Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cross-sector and user-centric AAI

Published byShon Tate Modified over 6 years ago

Similar presentations

Presentation on theme: "Cross-sector and user-centric AAI"— Presentation transcript:

1 Cross-sector and user-centric AAI
Expanding federations beyond R&E Maarten Kremers Task Leader Trust and Identity Technology Development, GN4-2 Project Technical Product Manager, SURFnet, The Netherlands Internet2 Technology Exchange 2016 26th September 2016

2 Going cross-sector and user-centric
Collaboration is worldwide & cross-sector Authentication and Authorisation Infrastructure (AAI) services will be deployed to cope with the challenges of access to networks and their connected services. These developments include: Global and cross-sector, interfederated AAI service provision for the whole of the European R&E community and potentially, the rest of the world. GÉANT Strategy2020

3 Going Cross-sector with GovID’s
The eIDAS Regulation: ensures that people and businesses can use their own national electronic identification schemes (eIDs) to access public services in other EU countries where eIDs are available, creates an European internal market for eTS - namely electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication - by ensuring that they will work across borders and have the same legal status as traditional paper based processes. Only by providing certainty on the legal validity of all these services, businesses and citizens will use the digital interactions as their natural way of interaction. The Regulation (EU) N°910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) 

4 Going Cross-sector with GovID’s
STORK STORK 2.0 eIDAS STORK 2.0 / eIDAS SAML2int (eduGAIN)

5 Use Cases & PoC Use case 1:
A user with a STORK eID accesses a service provided by an SP in one of the eduGAIN Federations. Use case 2: A user with an account on an IdP in one of the eduGAIN Federations accesses a service provided by STORK in one of the STORK enabled member states.

6 Use Cases & PoC STORK/eIDAS : 1 node per country, full mesh between nodes

7 Use Cases & PoC eduPEPS: the development of a proxy element:
* Situated between a STORK federation and an eduGAIN federation * Providing a trusted entity for both the STORK and the eduGAIN federations. * Acts as a protocol translation bridge PoC worked out well Deployment options: 1 proxy per country ? 1 proxy for eduGAiN ?

8 Next Steps Redevelopment of the eduPEPS proxy STORK 2.0 eIDAS

9 Next Steps Pilots with several eIDAS eIDs
Technical requirements for interfederations Mapping assurance levels eIDAS eIDs to login to eduGAIN service Use of eIDAS for higher level of Assurance Combining eID assertions and university attributes

10 REFEDS blogpost interoperability https://refeds.org/a/1257
More information REFEDS blogpost interoperability

11 User-centric The EduKEEP architecture aims at transforming current Identity Federations to provide a user-centric approach for managing digital identities, that will bring user experience and simplicity of use at the heart of its processes

12 Starting Points User-Centric Identity Management Model
Split Authentication and Authorisation (Attributes, Groups, Entitlements) Persistent Digital Identity: Same ‘identifier’ over time Longevity Make the identity reusable instead of the the lifetime of a specific role  Attributes will changes over time for one identity (e.g. affiliation) Inclusiveness To include individuals who are not (currently) affiliated with an organisation

13 Starting Points User-Centric Identity Management Model
Low and high quality identities: To lower the entry burden for individuals accessing resources without high demands on quality  self-asserted basic attributes increase quality as needed  Enrich the identity with institutional attributes, increase LoA via vetting procedures Possibly build on eGov / eIDAS / BankID initiatives Service Provider can be a university, VO, Third Party, Cross-Sector

14 More information High Level Architecture document +Attributes+and+Authorisations

15 Best Practices for User Centric Federated Identity
Next Steps Best Practices for User Centric Federated Identity What’s out there, Architecture, Policy, Interfederation Pilots

16 Next Steps centric+identity+federation

17 Maarten Kremers

Download ppt "Cross-sector and user-centric AAI"

Similar presentations

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM(2012 238 final) {SWD(2012)

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM( final) {SWD(2012)
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
CEF Building Blocks Joao RODRIGUES FRADE

CEF Building Blocks Joao RODRIGUES FRADE
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.

The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.
Stork is an EU co-funded project INFSO-ICT-PSP-224993 STORK PRESENTATION STORK Presentation Lithuania March 2010.

Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION STORK Presentation Lithuania March 2010.
Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.

Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Identity Federation Policy Marina Vermezović, AMRES Federated Identity Technology Workshop Sofia, Bulgaria, 20. Jun 2014.

Identity Federation Policy Marina Vermezović, AMRES Federated Identity Technology Workshop Sofia, Bulgaria, 20. Jun 2014.
Supporting Are we ready? REFEDS, Oct 2013 Ann Harding

Supporting Are we ready? REFEDS, Oct 2013 Ann Harding
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)

Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
Test your IdP

Test your IdP
The German eID and eIDAS

The German eID and eIDAS
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.
eIDAS: current state of play and the Luxembourgish approach

eIDAS: current state of play and the Luxembourgish approach
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt

Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt

Similar presentations

Ads by Google