Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation Clair Goldsmith,

Published byGiles Merritt Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation Clair Goldsmith,"— Presentation transcript:

1 1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation Clair Goldsmith, Ph.D. The University of Texas System Administration & Barry Ribbeck Rice University

2 2 Identity Management Federations Access Management Federations Definition: A collaboration of independent entities that give up a certain degree of autonomy in pursuit of a a common set of goals that create a federation. Federations enable scalable, trustworthy, secure online partnerships. Federations set common policies, technical interoperability criteria, and provides central services to establish and maintain trust. Participants use existing identity management infrastructure for inter-institutional collaborations.

3 3 “To meet the increasing campus demand for using external applications and online resources, we developed and implemented solutions that efficiently use our existing information infrastructures securely and safely in such a way that we maintain control over the release of personal information for people at Penn State. InCommon is a vitally important part of this infrastructure and helps put us in a position to provide a richer, easier to use, safer online experience for Penn State students, faculty, and staff.” -Kevin Morooney The Purpose for Federated Access within Higher Education

4 4 The Partnership Challenge Just like faculty and staff members, institutions have partners. Many of these partnerships revolve around sharing/using online resources. How many relationships do you manage? How much time is spent on the differing requirements for each partner? How much risk do these relationships bring to your network?

5 5 The Partnership Challenge Higher education’s missions are realized in increasingly collaborative relationships globally –Higher educations’ digital collections, data, and resources –Commercial service and resource partners InCommon economizes the time and resources that otherwise would be spent on the differing “one off” requirements for each individual partner InCommon maximizes security and privacy of personally identifiable/sensitive information Users are not burdened by load times of log-in credentials

6 6 The Partnership Solution Wouldn't it be great if you were able to deal with each partner in the same way; saving time and reducing risk, all at once? This is what federations are created to do

7 7 Attributes: Anonymous ID, Staff, Student, … Online Resource Federated Access in 30 seconds 1. Single Sign On : Log In to existing home system 2. Federation-based Trust Exchange to establish and verify partners & locations 3. Privacy preserving exchange Home Institution metadata, certificates, common attributes & meaning, federation registration authority, Shibboleth, pinch of magic 4. If attributes are acceptable, Access is granted!

8 8 Why is Governance Needed? Oversight and Conflict Resolution Establish and manage trust agreements Determine direction and formulate policy Ensure services meet business needs while maintaining the appropriate security and compliance with legal requirements Establish and communicate scalable operational standards and processes

9 9 What is the Alternative? Collection of one-to-one agreements Conflicting agendas and no common goal No technology standards. One-off implementations for every application. Inconsistency in operating practices. No assurance of appropriate security and compliance with legal requirements

10 10 Federation Governance Models Homogeneous Institutions Operating Standards and Practices may vary from institution to institution, but… Governance policies should be relatively consistent, and… Legal requirements should be similar if not the same Considerations Governance may be more tightly structured Governance through Executive Committees or Governing Boards Key executives make decisions

11 11 Federation Governance Models (cont.) Diverse Institutions Operating Standards and Practices vary from institution to institution, and… Governance policies are not consistent, and… No formal authority to force a decision, and… Legal requirements may not be similar at all. Considerations Governance may be more loosely organized Reliance on advisory groups to formulate recommendations Guidance through Steering Committees Collegiality as opposed to strong governance

12 12 The most common examples are: Governance Models in Shibboleth Federations DiverseHomogeneous TestShibInCommonUT SystemU.S. EAF

13 13 Where Does The University of Texas System Fit? Homogeneous Share a common Mission Same governance body and consistent governance policies Same legal requirements And Also Diverse Significant differences in size and budgets Significant differences in culture Institutions enjoy considerable autonomy 16 “stovepipes” 16 Institutions 16 Institutions 9 General Academic institutions9 General Academic institutions 6 Health institutions6 Health institutions 1 System Administration1 System Administration

14 14 Where Does InCommon Fit? Homogeneous Share a broad common Mission Governance only wrt inter-institutional collaboration (InCommon) Legal requirements are similar for specific federation use And Also Diverse Size & Budgets For Profit, Non-Profit Bi-lateral agreements also govern collaborations Autonomy: Policy and Practices are “Post and Tell” – Descriptive rather than Prescriptive 45 Participants 45 Participants 31 General Academic institutions31 General Academic institutions 13 Online Service Partners13 Online Service Partners 1 Independent Identity Management Partner1 Independent Identity Management Partner

15 15 Internet2 InCommon Governance Federation Business & Operations Federation Business & Operations Technical Advisory Committee Technical Advisory Committee Nominations Committee Nominations Committee Steering Committee Representative of Higher Ed & its Partners Steering Committee Representative of Higher Ed & its Partners Direction Candidate Approvals Advice

16 16 InCommon Trust Fabric InCommon verifies the identity of all participating organizations and issues server certificates for secure communication Participants agree to the Federation operational principals and share among themselves their own resource and identity management operational principals Each resource manages access based on the agreed-upon user identity attributes Each home organization manages user accounts and the release of personal information (identity and privacy management)

17 17 The Value of InCommon Scalability –InCommon is the trust broker InCommon verifies the identity of organizations and their delegated officers; –Metadata InCommon aggregates trusted information pointing to each participant’s servers, systems, and technical contacts; –Certificate Authority InCommon issues participant server certificates –Technical Interoperability InCommon defines shared attributes, software, operational policies Personal Information remains under the control of the home organization Resource providers can focus on standards-based access controls and not on account management

18 18 45 Current InCommon Participants Case Western Reserve University Clemson University Cornell University Dartmouth Duke University Florida State University Georgetown University Miami University New York University Ohio University Penn State Stanford University Stony Brook University SUNY Buffalo The Ohio State University The University of Chicago University of Alabama at Birmingham University of California, Irvine University of California, Los Angeles University of California, Merced University of California, Office of the President University of California, Riverside University of California, San Diego University of Maryland University of Maryland Baltimore County University of Maryland, Baltimore University of Rochester University of Southern California University of Virginia University of Washington University of Wisconsin - Madison Cdigix EBSCO Publishing Elsevier ScienceDirect Houston Academy of Medicine - Texas Medical Center Library Internet2 JSTOR Napster, LLC OCLC OhioLink - The Ohio Library & Information Network ProtectNetwork Symplicity Corporation Thomson Learning, Inc. Turnitin WebAssign Higher Education (31) Sponsored Partners (14)

19 19 Houston Academy of Medicine Texas Medical Center Library Located in Houston Not a typical higher education library Shared resources between 44+ institutions Operated independent of schools Resource for medical schools, health sciences schools, hospitals, medical researchers and providers

20 20 NMI-EDIT ETR Grant RFP – do something useful with federating technology Context: Library serves as an identity provider for 44+ institutions for access to online digital content Problem: Access is based on loose coupling of individuals to an institution Managing appropriate access is difficult

21 21 Scenario Employee of one of the 44+ institutions is issued a credential for online access to digital resources. Employee leaves the TMC institution Library credential looses value and is compromised Content provider’s resources become compromised Very difficult for the Library to track down the user

22 22 Diagnosis Library credential is vulnerable to attack Credential has little value to the owner and is therefore commonly shared Very low probability of maintaining the link between the credential and the rightful owner (LOW LOA) Overhead to track down and resolve compromises is outside of the resources and scope of the library, but must be done to honor their contract.

23 23 Resolution The largest contributors and users of the library are 3 higher education institutions. Each of these institutions performs identity management by issuing, managing and revoking electronic credentials to their employees and students. Why not leverage these resources using federated technology.

24 24 ETR Grant Pilot Employ Sibboleth Resource (EZProxy) to front the online web based digital resources. Install a Shibboleth IdP to manage the small number of credentials not managed via institutions using federated access. Leverage the institutional credentials of the largest library members to grant access.

25 25 Parts 4 new servers Library Joins InCommon Demonstration: Pilot included a demonstration of access to the HAM-TMC Library resources from UTHSC, Baylor CoM, UT Systems and Brown University. Presentation to the Library Director.

26 26 Where are we now Federations – InCommon and UT Fed FOO? Production planning How will Federations Federate? Proof of concept for FOO Participants: TBD

27 27 Next for InCommon Federation Partnering: Inter-Federating –US Govt eAuthentication Federation Raising the bar: higher levels of trust Mapping to federal levels of assurance 1 and 2 InCommon Bronze (L1) InCommon Silver (L2) –Other Federations: Federal Agencies, State Federations, Countries, …

Download ppt "1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation Clair Goldsmith,"

Similar presentations

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
Federated Access: Identity Management and Access to Protected Resources Renée Woodten Frost Associate Director, Middleware & Security

Federated Access: Identity Management and Access to Protected Resources Renée Woodten Frost Associate Director, Middleware & Security
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Www.incommon.org InCommon and Federated Identity Management 1 www.incommon.org.

InCommon and Federated Identity Management 1
The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University

The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University
1 Governance in Identity Management Federations Clair Goldsmith, Ph.D. The University of Texas System Administration.

1 Governance in Identity Management Federations Clair Goldsmith, Ph.D. The University of Texas System Administration.
EAuthentication in Higher Education Tim Bornholtz Session 58.

EAuthentication in Higher Education Tim Bornholtz Session 58.
InCommon Policy Conference April 2005. 2 Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
Lightning Round of Innovative Work and Projects Copyright Joann Martyn, Joyce Esterman, Tracy Mitrano, Mark D. Strandskov, Tobias Nownes, Jacques Du Plessis,

Lightning Round of Innovative Work and Projects Copyright Joann Martyn, Joyce Esterman, Tracy Mitrano, Mark D. Strandskov, Tobias Nownes, Jacques Du Plessis,
1 Update on the InCommon Federation, Higher Education’s Community of Trust EDUCAUSE 2005 October 19 10:30am-11:20am.

1 Update on the InCommon Federation, Higher Education’s Community of Trust EDUCAUSE 2005 October 19 10:30am-11:20am.
Updates on Shib, a bit of InCommon and International Federations.

Updates on Shib, a bit of InCommon and International Federations.
Federations and Security: A Multi-level Marketing Scheme Ken Klingenstein Director, Internet2 Middleware and Security.

Federations and Security: A Multi-level Marketing Scheme Ken Klingenstein Director, Internet2 Middleware and Security.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
CILogon and InCommon: Technical Update Jim Basney This material is based upon work supported by the National Science Foundation under grant numbers 0943633.

CILogon and InCommon: Technical Update Jim Basney This material is based upon work supported by the National Science Foundation under grant numbers

Similar presentations

Ads by Google