Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scalability of trust and metadata exchange across federations

Published byRafe Horn Modified over 6 years ago

Similar presentations

Presentation on theme: "Scalability of trust and metadata exchange across federations"— Presentation transcript:

1 Scalability of trust and metadata exchange across federations
Bob Hulsebosch Mortaza Bargh Hans Zandbelt (SURFnet) 3 TNC2011 Prague

2 Outline Introduction (problem statement) Current solution
Proposed solution Conclusions & recommendations Addressing scalability of metadata exchange

3 Introduction: cross federative identity management
Federation A Federation B entities IdP SP IdP: Identity Provider SP: Service Provider user 3 3

4 Introduction: problem description
scalability = - # of trust relationships (mainly) - metadata exchange process a trust relationship: - same collaboration framework - authentic metadata SP IdP trust in metadata, established through federation(s) requires ?? signed metadata file (XML) SP IdP metadata exchange partly requires SP IdP SAML data exchange inter-entity trust requires 4 4

5 Introduction: example
Assume: 20 federations 150 IdPs per federation 2000 SPs per federation How many trust relationships needed? 5,700,000 relationships (established by the entity or federation)

6 Current solution Centralized metadata aggregation (so-called “simple metadata aggregation”) Starting point Pulling metadata by the central metadata aggregator Central metadata document Easy metadata discovery eduGAIN prototype Kalmar confederation 6

7 Federation model SP IdP MA federation A trusted metadata federation
central metadata MA: metadata aggregator 7

8 Current solution ↑ core trust fabric ↓ core trust fabric 8 Central MA
federation E federation F federation C federation D MA MA SP IdP SP IdP IdP SP IdP SP IdP SP IdP SP federation A federation B 8

9 Proposed solution core trust fabric 9 meta MA federation E
federation F federation C federation D MA MA SP IdP SP IdP IdP SP IdP SP IdP SP IdP SP federation A federation B 9

10 Proposed solution 4 4’ 5’ 5 3 6 WAYF 2 1 10 meta MA
pub key and URL of MA-A, … pub key and URL of meta-MA 4 4’ MD: pub key and URL of MA-A signed by meta-MA federation A fed B 5’ 5 MD of IdP signed by MA-A MA MA 3 6 MD of IdP signed by MA-B IdP SP pub key and URL of MA-B WAYF 2 1 10

11 Reflection ≈20 ≈5,700,000 11 core trust fabric local trust fabric
requires SP IdP trust in meta-metadata, (e.g., in public keys) MA SP IdP meta-metadata (e.g., public keys) requires MA ≈5,700,000 SP IdP SAML data exchange inter-entity trust metadata exchange trust in metadata, established through federations requires partly requires MA 11 11

12 Reflection # of trust relationships Metadata distribution process
With a central entity (meta-MA): ≈ 20 relationships Metadata distribution process No need for a central entity Between MAs 12

13 Conclusions/recommendations
Use local MAs for meta-data exchange More scalable Use meta-MA for trust establishment between MAs Lightweight, no SPOF, less trust relations to manage Implement and test the proposed architecture to gain insight to interoperability, protocols, scalability, … Design a number of core services E.g., WAYF service, self-registration service, cross federation group management service, join/departure notification service Trustful metadata distribution for Virtual Collaborations to gain insight and experience over interoperability issues, required new functionalities, scalability and performance indicators, strategies for metadata aggregation that optimize the costs associated with metadata update and metadata usage, etc. The testbed can be realized in a national setting (e.g., between SURFnet and Kennisnet) or an international setting (e.g. within eduGAIN). 13

14 Questions? Addressing scalability of metadata exchange

Download ppt "Scalability of trust and metadata exchange across federations"

Similar presentations

Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
Update SURFnet Bart Kerver TF-EMC2-meeting, Utrecht, 17 Oktober 2006.

Update SURFnet Bart Kerver TF-EMC2-meeting, Utrecht, 17 Oktober 2006.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Www.kennisnet.nl Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.

Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Introduction to Digital Libraries hussein suleman uct cs honours 2004.

Introduction to Digital Libraries hussein suleman uct cs honours 2004.
Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.

Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service 2012-02-27 Federated Identity Systems.

Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.
Digital Object Architecture

Digital Object Architecture
MPEG-21 : Overview MUMT 611 Doug Van Nort. Introduction Rather than audiovisual content, purpose is set of standards to deliver multimedia in secure environment.

MPEG-21 : Overview MUMT 611 Doug Van Nort. Introduction Rather than audiovisual content, purpose is set of standards to deliver multimedia in secure environment.
SAML Right Here, Right Now Hal Lockhart September 25, 2012.

SAML Right Here, Right Now Hal Lockhart September 25, 2012.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Design of a Search Engine for Metadata Search Based on Metalogy Ing-Xiang Chen, Che-Min Chen,and Cheng-Zen Yang Dept. of Computer Engineering and Science.

Design of a Search Engine for Metadata Search Based on Metalogy Ing-Xiang Chen, Che-Min Chen,and Cheng-Zen Yang Dept. of Computer Engineering and Science.

Similar presentations

Ads by Google