Download presentation
Presentation is loading. Please wait.
Published byThomas Morris Modified over 9 years ago
1
Kalmar Union, a Conferedation of Nordic Identity Federations TNC2009 Mikael Linden, CSC Andreas Solberg, UNINETT
2
What is a confederation Most academic federations cover one country FEIDE in Norway SWAMID in Sweden Haka in Finland WAYF in Denmark and Iceland To enable cross-federation use of resources the federations need to be bridged together => a confederation is a federation of federations
3
Confederation use cases Research collaboration – Cross-national research groups Research Infrastructure – Shared infrastructure => economics of scale Learning collaboration – Cross-national courses, LMS Licensed content – Library article databases etc
4
Juridical Shape of Kalmar Union Joining feds sign a Memorandum of Understanding and Charter – Not fully binding, lowers threshold to join Joining federations remain independent – IdPs&SPs join always a national federation Focuses on privacy issues Liability excluded No invoicing (money not moving between feds)
5
Data protection in Kalmar Union Attribute release between security domains – privacy even more important Following the Data protection directive – Only relevant attributes released from IdP to SP – End user is informed on attribute release – End user consents to attribute release
6
Metadata aggregation
7
Technical set-up WAYF Haka SWAMID FEIDE Haka SWAMID FEIDE WAYF Univ of Helsinki Univ of Turku Univ of Uppsala Univ of Umeå Univ of Oslo Univ of Bergen Univ of Iceland Univ of Copenhagen Univ of Aarhus CSC: supercomputer SP NMS in i ICT: Moodle SP Univ of Uppsala: LMS SP Univ of Umeå: wiki SP Uninett: Foodle SP NorduGrid: SLCS SP Ordbogen.com SP NIAS: AsiaPortal SP Kalmar metadata aggregate IdP SAML2 end-to-end Central Aggregate shares SAML2 metadata
8
National aggregate
9
Entity descriptors
10
How to use SAML Software: – As of now: Shibboleth and simpleSAMLphp SAML 2.0 Interoperable Deployment Profile: – http://rnd.feide.no/documents/saml2simple.html http://rnd.feide.no/documents/saml2simple.html - HTTP-Redirect in request, POST in response – Encryption: either SSL or encrypted assertions SAML2 Metadata interoperability profile – Embedded certificates, no PKIX.
11
Optional Kalmar features Centralized SAML 2.0 Discovery Service Shibboleth ARP file generation
12
Homework: federation harmonisation Harmonise attributes – mandatory attributes – semantics of attributes especially: attributes for authorisation – unique identifiers Campus Identity Management requirements – The floor for IdM quality in the IdP side Usability and user experience SAML 2.0 profile Federation business models – The fee for ”external” SPs joining a federation
13
Conclusions It is possible and there are use cases Start with policy, then go to implementation We showed bridging elements are not needed, just use SAML2.0 end to end Harmonisation of participating federations is recommended to make it easier to confederate
14
www.kalmar2.org A full paper is uploaded to the conference web site
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.