1 Networks ∙ Services ∙ People TNC 2016, Prague Alice Through the Looking Glass Science DMZ goes above the network 13 June 2016 @hardingar Ann Harding Activity Leader Trust & Identity Development SWITCH

3 Networks ∙ Services ∙ People 3 Science requirements – The Network View Adapted from The Rationale of Optical Networking, Cees de Laat, Erik Radius, Steven Wallace (c2002) Class A) are the typical home users Class B) consists of the corporations, enterprises, Universities, virtual organisations and laboratories. Class C) are the really high end applications Science means big data

5 Networks ∙ Services ∙ People Class A) are the simple library/journal/learnin g applications Class B) consists of the campus ‘corporate’ infrastructure Class C) are the really complex trust applications for collaboration and e- Research Science means big collaboration 5 Science Requirements - the Trust and Identity View Complexity

6 Networks ∙ Services ∙ People Network Design Pattern Design pattern 1: Protect your elephant flows Design pattern 2: Unclog your data taps Design pattern 3: Build a well tuned end to end infrastructure Trust and Identity Design Pattern Design pattern 1: Enable your collaboration flows Design pattern 2: Unclog your policy taps Design pattern 3: Build a well trusted end to end infrastructure 6 Science DMZ – Design patterns (Network Design Pattern -

7 Networks ∙ Services ∙ People Design pattern 1: Enable your collaboration flows Export IdPs to eduGAIN Export eResearch SPs to eduGAIN Design pattern 2: Unclog your policy taps For hub and spoke – do you need the same policies for your C users as for your a and B? Can you be more flexible? For full mesh – do you need to leave everything to the edges? Can you use your resource registry/central tools to apply policy for e- Research more scalably? Pragmatic assurance Design pattern 3: Build a well trusted end to end infrastructure Use Research and Scholarship and GÉANT Code of Conduct Entity Categories to make trust scale beyond your federation Adopt SIRTFI incident response framework to build trust Adopt group and attribute management services e.g. VO Platform 7 Science DMZ, the Trust and Identity View

8 Networks ∙ Services ∙ People Thank you Networks ∙ Services ∙ People This work is part of a project that has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 691567 (GN4-1). 8 @hardingar

