Presentation is loading. Please wait.

Presentation is loading. Please wait.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Published byDinah Henry Modified over 9 years ago

Similar presentations

Presentation on theme: "Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014."— Presentation transcript:

1 Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014

2 Agenda Presentation of Belnet R&E federation IdPs / SPs / DS Technical framework eduGAIN Belnet Federation services Antispam Pro Mconf Filesender Viabel.net Personal Certificate 12/06/2014Workshop Belnet R&E Federation 2

3 Belnet R&E Federation

4 4 What is a federation? Why a federation? “Evolving to streamlined access for web services” 12/06/2014Workshop Belnet R&E Federation 4

5 What is a federation? “A federation is an association of organizations that use a common set of attributes, practices and policies to exchange information about their users and resources in order to enable collaboration and transactions” (www.Incommon.org, Internet2, 2012) 12/06/2014Workshop Belnet R&E Federation 5

6 6 What is Belnet R&E Federation Identity & Access Management Research & Education Community Identity Providers Federated Partners CommercialNon-profit Government Agencies Other Federations Service Providers 12/06/2014Workshop Belnet R&E Federation 6

7 7 What is Belnet R&E Federation 7 Identity & Access Management Research & Education Community Identity Providers Federated Partners Service Providers Administration? Legal? Technical? Trusted Mediator 12/06/2014Workshop Belnet R&E Federation 7

8 8 What is Belnet R&E Federation 8 Identity & Access Management Research & Education Community Identity Providers Federated Partners Service Providers Trusted Mediator 12/06/2014Workshop Belnet R&E Federation 8

9 9 Why use a federation? - Philosophy - Technical aspect Let us briefly go back in time, when: - users were still new to the network - security & privacy concerns were minimal Why: Belnet R&E Federation 12/06/2014Workshop Belnet R&E Federation 9

10 LAN 10 Why: Belnet R&E Federation User = john Pwd = abc123 User = jane Pwd = abc456 User = jdoe1 Pwd = def123 User = jdoe2 Pwd = def456 User = johndoe Pwd = ghi123 User = jd456 Pwd = jkl123 User = john456 Pwd = mno123 User = jd123 Pwd = pqr123 User = jdoe Pwd = ghi456 User = jd123 Pwd = jkl456 User = jane123 Pwd = mno456 User = jd456 Pwd = pqr456 1991 12/06/2014Workshop Belnet R&E Federation 10

11 11 Why: Belnet R&E Federation User = john Pwd = abc123 Birth date Home address … User = jdoe Pwd = def123 Birth date Home address … User = john Pwd = abc123 Birth date Home address User = jdoe Pwd = def123 Birth date Home address User = jdoe Pwd = def123 Birth date User = john Pwd = abc123 Birth date 12/06/2014Workshop Belnet R&E Federation 11

12 12 Why: Belnet R&E Federation 2001 12/06/2014Workshop Belnet R&E Federation 12

13 13 Why: Belnet R&E Federation Identity & Access Management Role- Based Acces Control Add Mod Del One account & password per user 2001 12/06/2014Workshop Belnet R&E Federation 13

14 The Cloud 14 Why: Belnet R&E Federation Software as a Service 2014 2014 or 1991? User = john Pwd = abc123 User = jane Pwd = abc456 User = jdoe1 Pwd = def123 User = jdoe2 Pwd = def456 User = johndoe Pwd = ghi123 User = jd456 Pwd = jkl123 User = john456 Pwd = mno123 User = jd123 Pwd = pqr123 User = jdoe Pwd = ghi456 User = jd123 Pwd = jkl456 User = jane123 Pwd = mno456 User = jd456 Pwd = pqr456 12/06/2014Workshop Belnet R&E Federation 14

15 15 Why: Belnet R&E Federation 15 Identity & Access Management Service Provider 1 Service Provider 2 Identity Provider 1 Identity Provider 2 One agreement One language: SAML2 1-time setup 1-time setup “Evolving to streamlined access for web services” One account & password per user Identity & Access Management 12/06/2014Workshop Belnet R&E Federation 15

16 In short: without federation 12/06/2014Workshop Belnet R&E Federation 16

17 In short: with federation 12/06/2014Workshop Belnet R&E Federation 17

18 Actors of a federation

19 Identity Providers Workshop Belnet R&E Federation12/06/2014 19

20 Service Providers 12/06/2014Workshop Belnet R&E Federation 20

21 Service Providers Workshop Belnet R&E Federation12/06/2014 21

22 Discovery service Workshop Belnet R&E Federation12/06/2014 22

23 Benefits For IdP: Access to wider range of services than available locally No extra administrative burden if you are already participating in a federation One user name and password For SP: Grow your audience Lower costs per user No local user database 12/06/2014Workshop Belnet R&E Federation 23

24 Technical framework

25 Software Components Identity Provider –Hosted on systems of organisation –Shibboleth IdP –simpleSAMLphp –Verifies user’s credentials (username/password): Bridge between Federation and user database –Knows user attributes, implements the attribute release policy 12/06/2014Workshop Belnet R&E Federation 25

26 Software Components Service Provider –Shibboleth SP –simpleSAMLphp –Integrates with IIS and/or Apache 12/06/2014Workshop Belnet R&E Federation 26

27 Attributes  All relevant information about user: −Name, First name, date of birth, … −Role (student, staff, alumni, …) −Email address, anonymized ID, …  Stored on LDAP or AD  Attribute Release Policy −Only a few attributes required to join the Federation −The IdP decides how and to whom to release attributes −Respect of the privacy of users 12/06/2014Workshop Belnet R&E Federation 27

28 Authentication process Identity Provider Service Provider User 1 2 3 4 5 6 7 8 12/06/2014Workshop Belnet R&E Federation 28

29 Authentication process 12/06/2014Workshop Belnet R&E Federation 29

30 Standardization : SAML2 SAML 2.0 standardized since 2005 −OASISXMLstandard −Using XML digital signature and encryption Implementations used in other R&E federations: −Shibboleth (supports SAML 2.0 since version 2) −Shibboleth IdP (Java/Tomcat) −Shibboleth SP (C++, integrates well with Apache) −simpleSAMLphp −One distribution for both IdP and SP −More than just SAML: Facebook, Twitter, OpenID, … −Supports 'user consent' out of the box 12/06/2014Workshop Belnet R&E Federation 30

31 Standardization : SAML2 Other Federation implementations −Microsoft ADFS 2.0 (with some limitations: see microsoft doc) −PingFederate −IBM & Oracle products 12/06/2014Workshop Belnet R&E Federation 31

32 Metadata What's in the metadata −Mandatory! −Who are the IdPs? −Who are the SPs? −What are their URLs and certificates −Organisation and Technical Contact 12/06/2014Workshop Belnet R&E Federation 32

33 Metadata Entity metadata vs. Federation metadata −Entity metadata: −for single IdP or SP −Federation metadata: −aggregation of entity metadata −for all IdPs and SPs in the Federation 12/06/2014Workshop Belnet R&E Federation 33

34 eduGAIN

35 12/06/2014Workshop Belnet R&E Federation35

36 eduGAIN Interconnecting federations Metadata Service : aggregates and pushes 12/06/2014Workshop Belnet R&E Federation 36

37 eduGAIN Extends the portfolio of services Extends the audience To get access to eduGAIN, you need to request it 12/06/2014Workshop Belnet R&E Federation 37

38 Belnet Federation services

39 Antispam Pro 12/06/2014Workshop Belnet R&E Federation 39

40 Antispam Pro Cloud-based –Data/servers are in Belgium @ Belnet (trust) Flexible –Easy user management and delegation –Customizable Complete –Inbound and outbound –Antispam and Antivirus –Reporting 12/06/2014Workshop Belnet R&E Federation 40

41 Mconf Collaborative web interface with public/private space. Recently added to the Federation Go ahead and use it 12/06/2014Workshop Belnet R&E Federation41

42 Mconf @ Belnet 12/06/2014Workshop Belnet R&E Federation42

43 Mconf Give us your feedback via mconf@belnet.bemconf@belnet.be Not a Belnet service Limited support 12/06/2014Workshop Belnet R&E Federation43

44 FileSender Sends e-mail with big files attached From the members of the R&E Federation To any recipient 12/06/2014Workshop Belnet R&E Federation 44

45 FileSender 12/06/2014Workshop Belnet R&E Federation 45

46 Viabel.net 12/06/2014Workshop Belnet R&E Federation 46

47 Personal Certificates 12/06/2014Workshop Belnet R&E Federation 47

48 Q&A

Download ppt "Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Europe Latin America Collaborative e ‑ Infrastructure for Research Activities A Model for Federated Services Brook Schofield, TERENA ● Sofia, Bulgaria.

Europe Latin America Collaborative e ‑ Infrastructure for Research Activities A Model for Federated Services Brook Schofield, TERENA ● Sofia, Bulgaria.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Belnet Antispam Pro A practical example Belnet – Aris Adamantiadis BNC – 24 November 2011.

Belnet Antispam Pro A practical example Belnet – Aris Adamantiadis BNC – 24 November 2011.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
AAI with simpleSAMLphp

AAI with simpleSAMLphp
ESA EO Federated Identity Management Initiatives A. Baldi ESA: M. Leonardi RHEA:

ESA EO Federated Identity Management Initiatives A. Baldi ESA: M. Leonardi RHEA:
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
EduGAIN Code of Conduct Workshop, 2012-02-09, Brussels GEANT eduGAIN Data Protection Code of Conduct Workshop Dieter Van Uytvanck

EduGAIN Code of Conduct Workshop, , Brussels GEANT eduGAIN Data Protection "Code of Conduct" Workshop Dieter Van Uytvanck
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
The InCommon Federation The U.S. Access and Identity Management Federation www.incommon.org.

The InCommon Federation The U.S. Access and Identity Management Federation
I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.

I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.

Similar presentations

Ads by Google