Presentation is loading. Please wait.

Presentation is loading. Please wait.

Baseline Expectations for Trust in Federation

Similar presentations


Presentation on theme: "Baseline Expectations for Trust in Federation"— Presentation transcript:

1 Baseline Expectations for Trust in Federation
Nicole Harris, Brook Schofield, Tom Barton and all of you!

2 Outline Background - Tom Why, what, when
Sharpening the value of federation: FIM4Rv2 Collaboration-ready pyramid Discussion topics - Nicole & Brook What should a global baseline be? How close are the various federations to being there? What federation-specific circumstances help or hinder achieving that baseline? More, time permitting...

3 Why a Baseline? What trust do we need to have in Federation? When we rely on Federation, we are partnering with other organizations to do something for us that we would otherwise do for ourselves or forgo altogether. And mostly the latter: Federation makes possible the integration of resources, services, and users across the globe into the myriad ways that the R&E mission is undertaken.1 The most needed things need to be ubiquitous. [1] Baseline Expectations for Trust in Federation

4 Much input over 2015-16 to arrive at:
For Identity Providers The IdP is operated with organizational-level authority The IdP is trusted enough to be used to access the organization’s own systems Generally-accepted security practices are applied to the IdP Federation metadata is accurate, complete, and includes site technical, admin, and security contacts, MDUI information, and privacy policy URL

5 For Service Providers Controls are in place to reasonably secure information and maintain user privacy Information received from IdPs is not shared with third parties without permission and is stored only when necessary for SP’s purpose Generally-accepted security practices are applied to the SP Federation metadata is accurate, complete, and includes site technical, admin, and security contacts, MDUI information, and privacy policy URL Unless governed by an applicable contract, attributes required to obtain service are appropriate and made known publicly

6 and for Federation Operators
Focus on trustworthiness of their Federation as a primary objective and be transparent about such efforts Generally-accepted security practices are applied to the Federation’s operational systems Good practices are followed to ensure accuracy and authenticity of metadata to enable secure and trustworthy federated transactions Frameworks that improve trustworthy use of Federation, such as entity categories, are implemented and adoption by Members is promoted Work with relevant Federation Operators to promote realization of baseline expectations

7 How federation enables academic collaboration
Federated Identity Management for Research, version 21 40 authors, 20 research communities, 18 months [1]

8 Get collaboration ready
Protect collaboration resources Service Providers implement Reduce risk Support high value resources Standard MFA request/response Identity assurance info Identity Providers implement Release “Research & Scholarship” attributes Enable basic collaboration Basic security Accurate & complete metadata for good user experience Everybody implements Green and yellow tiers are what FIM4R identified as needed by research e-infrastructures. The question is how to make them happen. Years of asking nicely show that isn’t enough.

9 Discussion #1 The Baseline concept is based on the belief that to improve and sustain the value of R&E Federation for academic collaboration, some of its characteristics must be ubiquitous. What do REFEDSians think that set of characteristics is, that over time all R&E Federations should aim to make ubiquitous? Does the collaboration ready pyramid represent the right level at which a global Baseline should ultimately be set?

10 Discussion #2 How do each of the R&E Federations represented in the room compare with respect to each level in the pyramid? What federation-specific circumstances help or hinder achievement of the pyramid’s levels? What federation-specific approaches might be used to implement and maintain a baseline?

11 Discussion #3 Some parts of the pyramid are only technically implementable on certain federating software, yet many federation members will need to operate different federating technologies. How can each federation, or all federations together, address this common need of their members?

12 Discussion #4 Should a Baseline approach eventually become a requirement of participation in eduGAIN? For an entire federation? For each entity?

13 Discussion #5 How can each entity be trusted to meet the baseline?
How can we measure progress towards a global baseline?


Download ppt "Baseline Expectations for Trust in Federation"

Similar presentations


Ads by Google