Presentation is loading. Please wait.

Presentation is loading. Please wait.

InCommon and Federated Identity Update

Published byJodie Craig Modified over 6 years ago

Similar presentations

Presentation on theme: "InCommon and Federated Identity Update"— Presentation transcript:

1 InCommon and Federated Identity Update

2 Topics The complex world of Internet identity InCommon growing out
Size and impact Application uses InCommon growing up Silver eptid federated incident handling Futures issues Governance, business model Services offered – SSL/personal certs, eduroam The Tao of Attributes workshop

3 Complex world of Internet identity
Apparent distinctions between federated identity systems and social networking (OpenId) Positioned as competitive Complementary in models OpenId limited to LOA 1 (at best) Several governments at work within the beltway Often more PR driven than use-case driven Privacy misunderstood but finally on the radar

4 Internet identity likely outcomes
Integration of technologies OpenId within the Shib platform eduPersonOpenId? Attribute management within OpenId Focus on business processes, not on protocols That’s what the TFP do Privacy management by end-users The attribute ecosystem becomes the real set of issues

5 InCommon Over 160 members now Over 3.6 million users
Most of the major research institutions Other types of members Non usual suspects – Lafayette, NITLE, Univ of Mary Washington, etc. National Institute of Health, NSF and research.gov Energy Labs, ESnet, TeraGrid MS, Apple, Elsevier, etc. Student service providers Commercial identity providers Growth is quite strong; doubled in size for the fifth year straight Silver profile approved but not yet operational

6 InCommon Impact Tens of thousands of transactions a day at Penn State
Basis for CIC collaborations Underpins hundreds of applications within UC, Texas, New York, North Carolina systems Required for external collaborations at several universities The basis for much of MS and Apple interactions with academia The basis for much of Elsevier, Proquest, JSTOR, National Student Loan Clearinghouse, alcohol.edu, Student Universe, OCLC, etc…

7 NIH Driving agency for much of our government activity
Several types of applications, spanning two levels of LOA and a number of attributes Wikis, access to genome databases, etc CTSA Electronic grants administration “Why should external users have internal NIH accounts?” Easier stuff – technology, clue at NIH, user interest Harder stuff – attributes (e.g. “organization”), dynamically supplied versus statically-supplied info

8 International R&E federations
More than 25 national federations Several countries at 100% coverage, including Norway, Switzerland, Finland; communities served varies somewhat by country, but all are multi-application and include HE UK intends a single federation for HE and Further Education ~ tens of millions of users EU-wide identity effort now rolling out - IDABC and the Stork Project ( Key issues around EU Privacy and the EPTID Some early interfederation – Kalmar Union and US-UK

9 InCommon Growing Up - Silver
LOA 2 on the campus Highly secure federation operational procedures Many applications require it (especially with LOA 1 now being sooooo low) May enfold other procedures on campuses

10 InCommon Growing Up – eptid and privacy
Need to have campuses provide persistent opaque identifiers (eptid) Need to adopt some explicit privacy policies, likely in the format of best practices and self certification Need to develop audit training mechanisms

11 InCommon Growing Up – Federated Incident Handling
Paradigms of shared security services (see REN-ISAC) Trust Local enforcement of external requests Interactions with law enforcement as needed How to amend InCommon agreements and processes

12

13 Attributes and Identity
Authentication is very important, but… Identity is just one of many attributes And attributes provide scalable access control, privacy, customization, linked identities, federated roles and more Good authentication + shared attributes (syntax and semantics) is the path.

14 Attribute use cases are rapidly emerging
FEMA needing first responders attributes and qualifications dynamically High-confidence attributes Access-ability use cases AAMC step-up authentication possibilities Public input processes – anonymous but qualified respondents Grid relying parties aggregating VO and campus The “IEEE” problem The “over legal age” and the difference in legal ages use cases Self-asserted attributes – friend, interests, preferences, etc

15 Metadata of attributes, LOA, etc Sources of authority and delegation
Key Issues Aggregation Metadata of attributes, LOA, etc Sources of authority and delegation Schema management, mapping, etc User interface Privacy and legal issues

16 Attribute aggregation
Gathering attributes from multiple sources From IdP or several IdP From other sources of authority From intermediaries such as portals Static and dynamic acquisition Some attributes are volatile (group memberships); others are static (Date of Birth) Some should be acquired per assertion; some once in a boarding process Will require a variety of standardized mechanisms – Bulk feeds, user activated links, triggers

17 Sources of authority Who gets to assign semantics (and syntax) to an attribute? How can they delegate assignment of value to the attribute by business agents, etc? What needs to be retained for audit/diagnostic How are attributes transported from sources of authority to the various repositories that will hold them

18 Schema management, mappings
Registries for schema Role of national level schema How to avoid mappings How to handle mappings

19 Current situation Proliferation of attributes – see Attribute aggregation approaches are beginning No real understanding of sources of authority, delegation, audit, etc Mappings and other evils lurk All of which needs to work with humans as users, authorities, etc.

20 GSA Workshop: The Tao of Attributes
Begin exploring the attribute issues Using US Gov use cases, including citizenship, voting residency, access-abilities, academic researcher support, first responder capabilities, etc. Map the landscape of issues Identify areas for further discussion, low-hanging fruit, etc All-star cast in a fishbowl, use case owners around, webcast Sept 28, 29th at NIH 属性之道

Download ppt "InCommon and Federated Identity Update"

Similar presentations

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.
The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.

Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
New CyberInfrastructure for Collaboration between Higher Ed and NIH.

New CyberInfrastructure for Collaboration between Higher Ed and NIH.
The InCommon Federation The U.S. Access and Identity Management Federation www.incommon.org.

The InCommon Federation The U.S. Access and Identity Management Federation
Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco.

Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco.
New Developments in Authentication and Access Management Alan Robiette JISC Development Group JISC-NSF-DLI2 Meeting, 2002.

New Developments in Authentication and Access Management Alan Robiette JISC Development Group JISC-NSF-DLI2 Meeting, 2002.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.

Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Federated Identity: What It Brings to Open Government Dr Ken Klingenstein Director, Internet2 Middleware and Security.

Federated Identity: What It Brings to Open Government Dr Ken Klingenstein Director, Internet2 Middleware and Security.

Similar presentations

Ads by Google