Presentation is loading. Please wait.

Presentation is loading. Please wait.

Andrew Cormack Chief Regulatory Adviser, Access Management and Security WG.

Published byJosue Ormes Modified over 10 years ago

Similar presentations

Presentation on theme: "Andrew Cormack Chief Regulatory Adviser, Access Management and Security WG."— Presentation transcript:

1 Andrew Cormack Chief Regulatory Adviser, Janet @Janet_LegReg Access Management and Security WG

2 With thanks to David F: Identify common requirements Reuse existing stuff where we can Guide development of new stuff where efficient Use “specials” when needed Unofficial high level aims

3 Common user life-cycle? StagePolicyControllingCommon?Delegated? ApplicationInfrastructureWho gets accessHeadings?No Identity linkingAuthenticationHow identifiedYesYes: home org Group formingCollaborationMaybe?Yes: to PI Service useData/serviceLegal/ethical/etcPer discipline?? May I use? Here’s my team Use service This is me

4 e.g. Policy enforcement e.g. Revocation time e.g. Credential strength e.g. Policy enforcement e.g. Revocation time e.g. Credential strength Delegated Authentication If needed, link ‘me’ to #ID# etc. Login Linked account Authentication policy promises Authenticated as #ID# SystemProtectsProtocol eduroamNetwork accessRADIUS SAMLWebpagesHTTP Moonshot“Anything”HTTP, SSH,...

5 Probably common to many e-Infrastructures Need to agree it with organisation you’re delegating to – Easiest if they’re doing it already – Otherwise need to persuade them it’s worth it HE employers can probably already provide – Persistent identifier + accountability when required Unique, opaque, identifier Authenticated by username/password Revoked when person leaves Hold person accountable for reported policy breaches Getting more likely to need individual negotiations – How many organisations do users belong to? – Do you have users with no organisation? How many different policies do we need? Authentication policy

6 Infrastructure Policy – Who uses this infrastructure, for what – Probably unique to each infrastructure – May have common headings? Data Policy – Who uses this dataset, for what – Includes regulatory, ethical, commercial issues – May be common to a discipline – But maybe unique to the dataset Other Policies

7 Workflow – Maybe orthogonal to initial AuthN/AuthZ? Group management/authorisation tools Citizen scientists (and other homeless users) – Social login? Part of group management? Other? Secure operations etc. Sharing experiences of all of these Other possible areas of WG interest

8 Is this picture wrong? Do you need more than basic delegated authentication? What sources of authentication do you need? Is delegated group management needed? Can you provide/develop infrastructure & data policies? What’s missing? Questions

9 Janet, Lumen House Library Avenue, Harwell Oxford Didcot, Oxfordshire t: +44 (0) 1235 822200 f: +44 (0) 1235 822399 e: Andrew.Cormack@ja.netAndrew.Cormack@ja.net b: https://community.ja.net/blogs/regulatory-developments Questions?

Download ppt "Andrew Cormack Chief Regulatory Adviser, Access Management and Security WG."

Similar presentations

EBSCOadmin Authentication

EBSCOadmin Authentication
VOStore meetings, 2005-03-07 Slide 1 Ticket-based access control for VOStore? Guy Rixon March 2005.

VOStore meetings, Slide 1 Ticket-based access control for VOStore? Guy Rixon March 2005.
Two Components IMAT consists of two components

Two Components IMAT consists of two components
IMAT Attendee Instructions. Intro There are four steps to using this system, only one of which is recurring – the first three are onetime. Prior to or.

IMAT Attendee Instructions. Intro There are four steps to using this system, only one of which is recurring – the first three are onetime. Prior to or.
Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Josh Howlett Head, International Collaboration 22 May 2013 CEENGINE, Kiev Connecting research & education in the UK.

Josh Howlett Head, International Collaboration 22 May 2013 CEENGINE, Kiev Connecting research & education in the UK.
(Re)using existing AAI experiences and future --- AAI Soapbox --- Jens Jensen, STFC-RAL Terena VAMP, 0-1 Oct 2013.

(Re)using existing AAI experiences and future --- AAI Soapbox --- Jens Jensen, STFC-RAL Terena VAMP, 0-1 Oct 2013.
Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.

Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.
Updating User Details and Password Tutorial 5. Step 1.1 From the Energy Infrastructure Portal Home Page, click the Enter Site link to access the Portal.

Updating User Details and Password Tutorial 5. Step 1.1 From the Energy Infrastructure Portal Home Page, click the Enter Site link to access the Portal.
Copyright JNT Association 2010-1JANET Briefing, 20 th Jan, 20111 Digital Economy Act 2010 Andrew Cormack Chief Regulatory Adviser, JANET(UK)

Copyright JNT Association JANET Briefing, 20 th Jan, Digital Economy Act 2010 Andrew Cormack Chief Regulatory Adviser, JANET(UK)
© JANET(UK) 2011 Running a Public Communications Service Andrew Cormack Chief Regulatory Adviser, Janet

© JANET(UK) 2011 Running a Public Communications Service Andrew Cormack Chief Regulatory Adviser, Janet
John Chapman, Janet Fall 2012 Internet 2 Member Meeting 3 October 2012 Trust me, I’m an engineer: Engineering trust using a Trust Router infrastructure.

John Chapman, Janet Fall 2012 Internet 2 Member Meeting 3 October 2012 Trust me, I’m an engineer: Engineering trust using a Trust Router infrastructure.
May 2013 Janet Cloud Services SWIT3E –update. UK wide Cloud Services Framework – cloud and hybrid cloud services Sector agreements Microsoft/Google/Dropbox/Amazon-

May 2013 Janet Cloud Services SWIT3E –update. UK wide Cloud Services Framework – cloud and hybrid cloud services Sector agreements Microsoft/Google/Dropbox/Amazon-
August 2013 Introduction to Moonshot. Why Moonshot? Within education, there are a number of specialised federations: – UK federation - Access to web-based.

August 2013 Introduction to Moonshot. Why Moonshot? Within education, there are a number of specialised federations: – UK federation - Access to web-based.
John Littledale Service Lead Network Services Group Janet(UK) 01235 822303 East Scotland.

John Littledale Service Lead Network Services Group Janet(UK) East Scotland.
Methodbox: Preparing for National Service Shoaib Sufi 11/10/11.

Methodbox: Preparing for National Service Shoaib Sufi 11/10/11.
Why Web services should care about grid security Taavi Hupponen, CSC.

Why Web services should care about grid security Taavi Hupponen, CSC.
Federated access to e-Infrastructures worldwide

Federated access to e-Infrastructures worldwide
How-to Use iLab Solutions software within Auckland Science Analytical Services in the Faculty of Science, the University of Auckland Auckland Science Analytical.

How-to Use iLab Solutions software within Auckland Science Analytical Services in the Faculty of Science, the University of Auckland Auckland Science Analytical.

Similar presentations

Ads by Google