Presentation is loading. Please wait.

Presentation is loading. Please wait.

Update SURFnet Bart Kerver TF-EMC2-meeting, Utrecht, 17 Oktober 2006.

Similar presentations


Presentation on theme: "Update SURFnet Bart Kerver TF-EMC2-meeting, Utrecht, 17 Oktober 2006."— Presentation transcript:

1 Update SURFnet Bart Kerver Bart.kerver@surfnet.nl TF-EMC2-meeting, Utrecht, 17 Oktober 2006

2 High-quality Internet for higher education and research 2 SURFnet Federation project Main components: –describe use-cases for Federated IdM; –what services; –policies; –technology;

3 High-quality Internet for higher education and research 3 SURFnet’s role for IdM Awareness for Identity Management (IdM) –Reports on IdM studies on current state of IdM in HE in.NL; Scenarios to realize (upgrade) IdM; Federated IdM (business drivers, solutions…). –Workshops on IdM –Workgroup for Library Access Management (‘BAM’) Development and support of open source product A-Select (development, organize OS, pilots, architecture, deployments) Stimulate deployment of A-Select (200k+ users high-ed)

4 High-quality Internet for higher education and research 4 Federation initiatives -.NL KennisnetPublic librarieseduPoortSURFnet Register usersYes, centrallyNo, federatedBoth local and federatedFederated only Authenticate usersyes Both local and federatedFederated only Centralized attributesYesNoBoth local and federatedFederated only WAYFnoyesnoYes SSOyesnoyesYes, federated Multi federation protocolNo Yes: A-Select and SAML Con-federationPossibly Short term ProductA-SelectA-Select ‘Proxy’A-Select ‘Cross’A-Select ‘Cross/SAML’ User typeeveryone Research/HE only service provider central components for federation Identity provider

5 High-quality Internet for higher education and research 5 SURFnet Federation (2006) Build a service “SURFnet Federatie” (SNF) –technical implementation (based on A-Select); –define(d): policies, contracts, legal organization?…; –organize service providers (SP); –support identity providers (IdP); –Manuals and website (end-user, IdP,SP, helpdesk etc.)

6 High-quality Internet for higher education and research 6 SURFnet Federation (2007) –stimulate deployment and join-in workshops; install fests for both IdP and SP. –con-federate (‘confederate’: both NL and EU) –support standards (SAML, WS*,eduGAIN) –translate assertions enabling federared SSO ( SAML <> A-Select <> WSF <> eduGAIN) –pilots/work on federated (de-)provisioning –monitoring/tracking/tracing within federation –home organization for SURFnet specific services? –Technology scouting on MW for SOA/grid-services

7 High-quality Internet for higher education and research 7 SURFnet Federation Policies Start simple: low level entry Contract for IdP part of SURFnet contract? Contract for all SP’s standardized; If an IdP is also SP, just one contract. IdPs make best efforts: –to issue credentials to members only –to ensure accuracy of assertions SPs agree to respect the privacy of users –don't aggregate attributes or disclose to others –report on use of federation

8 High-quality Internet for higher education and research 8 Implementation Linux platform (cluster of 3 nodes, scalable setup); A-Select v1.5 (authN, attributes, SSO, SAML); GlobalSign (using SCS); University of Tilburg MySQL Benelux SURFnet Helpdesk

9 High-quality Internet for higher education and research 9 SURFnet Federation

10 High-quality Internet for higher education and research 10 usersidentitiescentral federation componentsresources (SAML) SAML

11 High-quality Internet for higher education and research 11 Pilots with SURFnet Federation Pilots with 3 publishers and Elsevier SD Booking system for VC-equipment (appl. by Switch) Ellips project (language studies) SURFgroepen (www.surfgroepen.nl) – MS Sharepointwww.surfgroepen.nl On the horizon (short term) -SURFnetdiensten (webshop); -3TU – 3 technical universities collaborating; -VideoPortal; -Institution specific usage stats (on services); -SURFstat (network stats);

12 High-quality Internet for higher education and research 12 A-Select developments Support for SAML1.1 (OpenSAML based) used for WAYF and IdP IdP: –Browser/Post WebSSO profile –Browser/Artifact WebSSO profile (type 0001 & 0002) –SAML Subject Queries (Attribute, Authentication, Authorization) Enhanced WAYF IdP discovery for SP Anonymity of users based on WS* Soon start with: –WS* (ADFS) implementation –pilot with MS CardSpace –interoperability with Oracle and Novell (IdP, SP) –Looking into Liberty support http://www.aselect.org/version/1.5/aselectchangelog.txt

13 High-quality Internet for higher education and research 13 SURFnet Statistics on SCS 2006 Jan Feb Mar Apr May Jun Jul Aug SepTotal Certs accepted 0 0 4 43 75 76 67 91 68424 Certs refused 0 0 3 7 20 10 15 11 23 SCS institutes 0 0 5 22 39 45 52 58 6464 (unique)

14 High-quality Internet for higher education and research 14 SURFnet Detective Meanwhile… SURFnet Detective has reached status/level of production- service as of May ‘06. http://detective.surfnet.nl/


Download ppt "Update SURFnet Bart Kerver TF-EMC2-meeting, Utrecht, 17 Oktober 2006."

Similar presentations


Ads by Google