Presentation is loading. Please wait.

Presentation is loading. Please wait.

David Groep Nikhef Amsterdam PDP & Grid Bring the WLCG federation Home Extending your trust options beyond bottom-up identity by collaborating with global.

Published byDwain Douglas Modified over 9 years ago

Similar presentations

Presentation on theme: "David Groep Nikhef Amsterdam PDP & Grid Bring the WLCG federation Home Extending your trust options beyond bottom-up identity by collaborating with global."— Presentation transcript:

1 David Groep Nikhef Amsterdam PDP & Grid Bring the WLCG federation Home Extending your trust options beyond bottom-up identity by collaborating with global Research and Scholarship With support from the Authentication and Authorization for Research and Collaboration project Trust Anchor Distribution evolution supported by EGI ENGAGE

2 David Groep Nikhef Amsterdam PDP & Grid You all remember the bad old days …

3 David Groep Nikhef Amsterdam PDP & Grid And now we have this! background: eduGAIN connected federations as of November 2014 – Brooke Schofield, TERENA WLCG FIM4R pilot

4 David Groep Nikhef Amsterdam PDP & Grid 1. Every institute trusts only its own database ◦ you can trace everyone, but you get to manage all the accounts ◦ passwords are all over - and users pick the same everywhere 2. Distributed global trust – independent third parties ◦ identification and identity vetting by CAs, a limited number but accessible to all users everywhere on their own inititiative 3. Easing trust building – mixing assurance from different places ◦ extend identification by also leveraging your home organisation Evolution of Trust – from 1995 to 2020? www.igtf.net/ap/iota

5 David Groep Nikhef Amsterdam PDP & Grid #3: Leverage the CERN User Office Your trusty CA distribution as of next month: now with the CERN LCG IOTA CA supporting the WebFTS pilot https://webfts.cern.ch

6 David Groep Nikhef Amsterdam PDP & Grid wLCG leverages major open science infrastructures it must work alongside more dynamic communities on the same infrastructure without separating services besides the ‘CERN LCG IOTA CA’ there will be more generic identity providers from all over the world services must be able to trust just-a-unique-name CAs for only highly-managed VOs like LCG, but not for other VOs This needs a decision in software – on CA+VO combination this software is getting there for many areas you all should encourage software providers to implement and deploy such new software in production ASAP More than a pilot – a new way of life! http://www.nikhef.nl/grid/tmp/WLCG-CERN-IOTA-statement-MB-20151028.pdf

7 David Groep Nikhef Amsterdam PDP & Grid 4. Getting to distributed global trust for open innovation, open science, open to the world ◦ how far can we push federated authentication? ◦ A single account for all your services, single sign-on for everything: from data analysis to wikis, and from file sending, and date picking to expense claims – support the research data life cycle But … institutions vary a lot is your home university ready to identify you to the world? does it even want to tell WLCG who you are? ready to help you already today? Or does it need work? is it ready to help the others, sites and operators, in case of incidents? Evolving for 2020! www.refeds.org, FIM4R https://cdsweb.cern.ch/record/1442597

8 David Groep Nikhef Amsterdam PDP & Grid Old innovations now just seem a given: think of eduroam™ On the way…it may be bumpy! Federated access means you’ll rely on your institute a lot more Some things become easier (web) others more complicated (CLI) Meanwhile, there’ll be lot of bridging and new things to learn But: aligning with the world will bring usability benefits, and enable scenarios that for next years’ students will be their ‘natural habitat’! Open Science, Open to the World? Ready? www.aarc-project.eu

9 David Groep Nikhef Amsterdam PDP & Grid 1. Ask your home organisation to join or opt-in to eduGAIN still no federation? In an eduGAIN country? Ask your local IT to join the national federation, or set up identity management! 2. Ask them to release attributes there’s a basic set that is needed, called “Research and Scholarship” they should join that scheme 3. Ask them to collaborate in incident response and tell us so by joining the SirTFi programme – it’s self- asserted, and we will trust them if they say so – but it means that sites and response teams know they’re able to act OK But What Should I Do?? https://refeds.org/category/research-and-scholarship, https://wiki.refeds.org/display/GROUPS/SIRTFI

Download ppt "David Groep Nikhef Amsterdam PDP & Grid Bring the WLCG federation Home Extending your trust options beyond bottom-up identity by collaborating with global."

Similar presentations

EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
David Groep Nikhef Amsterdam PDP & Grid Ensuring Availability Security, Protection, Trust, walking the line between paranoia and laisser-faire in a highly.

David Groep Nikhef Amsterdam PDP & Grid Ensuring Availability Security, Protection, Trust, walking the line between paranoia and laisser-faire in a highly.
David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – IGTF LoA generalisation David Groep Interoperable Global Trust Federation IGTF Documents at.

David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – IGTF LoA generalisation David Groep Interoperable Global Trust Federation IGTF Documents at.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.

WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.
David Groep Nikhef Amsterdam PDP & Grid Differentiated and Collaborative Assurance profiling the identity management landscape for diversifying e-Infrastructure.

David Groep Nikhef Amsterdam PDP & Grid Differentiated and Collaborative Assurance profiling the identity management landscape for diversifying e-Infrastructure.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
New Developments in Authentication and Access Management Alan Robiette JISC Development Group JISC-NSF-DLI2 Meeting, 2002.

New Developments in Authentication and Access Management Alan Robiette JISC Development Group JISC-NSF-DLI2 Meeting, 2002.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
IOTA Questions for RPs Sept 9, 2013 Bucharest, Romania.

IOTA Questions for RPs Sept 9, 2013 Bucharest, Romania.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
TERENA TF-EMC2 Workshop David Groep, 2004.11.04

TERENA TF-EMC2 Workshop David Groep,
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.

WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.

Similar presentations

Ads by Google