Presentation is loading. Please wait.

Presentation is loading. Please wait.

CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science

Published byDelilah Stone Modified over 9 years ago

Similar presentations

Presentation on theme: "CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science"— Presentation transcript:

1 CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science mikael.linden@csc.fi

2 Outline  Finnish higher education overview  Status  Technology  Organisation  Privacy  Service categories  Institutional Identity Management

3 Finnish higher education overview  20 universities, 29 polytechnics (universities of applied sciences) Small units spread all over the country  300 000 degree students, 40 000 employees CSC, the Finnish IT Center for Science  Non-profit company owned by the ministry of education  To provide centralised IT services to higher education and research Scentific computing, supercomputing Funet – the Finnish national research network (NREN) Haka identity federation

4 Status of Haka federation  Pilot federation operational 12/2003  Production federation operational 8/2005  Current members: 8/20 universities, 5/29 polytechnic Big universities; coverage 72% of eduPersons in universities Goal: 12/2006 14/20 universities, 15/29 polytechs  Agreement for federation partners available, no partners yet  IdPs and SPs 8 IdPs 8 SPs ~53 000 logins to services in February 2006

5 Technology in Haka  Shibboleth 1.2/1.3 Implemented IdP-side logout as an add-on feature  Schema: funetEduPerson 1.0 eduPerson + 10 national attributes (national identity code, date of birth, homeOrganization, student number, target degree/educational program/major of a univ/polytech student) Going to release a new version soon (Schac adopted)  PKI/Server certificates: Sonera CA (a pop-up free Finnish CA) CSC has a framework agreement with Sonera CA  Federation metadata management: SWITCH’s Resource Registry We (the operator) use it internally only  WAYF: going to migrate to the PHP WAYF of SWITCH To be placed in a commercial High Availability machineroom with 24x7 monitoring

6 Haka is a service provided to the institutions by CSC (”the operator”) Federation partners Operator Federation members CSC – scientific computing ltd Central AAI services IdPPalvelu IdPPalvelu IdPSP Advisory comm.Operations comm.

7 Haka federation and privacy  In Finland, Personal data act implements the data protection directive  Only relevant attributes are released to a SP When a new SP is registered to the federation, the SP provides a list of necessary attributes to the operator The operator constructs the site-ARP and distributes it to IdPs as part of the federation metadata  IdP asks user’s consent for attribute release beforehand After Shib IdP authenticates the user, before s/he is redirected back to the SP  To make the consent informed, the Privacy Policy of the SP is provided to the user The operator has a centralised service that gathers links to the Privacy Policies of the SPs in the federation IdP may use a redirection service with a simple interface https://haka.funet.fi/cgi-bin/privacypolicy?providerid=..

8 Resource categories so far 1.Library services  The library management system (Voyager), the library portal (Metalib), the digital content repository (Encompass, work in progress)  The content providers (work in progress) 2.eLearning services  Learning management systems (Moodle, A&O, Optima)  Electronic application form for becoming a visiting student in another Finnish university (www.joopas.fi) 3.Nationally provided services  CSC’s extranet services to researchers  Research funding application form (work in progress) 4.ASP services in the administration of the institution  Circulation of travel expence reports & incoming invoices (work in progress)  HR software/Employee self-service (work-in-progress)

9 Haka federation and the quality of institutional identity management  High-quality institutional identity management is a necessity for an IdP joining Haka The typical problem: accounts not closed as students/employees leave the organisation Best practice: link the IdP’s user database to student&HR registry  When a new IdP is being registered to the federation, the institution makes an IdM self-audit The operator checks that the minimum requirement is fulfilled

10 Supporting institutions to improve IdM: ”School in user administration”  CSC’s workshop of 3 days for staff in IT departments in HEIs  1 st day 1/2005 -Theory, best practices, commercial/open source products… -First homework: evaluate your current institutional IdM 2 nd day 5/2005 -homeworks gone through -The concept of an identity federation introduced -Second homework: set target for your institutional IdM 3 rd day 11/2005 -Again, homeworks gone through -More best practices and products…

11 Future Challenges  Shibboleth/SAML 2.0  Focus from new IdPs to new SPs  Monitoring, reporting and configuration management  Trying to catalyse commercial companies to provide IdP hosting for small institutions  More ASP services  Cross-national confederation

12 More Information  http://www.csc.fi/suomi/funet/middleware/english/  TNC’05 conference paper “Organising Federated Identity in Finnish Higher Education”, available: http://www.terena.nl/conferences/tnc2005/programme/p resentations/show.php?pres_id=77

Download ppt "CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science"

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Federation management A mess? 9.4.2008 Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.

Federation management A mess? Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.
Resource Entitlement Management System Manne Miettinen Mikael Linden Janne Lauros CSC – IT Center for Science.

Resource Entitlement Management System Manne Miettinen Mikael Linden Janne Lauros CSC – IT Center for Science.
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.

5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Kalmar Union 15.1.2008 Mikael Linden CSC, the Finnish IT Center for Science.

Kalmar Union Mikael Linden CSC, the Finnish IT Center for Science.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.

UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.
CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. The Language Bank of Finland User Authentication and Authorization Service https://aai.csc.fi/

CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. The Language Bank of Finland User Authentication and Authorization Service
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
CSC Grid Activities Arto Teräs HIP Research Seminar February 18th 2005.

CSC Grid Activities Arto Teräs HIP Research Seminar February 18th 2005.
Refeds federation survey update Theme of the day: Campus Identity Management TF-EMC2 Umeå 9th Jul 2008 CSC, the Finnish IT Center.

Refeds federation survey update Theme of the day: Campus Identity Management TF-EMC2 Umeå 9th Jul 2008 CSC, the Finnish IT Center.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
AAI with simpleSAMLphp

AAI with simpleSAMLphp
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
Feide is a identity management system on a national level for the educational sector in Norway. Federated Electronic Identity for Norwegian Education Tromsø,

Feide is a identity management system on a national level for the educational sector in Norway. Federated Electronic Identity for Norwegian Education Tromsø,
AAF Middleware update February16 2012 Presented by Terry Smith Technical Manager and Heath Marks Manager.

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.

Similar presentations

Ads by Google