Presentation is loading. Please wait.

Presentation is loading. Please wait.

InCommon Forum Fall 2012 Internet2 Member Meeting Wednesday, October 3, 2012 1.

Published byAron Mills Modified over 9 years ago

Similar presentations

Presentation on theme: "InCommon Forum Fall 2012 Internet2 Member Meeting Wednesday, October 3, 2012 1."— Presentation transcript:

1 InCommon Forum Fall 2012 Internet2 Member Meeting Wednesday, October 3, 2012 1

2 InCommon Forum Moderator: Michael Gettes Time Czar Cat Herder Participant Inciter 2

3 InCommon Forum Goals and Format 1. Technical Advisory Committee Priorities70 min. Lightning Round format TAC member presents (2-3 minutes per priority) Q/A and feedback (5-6 minutes per priority) 2. InCommon Updates 10 min. NSTIC and Identity Ecosystem Working Group CommIT, KAF, Social2SAML 3. Community Topics20 min. Topics you’d like to discuss 4. Wrap-up and Next Steps 5 min. 3

4 InCommon Technical Advisory Committee Priorities Overview – Renee Shuey 1.Revised TAC Charter 2.Brainstorming process to develop short- and long-term technical goals for InCommon 3.Prioritizing goals and moving toward implementation 4

5 Priorities – Long-term Goals Increase participation by US R&HE organizations Interfederate with all other R&HE federations Improve user experience – make federated access seamless Provide tools that help organizations and users benefit from the federation 5

6 Strategic Priorities Assurance Interfederation Metadata Distribution Federated User Experience Metadata Administration Supporting NET+ Services Mobile/Federated Non-browser Applications 6

7 Virginia Tech – First to become certified Bronze and Silver 7 Assurance

8 The Problem It's New. Only 1 SP supports it. It's Difficult to Adopt? It's New. Software Support is Nascent IdP POP's Don't Help SPs What about other SP and Technology requirements? The Proposed Solutions Engage FICAM on Agency Adoption Work with other Trust Frameworks Roll out Simplified Bronze Engage community Develop custom login handler Work with Affiliates Replace IdP POP with Bronze 8

9 Interfederation The Problem If you want your service to be accessible globally today, you need to join multiple federations The number of national federations is increasingly globally, as are federations that service regional interest or special groups (K-12, libraries, healthcare) There is little in the way of deployed tools and standards to help interfederation The Solution Participate in existing efforts to understand and begin addressing these problems (REFEDS – www.terena.org/activites/refeds/)www.terena.org/activites/refeds/ Organizations adopt recommended federation practices Models to build toward to avoid re-inventing the wheel: DNS, BGP, other? Gap analysis and use cases among national (and intra-national) federations 9

10 Metadata Distribution The Problem the current method of metadata distribution is brittle and does not scale batch delivery of metadata inhibits scaling and interfederation The Proposed Solution - Per-entity metadata A DNS-like model that queries for an entity's metadata on demand More efficient Avoids brittleness of a single metadata aggregate 10 Other Neat New Features Per-organization metadata (in conjunction with delegated administration) User-defined metadata aggregates based on self-asserted entity attributes Support for JSON metadata format in addition to traditional XML

11 Federated User Experience Attribute management Problems No in-band mechanism for SP to communicate attribute requirements IdPs cautious on attribute release When SP receives insufficient attributes, user reaches dead-end Solutions Attribute management automation Service categories Requested attributes in metadata User consent Federated error handling 11 IdP discovery Solutions Deploy a new centralized DS that conforms to current best practices The new DS will derive its UI from MDUI elements in JSON metadata Support for entity attribute filtering Support for alternative discovery profiles Support for social IdPs

12 Metadata Administration The Problems Site admins don’t keep their metadata up to date Federation Manager (FM) application login not federated and overall UI lacking Some organizations have too many entities for one or two people to manage Too many manual processes Access to the FM is based on password alone (which can be phished) 12 The Solutions Delegated administration Two-factor for the FM (compliments of Duo Security) API for submitting SP metadata API for submitting low-risk metadata Automate administrative processes Mobile-based confirmations, notifications, and metadata submissions

13 Supporting Net+ The Goal Large-scale NET+ adoption by the community: services just plug-in and work Supporting scale - minimal per-campus technical integration effort Use of InCommon and federated identity services: AuthN and attributes The Problem By and large, federated identity management is new to NET+ providers Implementation of federated IdM may be driven only by higher education How do we make the case for them to invest in the "little bit" of work we might need? Issues that are small for pilot schools might be large for the community in general Potential Solutions Might vendors converge to fully support the federated model naturally? More education/information demonstrating the benefits in vendor terms? Assist early adopters when leverage it is at its peak during contract negotiations? Support for other technologies? 13

14 Mobile/Federated Non-Web Applications The Problem: SAML Web Browser Single Sign-On does not satisfy all the federation use cases in our community, such as: Research apps outside the browser Mobile apps Interoperability with social identities The Solution: Encourage IdP operators to enable the SAML ECP (Enhanced Client and Proxy) support in Shibboleth Continue work of the Social2SAML Working Group to provide a translation service (non-SAML protocols to SAML assertions. Project Moonshot (Janet-led initiative in partnership with GEANT) to extend benefits of federated identity to non-web services. Track OAuth’s work toward solving this problem, with an eye toward discussing interoperability and standards at the appropriate time 14

15 InCommon Updates 15

16 National Strategy for Trusted Identities in Cyberspace (NSTIC) Internet2/InCommon receives $1.8 million Build a consistent and robust privacy infrastructure through federated identity management Help individuals preserve privacy build a scalable privacy infrastructure Ken Klingenstein, Principal Investigator Update: Identity Ecosystem Steering Group Management Council Jack Suess – representative for Research, Development, Education & Innovation 16

17 InCommon Conversations and Working Groups CommIT KAF Social2SAML User Identities Research Agencies Student State & Regional Federations (with Educause) Assurance 17

18 Community Discussion 18

19 Topics – Cash Cab Style More local staff – various staffing concerns. Learn from other federations –Higher LoA IdP of last resort – aussie What is process for influencing fed software dev? Overall funding model concerns. InCommon, Internet2, CIFER, Grouper, Shib, etc. NET+ Campus IdM Service? TAC list is a great list +1 Non-web support needed Research projects may likely stand- up own federations. –Combo of funding, legal, tech. Complexities of joining InCommon. Not getting tombstone attributes (attr release). –R&S scholarship is a great approach – but they need more R1+ participants. Vendor barriers – too many rules? SAML just a tool to interop with customers – not really interested in federation. 19

20 Next Steps and Wrap-Up 20

Download ppt "InCommon Forum Fall 2012 Internet2 Member Meeting Wednesday, October 3, 2012 1."

Similar presentations

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
TIER – before, now and after If you do not talk this will be a very long hour because we can only repeat the same stuff for so long… 1.

TIER – before, now and after If you do not talk this will be a very long hour because we can only repeat the same stuff for so long… 1.
The Changing Role of the Technologist as Higher Ed Embraces the Cloud Michele Decker, University of Notre Dame Jacob Farmer, Indiana University Derek D.

The Changing Role of the Technologist as Higher Ed Embraces the Cloud Michele Decker, University of Notre Dame Jacob Farmer, Indiana University Derek D.
EduGAIN – Are we there yet? Lukas Hämmerle (ghost writer, Brook Schofield) FIM4R, Helsinki – 2 October 2013.

EduGAIN – Are we there yet? Lukas Hämmerle (ghost writer, Brook Schofield) FIM4R, Helsinki – 2 October 2013.
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
Bill Yock University of Washington Coordinating Education and Research Communities to radically improve Identity and Access Management. Shel.

Bill Yock University of Washington Coordinating Education and Research Communities to radically improve Identity and Access Management. Shel.
Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.
Graffiti Reporting A partnership of Local and State Government; My Local Services App enhancements.

Graffiti Reporting A partnership of Local and State Government; My Local Services App enhancements.
Www.incommon.org A View into the Mi$t 1 RL Bob Morgan University of Washington Co-chair, InCommon Technical Advisory Committee.

A View into the Mi$t 1 RL "Bob" Morgan University of Washington Co-chair, InCommon Technical Advisory Committee.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.

Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Federated Identity for Scientific Collaborations: Policy Issues Jim Basney 2 nd Workshop on Federated Identity Systems for Scientific.

Federated Identity for Scientific Collaborations: Policy Issues Jim Basney 2 nd Workshop on Federated Identity Systems for Scientific.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.

Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.
The InCommon Federation The U.S. Access and Identity Management Federation www.incommon.org.

The InCommon Federation The U.S. Access and Identity Management Federation

Similar presentations

Ads by Google