Download presentation
Presentation is loading. Please wait.
Published byTiffany Howard Modified over 9 years ago
1
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008
2
Identity Federations Key characteristics Composed of self-governing regions Research & Education Institutions Research & Education Institutions and organisations that serve them Coming together to solve common problems Network connectivity Access management Governed by a common constitution Acceptable Use and other Policies Federation agreement Realised and enforced through common instruments Network infrastructure and norms (routers, naming, numbering, etc) Identity infrastructure and norms (trust, schema, protocols, etc) FederationsHEAnet
3
Trust Assertion How does federated identity work?
4
You already do ‘federated identity’ Visiting academics ERASMUS students Library visitors These tend to be ad hoc systems, relying on separate processes that may take days or weeks to complete. Wouldn’t it be handy if there was a single way to manage federated identity?
5
SAML Security Assertion Mark-up Language August 2002: SAML 1.0 November 2003: SAML 1.1 –Liberty Alliance ‘Identity Federation Framework’ –Internet2 ‘Shibboleth’ Project, Profile and Software March 2005: SAML 2.0 November 2008: Microsoft ‘Genesis’
7
About the UK federation The Athens service Interest in FAM from both JISC and Becta UK federation established in Nov 2006 Over 600 member organisations –Almost all Higher Education Institutions –Half of all Further Education Colleges –About half of the Schools sector ~30,000 schools regional aggregation –Several million users
8
About the UK federation Why federate access management? –Privacy –Single sign-on –Common technology supporting a broad range of applications, internal and external. –Integrates easily into existing identity infrastructure
9
Participation Eligible to all education and research organisations, and those that serve them. Rules of Membership –Legally binding agreement –User accountability Technical Recommendations –SAML 1.1 –Shibboleth 1.3
10
To identity federation…
11
…and beyond? Beyond national boundaries –Considerable interest in ‘inter-federation’ and ‘confederation’. –eduGAIN Beyond the Web –non-Web infrastructure and services –federated filestore, consoles, network access, etc…
12
Conclusions You already do federated identity, even if you don’t call it that! SAML is a well-established and widely deployed technology. Federated Access Management is acceptable to Institutions.
13
Thank you for your attention Any questions?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.