Presentation is loading. Please wait.

Presentation is loading. Please wait.

Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco.

Published byBrent Atkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco."— Presentation transcript:

1 Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco

2 2 Topics Federation and Interfederation US E-Authentication Program and Internet2 USperson schema

3 3 Federations defined created to support community interesting ones are multi-IdP, multi-SP embodies agreements on many levels membership, technology, assurance, key mgt, legal, attributes, privacy, appropriate use, etc facilitates member federated interactions many potential sub-communities and their apps operational support key/config distribution, IdP discovery, etc doesn't preclude non-fed arrangements

4 4 Federations happening i.e., SAML-based (or similar) federations in Europe, natural extension of HE NREN services Switzerland, Finland, Netherlands, UK, Spain, France, etc in US InCommon Federation in higher ed also state-level planning, vertical apps such as student loan management US government E-Authentication Program also much non-fed or pre-fed deployment among fed members

5 5 Interfederation an immediate consequence of federation brand-new federations don't have well-defined boundaries or service scopes it's the Internet, we're all connected many interesting SPs are global, e.g. Elsevier Interfederation workshop, Oct 2004 Upper Slaughter, UK (a nicer walled garden?) many countries, including CERN many agreements on direction, future work

6 6... but it's a nice garden

7 7 Interfederation models parallel universes members simply participate in many if needed consistent with fundamental pairwise nature of app-level relationships scaling, diversity not addressed peering transitive assurance, legal, policy, maybe ops too tight a coupling? league of federations? some historical examples...

8 8 US E-Authentication http://cio.gov/eauthentication for authoritative info facilitates trusted access to e-government e-auth elements credential providers (CSPs), agency apps (AAs) credential assessment framework (CAF), application risk assessment, defined LoAs approved technologies, products (X.509, SAML) e-auth ops: membership, portal (aka “Fed fed”) agency mandates

9 9 InCommon E-Auth alignment promote interop for widespread higher-ed access to USG applications grants process, research support, student loans... process project started Oct 2004, thru Sept 2005 compare federation models propose alignment steps validate with federation members, via concrete application trials implement via next e-auth, InCommon phases

10 10 Alignment points Basic divergence: loose vs tight coupling assurance: facilitated vs guaranteed InCommon participants publish their processes E-auth participants audited, approved by GSA level of assurance is fundamental characteristic membership: IdP-centric vs SP-centric E-auth driven by requirements of e-government AAs InCommon driven by requirements of university CSPs operation: metadata-centric vs portal-centric InCommon-managed metadata supports interaction E-auth portal mediates flow, adds adapation point

11 11 Alignment points 2 user identity: application-supporting attributes vs fixed identifier set InCommon relies on Internet2-defined eduPerson, promotes attribute-based authorization E-Authentication specifies delivery of identifiers technology: SAML and profiles InCommon specifies Shib profile of SAML 1.1 E-authentication specifies extensive profile on top of SAML 1.0 intend to converge on SAML 2.0

12 12 Validation steps universities undergo trial by CAF assess whether compliance is likely across HE U Washington, Penn State, Cornell pretty darned close: 50% all-OK, others do-able deploy access to a real USG app summer 2005 requires E-Auth acceptance of univs as CSPs app will modify existing provisioning process practical feedback to alignment recommendations

13 13 US person motivated by InCommon desire for attribute- based authorization modeled on Internet2 eduPerson spec framework on which agency/app definitions can be built not just SAML generic information model, mapped to LDAP, SAML, XML provisioning ambitious? yes...

Download ppt "Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco."

Similar presentations

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
TFTM 01-06 Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, 2014 1-14-2014IDESG TFTM Committee1.

TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.

Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.
US E-authentication and the Culture of Compliance RL “Bob” Morgan University of Washington CAMP, June 2005.

US E-authentication and the Culture of Compliance RL “Bob” Morgan University of Washington CAMP, June 2005.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.

Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.

The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
Federal Requirements for Credential Assessments Renee Shuey ITS – Penn State February 6, 2007.

Federal Requirements for Credential Assessments Renee Shuey ITS – Penn State February 6, 2007.
Federations and Security: A Multi-level Marketing Scheme Ken Klingenstein Director, Internet2 Middleware and Security.

Federations and Security: A Multi-level Marketing Scheme Ken Klingenstein Director, Internet2 Middleware and Security.
A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.

A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
Federated Security and the Federal Government Ken Klingenstein Director, Internet2 Middleware and Security.

Federated Security and the Federal Government Ken Klingenstein Director, Internet2 Middleware and Security.
The InCommon Federation The U.S. Access and Identity Management Federation www.incommon.org.

The InCommon Federation The U.S. Access and Identity Management Federation

Similar presentations

Ads by Google