Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fed-Ed Dec 08: Updates on Federations

Published byNelson Jefferson Modified over 6 years ago

Similar presentations

Presentation on theme: "Fed-Ed Dec 08: Updates on Federations"— Presentation transcript:

1 Fed-Ed Dec 08: Updates on Federations
Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at Boulder

2 Topics Internet identity update Federations Applications update
Technology updates ISOC, IETF “Identity, Trust and the Internet” Privacy and its implications for federation Federations US InCommon and Soup Planning the future of InCommon Liberty Alliance, International Applications update Collaboration apps Open source kumbaya

3 Internet identity Federated identity User centric identity
Enterprise centric, exponentially growing, privacy preserving, rich attribute mechanisms Requires lawyers, infrastructure, etc User centric identity P2P, rapidly growing, light-weight Marketplace is fractured; products are getting heavier to deal with privacy, attributes, etc. Unifying layers emerging – Cardspace, Higgins

4 Federated identity Convergence around SAML 2.0 – even MS
Exponential growth in national and international R&E sectors Emerging verticals in the automobile industry, real-estate, government, medical Policy convergence for LOA, basic attributes (eduPerson), but all else, including interfederation, remains to be developed Application use growing steadily Visibility is about to increase significantly through end-user interactions with identity selectors and privacy managers

5 User-centric identity
Driven by social networking {Facebook, MySpace, etc} and {Google, AOL, MSN}, growing rapidly Relatively lightweight to implement for both application developers and identity providers Separates unique identifier and trust (reputation systems, etc.) Fractured by lack of standards, vying corporate interests, lack of relying parties, etc. OpenId, Facebook Connect, Google Connect, AOL

6 Unifying the user experience
Among various identity providers, including P2P, self-issued, federated Need to manage discovery, authentication, and attribute release Cardspace, Higgins, uApprove, etc. Consistent metaphors, somewhat different technical approaches Starting to deploy Integrating enterprise and social identity

7 Trust, Identity and the Internet
ISOC initiative to introduce trust and identity-leveraged capabilities to many RFC’s and protocols Acknowledges the assumptions of the original protocols about the fine nature of our friends on the Internet and the subsequent realities First target area is DKIM; subsequent targets include SIP and firewall traversal

8 Privacy A broad and complex term, like security, encompassing many different themes An important privacy issue - personal data release What is personal data? Release a function of national, EU, and local policy International transactions common and complex Roughly separates into “required for transaction” and “needs consent”

9 Art 29 WG overarching but lots of confusion below IP address
EU Privacy Laws Art 29 WG overarching but lots of confusion below IP address EPTID – a non-correlating, opaque but persistent identifier For privacy and state – e.g. searches, web blogs Critical to federated privacy

10 Some UK – EU recommendations
Identity Providers should Construct pseudonymous identifier values in ways that conceal as far as possible the identity of the user, for example by using one-way hash functions and providing different values to each service provider; Declare that they will not disclose the identity of the person to which a particular identifier value was assigned, other than when required by law to do so. In particular, reports of misuse or other problems should be investigated by the Identity Provider, who is anyway most likely to be able to hold the user to account, and not the Service Provider. Service Providers should Not collect personally identifying information from a user who was otherwise only identified by a pseudonymous identifier; Not seek to obtain information linking a pseudonymous identifier to a user from any other source; in particular they should not aggregate information collected from different services; Provide evidence to Identity Providers to permit them to investigate and deal with any misuse or other problem in the use of the service.

11 Federated identity growing in business
Federation Update R&E federations sprouting at national, state, regional, university system, library alliance, and elsewhere Federated identity growing in business Many bilateral outsourced relationships Hub and spoke Multilateral relationships growing in some verticals

12 R&E Federation Killer Apps
Content access – Elsevier, OCLC, JSTOR, iTunes Government access – NIH ERA, CTSA, soon NSF and research.gov Access to collaboration tools – wikis, moodle, foodle Roaming network access Outsourced services – National Student Clearing House, student travel, plagarism, testing, travel accounting MS Dreamspark

13 InCommon Over 118 members and growing steadily
More than two million “users” Most of the major research institutions New types of members Non usual suspects – Lafayette, NITLE, Univ of Mary Washington, etc. National Institute of Health, soon NSF and research.gov Energy Labs, ESnet, TeraGrid MS, Apple, Elsevier, etc. Student service providers Steering Committee chaired by Clair Goldsmith of Univ of Texas; Technical Committee chaired by Renee Shuey of Penn State

14 InCommon Update Growth is quite strong; doubled in size for the fifth year straight… Potential size estimates (pre-interfederation) could grow > 5,000 enterprises; revenue stream…. Overarching MoU for federal agencies to join may happen Silver profile approved Major planning effort on the future of InCommon now underway, including governance, community served, pricing and packaging principles, business models

15 Grist for InCommon direction setting
Comparison to other national R&E federations Budget, basics Strength-weakness-opportunities-threats analysis Status of soup Growth and expense/revenue projections Effect of interfederation and soup on projections Other business opportunities

16 Principles to be established by process
Community served Business opportunities Governance and representation Pricing and packaging principles – membership models, working with soup, etc. Charge by cost or charge by value The relationship between InCommon and Internet2

17 Federation Soup Within the US, federations happening in many ways – state, university system, library, regional, etc Until we do interfederation, and probably afterwards, federations will form among enterprises that need to collaborate, regardless of their sector Common issues include business models, legal models, LOA and attributes, sustainability of soup Overlapping memberships and policy differences creates lots of complexity in user experience, membership models, business models, etc. One workshop in, so far…

18 A locus for federation discussions
Liberty Alliance A locus for federation discussions eGov IAAF New Interfed SIG soon to start Dealing with policy aspects of Interfed Reaching out across sectors Trying to walk the walk as well – multifederated wiki for discussions

19 International federations
More than 25 national federations; Several countries at 100% coverage, including Norway, Switzerland, Finland; communities served varies somewhat by country, but all are multi-application and include HE UK intends a single federation for HE and Further Education ~ tens of millions of users EU-wide identity effort now rolling out - IDABC and the Stork Project ( Key issues around EU Privacy and the EPTID Some interfederation – Kalmar Union and US-UK

20 REfeds meeting Utrecht Dec 4-5
All federations reporting tipping point phenomena Key issues include building the business, communities served, attribute development, interfederation, application integration, working with Liberty Alliance, international privacy, etc Integration with e-Science, CLARIN, etc.

21 Next Steps for the R&E federation community
Learning the business of federation -REfeds Attributes redux - ? LOA – Liberty IAAF Application enablement – MACE, TF-EMC2, etc Short-term metadata aggregation -? Long-term dynamic metadata development – EMC2 EGov – Liberty eGov SIG Support of virtual organizations and collaborations - REfeds Outreach to emerging R&E feds – REfeds Outreach to other sectors - Liberty

22 More next steps Federated operator practices standards – Liberty (but where) Common member-federated operator agreement – IETF/ISOC Common member operational practices statement – IETF/ISOC Interfederation – Liberty Interfed SIG Technical common standards – EMC2 Attribute mapping, attributes into English, standard approaches to InfoCard, uApprove, etc.

23 Collaboration and Federated Identity
Two powerful forces being leveraged the rise of federated identity the bloom in collaboration tools, most particularly in the Web 2.0 space but including file shares, list procs, etc Collaboration management platforms provide identity services to “domesticated” applications that externalize their identity management dimensions to an general identity/group/privilege/etc repository (LDAP, MySQL, etc.) Results in user and collaboration centric identity, not tool-based identity COmanage is a collaboration management platform, supported in part by a NSF OCI grant, being developed by the Internet2 community, with Stanford as a lead institution

24 COmanage COmanage can provide authentication and authorization services (group membership, privilege management, etc) to apps Domesticated applications currently include wiki, listproc, Jira, Subversion, Al Fresco. Soon to add audioconferencing, IM and chat rooms, EC2, Fedora, web-based file share, etc. Can be launched as an image in the Amazon cloud. Not “collaboration in a box”. More collaboration in a fully permeable membrane. The “stand-alone” can be readily replumbed to be completely integrated into enterprise, federated or other attribute ecosystems as they develop Uses Shibboleth and Grouper and…

25 Integration with Open Source Efforts
Federated versions of Fedora and DSpace abound; domesticated versions to come Sakai, Moodle, etc also federated Kuali and Rice/KIM are under active discussion Asterisk, Openwiki, other collaboration tools

Download ppt "Fed-Ed Dec 08: Updates on Federations"

Similar presentations

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.
The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.
TF-EMC2 – Internet2 update Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at Boulder.

TF-EMC2 – Internet2 update Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at Boulder.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.

Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.
Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,

Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.

Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
Internet Scale Identity, Collaboration and Higher Education.

Internet Scale Identity, Collaboration and Higher Education.
Fed-Ed Dec 08: Updates on Federations Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at.

Fed-Ed Dec 08: Updates on Federations Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.

Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
New CyberInfrastructure for Collaboration between Higher Ed and NIH.

New CyberInfrastructure for Collaboration between Higher Ed and NIH.
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.

Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.
Stuff Ken Klingenstein. Stuff sack InCommon Stuff Infocard, Open Id, etc… Federation soup Cormack slides on EU (and US) privacy International.

Stuff Ken Klingenstein. Stuff sack InCommon Stuff Infocard, Open Id, etc… Federation soup Cormack slides on EU (and US) privacy International.
The InCommon Federation The U.S. Access and Identity Management Federation www.incommon.org.

The InCommon Federation The U.S. Access and Identity Management Federation
Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.

Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.
Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco.

Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco.

Similar presentations

Ads by Google