Presentation is loading. Please wait.

Presentation is loading. Please wait.

Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007

Published byHarjanti Budiaman Modified over 6 years ago

Similar presentations

Presentation on theme: "Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007"— Presentation transcript:

1 Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007
SURFfederatie Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007

2 Contents General intro Status IdM practices/policy Policy enforcement
Roles & groups Schemas LoA

3 General introduction Federation close to production status
Model with Central Federation Component (CFC) that translates federation protocols on-the-fly (SAML/A-Select/ADFS/ID-FF) Registration at privacy body (temporary storage of user data for FederatedSSO and/or federation protocol translation). NO requirements wrt technology

4 Status Test/Acceptation federation now runs approx. 1.5 jaar
IdP's: RUG, UU, SURFnet, TU-Delft RADIUS IdP for eduroam customers, used by: HU, Avans, HvA, Saxion, HAN Pilots with: Elsevier SD, Dutch publishers, Ellips consortium, SURFnet diensten Scheduled: EBSCO, Microsoft, SURFdiensten, OCLC Pica

5 IdM practices/policies
2 parties: FederatieLeden (federation members) Annex to regular contract with SURFnet Low level entry FPartners contract between SURFnet and Partner SURFnet is operator Contracts, attributes that are needed for a service published at website Userboard deputation of federation members

6 Policy enforcement Federation Member Sign and you’re member Club-model
Weak enforcement Almost no formal rules wrt identity management Some rules wrt privacy, 'good IdM' and dealing with abuse Service Provider MUST sign contract Define service, attributes etc. Privacy regulations (best practice will be made available) Requirements on certificate organisation, hostname, ‘friendly name’

7 Roles & groups None Federation is transparant channel
Federation is TTP (signing of certificates of SP's / IdP's)

8 Schemas used/planned 2 requirements: (opaque)userid@organisation
organisation (IdP) Schemas: study in Shibboleth pilot SCHAC IdM at institutions NOT homegeneous Easy start with simple model Presumably 4 or 5 mandatory fields, rest optional

9 Levels of AuthN Unique selling point of A-Select since version 0.1!
Requires authN standardisation in the policy wrt IdM, naming and issuance <authentication_methods> <identifier authsp_id="radius" uri="urn:oasis:names:tc:SAML:1.0:am:password"/> <identifier authsp_id="ldap" uri="urn:oasis:names:tc:SAML:1.0:am:password"/> <identifier authsp_id="sid" uri="urn:oasis:names:tc:SAML:1.0:am:HardwareToken"/ <identifier authsp_id="pki" uri="urn:oasis:names:tc:SAML:1.0:am:X509-PKI"/>

10 The SURFfederatie

11 Thank you! More info: http://federatie.surfnet.nl/

Download ppt "Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007"

Similar presentations

Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.

Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Copyright JNT Association 20051Optional www.ukfederation.org.uk Copyright JNT Association 2007 1 Joining the UK Access Management Federation 4th April.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
Update SURFnet Bart Kerver TF-EMC2-meeting, Utrecht, 17 Oktober 2006.

Update SURFnet Bart Kerver TF-EMC2-meeting, Utrecht, 17 Oktober 2006.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Www.kennisnet.nl Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.

Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
(From Radius Hierarchy to AAI) Miroslav Milinović University Computing Centre - Srce EuroCAMP Ljubljana, March 2006.

(From Radius Hierarchy to AAI) Miroslav Milinović University Computing Centre - Srce EuroCAMP Ljubljana, March 2006.
CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science

CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science
11-July-2011, SURFnet Heather Flanagan, COmanage Project Coordinator Benn Oshrin, COmanage Developer Scott Koranda, U. Wisconsin – Milwaukee and LIGO.

11-July-2011, SURFnet Heather Flanagan, COmanage Project Coordinator Benn Oshrin, COmanage Developer Scott Koranda, U. Wisconsin – Milwaukee and LIGO.
Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk An Introduction to Access Management and the UK Federation Simon Cooper.

Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Helsinki Institute of Physics (HIP) - 2003 Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Shibboleth in Finnish Higher Education Organisations E-ICOLC 2005 Poznan, Poland.

Shibboleth in Finnish Higher Education Organisations E-ICOLC 2005 Poznan, Poland.
Shibboleth federations: A Publisher’s Perspective Ale de Vries Product Manager ScienceDirect Elsevier Terena EuroCAMP Malaga, October 18-19, 2006.

Shibboleth federations: A Publisher’s Perspective Ale de Vries Product Manager ScienceDirect Elsevier Terena EuroCAMP Malaga, October 18-19, 2006.
Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.

Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.

Similar presentations

Ads by Google