Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stuff, including interfederation stuff Dr Ken Klingenstein, Director, Middleware and Security, Internet2.

Similar presentations


Presentation on theme: "Stuff, including interfederation stuff Dr Ken Klingenstein, Director, Middleware and Security, Internet2."— Presentation transcript:

1 Stuff, including interfederation stuff Dr Ken Klingenstein, Director, Middleware and Security, Internet2

2 kjk@internet2.edu Topics InCommon Growth ISOC and Attributes NSTIC (and FICAM) Interfederation Federation Risk Assessment Gap Analysis

3 kjk@internet2.edu Growth

4 kjk@internet2.edu ISOC and Attribute Infrastructure Workshop held March 12, 2012 in DC as follow-up to workshop in Amsterdam in December. Outcomes include Planning for attribute registries Name space registries Good attribute design principles document Attributes of attributes Quality (LOA) of attributes Managing the marketplace

5 kjk@internet2.edu NSTIC and FICAM NSTIC is an initiative, intended to foster the Identity Ecosystem and the US Government’s participation in it. Works with agencies, IdP’s, standards and advocacy groups, etc. Pilot programs this fall FICAM is an operational service, setting standards (LOA, privacy, etc) and certifying compliance

6 kjk@internet2.edu Interfederation The use cases The theory and the practice Gap analysis

7 kjk@internet2.edu The use cases Between R&E feds (contacts in Turkey, Middle East and India urgently needed) Between.gov fed and InCommon With K-12 fed With OIX fed

8 kjk@internet2.edu Theory and practice In theory, there is no difference between practice and theory; in practice there is. Interfederation has several steps Ad hoc interfeds today and soon PEER to exchange metadata True interfederation

9 kjk@internet2.edu Federation Manager Risk Assessment Assesses risks in the full metadata process Internal ops Vetting of enterprise Security of metadata supply chain in organization Authentication Delegation https://spaces.internet2.edu/display/InCCollaborate/Fe deration+Manager+Authentication+Risk+Assessmenthttps://spaces.internet2.edu/display/InCCollaborate/Fe deration+Manager+Authentication+Risk+Assessment Immediate consequences in 2FA metadata submission

10 kjk@internet2.edu Buckets of interfed issues Exchange of metadata Policy alignment Alignment of payloads (attributes) Operational issues

11 kjk@internet2.edu Short-term and long-term A few high-level distinctions between the short-term and long-term approaches to the meeting these needs: Short-term, the flow of metadata for interfederation and the flow of trust in the values being asserted in the metadata are the same – member to federation to another federation to its members. Long-term, the flow of metadata and the flow of trust in the values within the metadata may diverge, allowing an ecosystem of other “vetters” of application or end-entity characteristics. Short-term, a limited set of widely used attributes (eduPerson, Shac) enables almost all essential needs. Long-term, richer attributes will require some mapping approaches, as well as interfederation coordination of names, identifiers, etc. Short-term, almost all operational aspects are handled on a case by case basis. Long-term, operational standards will be needed for effective use and best practices.

12 kjk@internet2.edu Alignment of policies to enable trust in the metadata being exchanged How the federation manages verification of both the organizations and their (perhaps delegated) authorized submitters (the FOP) How does the federation manage verification of other richer end-entity attributes it asserts, such as classification of applications (e.g. R&S), recommended attribute release policies, etc. How the federation operates, in terms of signing metadata approaches, legal status, etc. Aligning the LOA at basic and higher levels for authentication Aligning the relationships between IdP and SP when they are not in the same federation Direct contracts should govern where applicable If the contractual flow is member to fed, and then across interfed to an SP in another…

13 kjk@internet2.edu Interfed gap analysis Technical Interfed discovery Metadata sharing Aligned attribute bundles Policy


Download ppt "Stuff, including interfederation stuff Dr Ken Klingenstein, Director, Middleware and Security, Internet2."

Similar presentations


Ads by Google