services depending on federation architecture => actual numbers are higher Whole (academic) SAML landscape: 56 Federations, 3007 IdPs, 6514 SPs (gathered from metadata) Not all of them need to be interfederated, e.g. many internal SPs Numbers from June 2015 eduGAIN: Some Statistics

Networks ∙ Services ∙ People 9

WHAT DO WE DO? ENTITY CATEGORIES FIM4R / SIRTFI FEDERATION TEMPLATES VIRTUAL ORGANISATIONS MONITORING SPECIFICATIONS AND SCHEMAS

What is an Entity Category? Entity Categories group federation entities that share common criteria. obliged to conform to the characteristics set out in the definition of that category. Can be SP or IdP tagged. a way to facilitate IdP decisions to release a defined set of attributes to SPs (scaling attribute release policies). Other use cases (see hide-from-discovery). Expressed as a SAML Attribute.

CONSENTThe data subject has unambiguously given his consent. CONTRACTUALProcessing is necessary for the performance of a contract to which the data subject is party. LEGAL OBLIGATIONProcessing is necessary for compliance with a legal obligation to which the data controller is subject. VITAL INTERESTProcessing is necessary in order to protect the vital interests of the data subject. PUBLIC INTERESTProcessing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed. LEGITIMATE INTERESTS Processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed.

SAFEGUARDSTRANSPARENCY IMPACT MANAGEMENT LEGITIMATE REASONS BALANCECASE BY CASE ribute+release CAN I RELEASE ATTRIBUTES?

7-STEP PLAN Check that Legitimate Interests is the best approach. STEP ONE Qualify the legitimacy of the request – lawful, clearly articulated, real need. STEP TWO Determine whether the processing is necessary to achieve the goal. STEP THREE

7-STEP PLAN Balance the data controller’s needs against the interests of the subjects. STEP FOUR Identity safeguards you can put in place (tech design etc). STEP FIVE Demonstrate (publish) compliancy. STEP SIX Allow the user to opt-out. STEP SEVEN

18 Connect | Communicate | Collaborate The Starting Point – FIM4R and TERENA AAA Study Non-web- browser Homeless users Attribute release Credential translation User friendliness Attribute aggregation Levels of Assurance Bridging Communitie s 30+ Research Infrastructures in Europe Countless more “long tail” users

Networks ∙ Services ∙ People Thank you and any questions Networks ∙ Services ∙ People © GEANT Limited on behalf of the GN4 Phase 1 project. The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No (GN4-1). 19