Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exploring and Supporting

Published byEthan McCormick Modified over 6 years ago

Similar presentations

Presentation on theme: "Exploring and Supporting"— Presentation transcript:

1 Exploring and Supporting
Federated Identity Jack Suess Submitted by Prof. M. Halem on behalf of ICCE team

2 Introduction Camp June 4, 2010

3 What I Will Cover Welcome and CAMP overview
History and background on InCommon. My vision for InCommon Provide an overview of key concepts and terms you will hear related to federated identity and InCommon services. The critical role we all play in making this a success. Camp June 4, 2010

4 CAMP OVERVIEW Camp June 4, 2010

5 Program Committee Camp Joel Cooper Director of IT, Carleton
Doug Falk CIO, NSLC Louise Finn CIO, Loyola Renee Frost Internet2 Rodney Petersen EDUCAUSE Mark Scheible IdM Architect, NC State Renee Shuey, Program Chair IdM Architect, Penn State Darin Stewart Dir. Research & Collaboration Systems Oregon Health and Sciences Univ. Ann West Internet2/InCommon Dean Woodbeck InCommon Camp June 4, 2010

6 CAMP History Camp CAMP - Campus Architecture and Middleware Planning
Launched in 2003, today marks the 29th CAMP! Past material is on EDUCAUSE web site: %28CAMP%29Workshops/1607 Camp June 4, 2010

7 Camp June 4, 2010

8 CAMP Organization Day 1 Learning Outcomes- Day 1
Explain common terms and definitions commonly used in materials and presentations Level set - provide a common framework for all attendees on activity occurring in Federation through: Case Studies Value proposition Provide a chance for people to ask questions and interact at the reception Camp June 4, 2010

9 CAMP Organization Day 2 Camp Track 1 Track 2 Track 3
Exploring InCommon Moderator Darin Stewart In Production: Management Moderator Kevin Morooney In Production: Technical Mark Scheible Designed for campuses just beginning to get involved with InCommon. Designed for managers from campuses using InCommon that want to plan for coming advanced services. Designed for technical staff from campuses using InCommon that want to plan for coming advanced services. Camp June 4, 2010

10 CAMP Organization - Day 3
Looking ahead The national report - efforts associated with international, national, state, and local government, including K-12. Project idea lightening round- share your ideas. InCommon -- “The State of the Federation” Camp June 4, 2010

11 Camp June 4, 2010

12 InCOMMON HISTORY Camp June 4, 2010

13 Who is the Patron Saint of Lost Causes?
Camp June 4, 2010

14 Ken Klingenstein Camp June 4, 2010

15 Bio Help people who cannot help you
Help without the expectation of return Help many people Do the right thing the right way Pay back society Mensch (מענטש) a Yiddish word that means "a person of integrity." A mensch is someone who is responsible, has a sense of right and wrong and is the sort of person other people look up to. In English the word has come to mean "a good guy." Menschlichkeit (מענטשלעכקייט) is a related Yiddish word used to describe the collective qualities that make someone a mensch. Camp June 4, 2010

16 Camp June 4, 2010

17 Sherman, set the date for February 2000
Camp June 4, 2010

18 February 2000 Camp June 4, 2010

19 February 2000 CSG Camp June 4, 2010

20 Lost Cause to Award Winner
How did Ken go from patron saint of lost causes to EDUCAUSE Catalyst Award winner? Camp June 4, 2010

21 With a Little Help from his Friends
Camp June 4, 2010

22 MACE MEMBERS Camp RL "Bob" Morgan (chair) - University of Washington
Tom Barton - University of Chicago Scott Cantor - The Ohio State University Steven Carmody - Brown University Michael Gettes - Massachusetts Institute of Technology Brian Gilmore (European liaison) - The University of Edinburgh Jens Haeusser, University of British Columbia Keith Hazelton - University of Wisconsin Paul Hill - Massachusetts Institute of Technology Josh Howlett (European liaison) - JANET(UK) Leif Johansson (European liaison) - SUNET/NORDUnet Jim Jokl - University of Virginia Ken Klingenstein - Internet2 / University of Colorado Scotty Logan - Stanford University Diego Lopez (European liaison) - RedIRIS Rodney McDuff (Australian liaison) - The University of Queensland Mark Poepping - Carnegie Mellon University Renee Shuey - The Pennsylvania State University David Wasley - independent Von Welch - independent Camp June 4, 2010

23 MACE - Middleware Architecture Committee for Education
MACE-Dir's many projects include the eduPerson directory schema, the Directory of Directories for Higher Education, and the LDAP Recipe. MACE-Dir is chaired by Brendan Bellina. MACE-PKI works with the Federal PKI Technical Working Group, and, via participation in HEPKI, investigates technical and policy issues in the deployment of a public key infrastructure for higher education. MACE-PKI is chaired by Jim Jokl. MACE-Shibboleth is creating a web-based inter- institutional resource sharing mechanism. This work is supported by our corporate partner, IBM. MACE-Shibboleth is chaired by Steven Carmody. MACE-WebISO is investigating "web initial sign- on" packages: systems designed to allow users to use a standard central service to authenticate to web-based services across many web servers. MACE-WebISO is chaired by Nathan Dors. MACE administers a Uniform Resource Name (URN) namespace, supporting the assignment of unique, global, persistent names to resources of various kinds by MACE and its delegates. MACE also administers an Object Identifier arc for identifying resources of various kinds for Internet2/MACE projects and working groups. MACE-courseID works to further the development of course data elements for higher education, and to adapt existing developments for use in directory-enabled infrastructures. Camp June 4, 2010

24 Early History Timeline February 2000 Stone Soup meeting idea hatched
Process - began late summer 2000 with bi-weekly calls to develop scenario, requirements and architecture. Linkages to SAML established Dec 2000 Architecture and protocol completion - Aug 2001 Software design - Oct 2001 Coding began - Nov 2001 Alpha-1 release – April 24, 2002 OpenSAML release – July 15, 2002 v1.0 April v1.1 July 2003 Camp June 4, 2010

25 Camp June 4, 2010

26 InQueue InQueue Federation The precursor to InCommon
A federation with no trust! If your institution was a member of InQueue please stand up! Camp June 4, 2010

27 Why is that date important?
December 2003? Why is that date important? Camp June 4, 2010

28 Early 2004 Camp June 4, 2010

29 The Rise of National Federations
Starting in 2004 and continuing to today has been the internationalization of federation and the global impact it has had. Today we have 21 national federation in place and five in development. Camp June 4, 2010

30 Camp June 4, 2010

31 Camp June 4, 2010

32 2009 InCommon Futures Report
Focused on how InCommon should move forward over the next three years through 2012. Some of the major recommendations: Expand role into community-based collaboration and trust services Develop a three year business plan to support new initiatives such as bronze and silver. Develop a three year business plan to increase membership and increase InC value to participants. By end-of-year 2012 break even financially. By 2013 move from a steering committee to board. Camp June 4, 2010

33 33

34 June Participants! Camp June 4, 2010

35 Why We Strive to Succeed
Our community cares about privacy and ease of access to information. We want to insure our stakeholders maintain control of their information. The process around developing the tools and building support has been bottom up and involved people across the world. Many people in this room have spent the better part of a decade working to advance this this effort. Camp June 4, 2010

36 What Does This All Mean? You are joining an edu CAUSE!
You aren’t joining a federation, You are joining an edu CAUSE! Camp June 4, 2010

37 Definitions and Key Concepts
Camp June 4, 2010

38 Camp June 4, 2010

39 Key Definitions Attribute - A single piece of information associated with an electronic identity database record. Some attributes are general; others are personal. Some subset of all attributes defines a unique individual. Examples of an attribute are name, phone number, and group affiliation. eduOrg - An LDAP object class authored and promoted by the EDUCAUSE/Internet2 eduPerson Task Force to facilitate the development of inter-institutional applications. The eduOrg object class focuses on the attributes of organizations. Current documentation on the eduOrg object class is available at eduPerson - An LDAP object class authored and promoted by the EDUCAUSE/Internet2 eduPerson Task Force to facilitate the development of inter- institutional applications. The eduPerson object class focuses on the attributes of individuals. Current documentation on the eduPerson object class is available at Camp June 4, 2010

40 Camp June 4, 2010

41 More Definitions Identity Provider (IdP) - The originating location for a user. Previously called the Origin Site in the Shibboleth software implementation. For InCommon, an IdP is a campus or other organization that manages and operates an identity management system and offers information about members of its community to other InCommon participants. Service Provider (SP) - Previously called the Target Site in the Shibboleth software implementation. For InCommon, an SP is a campus or other organization that makes online resources available to users based in part on information about them that it receives from other InCommon participants. Participant - An organization accepted into the InCommon Federation that has met all the criteria for participation as either a higher education institution or a Sponsored Partner. Participant Agreement (PA) - This is the "contract" that a potential Participant signs when they are accepted by the Federation. This document outlines information such as fees, and responsibilities to participate in InCommon. Participant Operating Practices (POP) - This document describes how InCommon Participants need to describe their credential and identity management system. Camp June 4, 2010

42 Definitions for Federation Terms
federated identity - The management of identity information between members of a federation. federation - A federation is an association of organizations that come together to exchange information as appropriate about their users and resources in order to enable collaborations and transactions. Federation Operation Policies and Practices (FOPP) - The policies and practices the Federation operates under on a day-to-day basis. This document describes the activities of the Federation organization, the process of Participants applying and being accepted, etc., and how decisions are made. InCommon federation - InCommon is a formal federation of organizations focused on creating a common framework for trust in support of research and education. The primary purpose of the InCommon federation is to facilitate collaboration through the sharing of protected network- accessible resources by means of an agreed-upon common trust fabric. InCommon participation is separate from membership in Internet2. Camp June 4, 2010

43 More Definitions Where Are You From (WAYF) - A server used by the Shibboleth software to determine what a user's home organization is. Shibboleth® - Software developed by Internet2 to enable the sharing of web resources that are subject to access controls such as user IDs and passwords. Shibboleth leverages institutional sign-on and directory systems to work among organizations by locally authenticating users and then passing information about them to the resource site to enable that site to make an informed authorization decision. The Shibboleth architecture protects privacy by letting institutions and individuals set policies that control what information about a user can be released to each destination. For more information on Shibboleth please visit Camp June 4, 2010

44 All right, say ‘Shibboleth.”
Camp June 4, 2010

45 Federation Overview Camp June 4, 2010

46 What Does a Federation Provide
Defines the contractual responsibilities of members vis-a-vis each other and the federation. Defines the technical standards for interoperating amongst the members. Validates and verifies eligibility of members to join and participate Defines common data/attributes used by members Enforces all members abide by the agreed upon rules above. Camp June 4, 2010

47 Value of InCommon Governance by a representative Steering Committee Formulates policy, operational standards and practices, establishes a common set of attributes and definitions. Legal Agreement Basic responsibilities, official signatory and establishment of trust, conflict and dispute resolution, basic protections Trust “Notary” InCommon verifies the identity of organizations and their delegated officers Trusted Metadata InCommon verifies and aggregates security information for each participant’s servers, systems, and support contacts Technical Interoperability (Technical Advisory Committee) InCommon defines shared attributes, standards (SAML), software (Shibboleth) Camp June 4, 2010

48

49 Federated Access in 30 seconds
4. If attributes are acceptable to resource policy, access is granted! 3. Authorization: Privacy-preserving exchange of agreed upon attributes 2. Federation-based trust exchange to verify partners and locations 1. Authentication: single-sign-on at home institution Online Resource Attributes: Anonymous ID, Staff, Student, … Metadata, certificates, common attributes & meaning, federation registration authority, Shibboleth Home Institution – user signs in Camp June 4, 2010

50 Why does this all matter?
Camp June 4, 2010

51 Alternate Sourcing From ECAR
Camp June 4, 2010

52 Software-as-a-Service (SaaS)
SaaS is a model of software deployment whereby a provider licenses an application to customers for use as a service on demand. Many of the commercial service providers joining InCommon utilize this model. Camp June 4, 2010

53 Some Common Higher Ed SaaS Vendors
Camp June 4, 2010

54 Cloud Computing Gartner - “a style of computing where massively scaleable IT-enabled capabilities are delivered ‘as a service’ to external customers using Internet technologies.” Wikipedia - “cloud computing is a paradigm of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet.Users need not have knowledge of, expertise in, or control over the technology infrastructure in the "cloud" that supports them.” Camp June 4, 2010

55 Some Cloud Examples Camp June 4, 2010

56 The Challenge The challenge with SaaS or Cloud is integrating these separately developed applications into an integrated approach. How do you manage access? How do you manage provisioning? How do you integrate this into the web services you provide? InCommon provides an easy to use framework for customers and service providers that will work across higher education. Camp June 4, 2010

57 myUMBC Example Camp June 4, 2010

58 Thank You for Coming and Have a Great Conference!
Remember this isn’t just a federation It is a edu CAUSE! Thank You for Coming and Have a Great Conference! Camp June 4, 2010

Download ppt "Exploring and Supporting"

Similar presentations

04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.

04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
IAM Online Friday, February 12, 2010 “Introduction to Federated Identity Management” John O’Keefe, Lafayette College Questions either via Adobe Connect.

IAM Online Friday, February 12, 2010 “Introduction to Federated Identity Management” John O’Keefe, Lafayette College Questions either via Adobe Connect.
Welcome to CAMP Shibboleth Ken Klingenstein, Director, Internet2 Middleware Initiative.

Welcome to CAMP Shibboleth Ken Klingenstein, Director, Internet2 Middleware Initiative.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Welcome to CAMP Leveraging Campus Authentication Across Boundaries Workshop Ann West NMI-EDIT Outreach Michigan Tech/EDUCAUSE/Internet2.

Welcome to CAMP Leveraging Campus Authentication Across Boundaries Workshop Ann West NMI-EDIT Outreach Michigan Tech/EDUCAUSE/Internet2.
InCommon Policy Conference April 2005. 2 Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
EDUCAUSE PKI Working Group Where Are We and Where are We Going.

EDUCAUSE PKI Working Group Where Are We and Where are We Going.
CNRI Handle System and its Applications

CNRI Handle System and its Applications
AAF Middleware update February16 2012 Presented by Terry Smith Technical Manager and Heath Marks Manager.

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
The InCommon Federation The U.S. Access and Identity Management Federation www.incommon.org.

The InCommon Federation The U.S. Access and Identity Management Federation

Similar presentations

Ads by Google