Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kalmar Union, a Conferedation of Nordic Identity Federations TNC2009 Mikael Linden, CSC Andreas Solberg, UNINETT.

Published byThomas Morris Modified over 9 years ago

Similar presentations

Presentation on theme: "Kalmar Union, a Conferedation of Nordic Identity Federations TNC2009 Mikael Linden, CSC Andreas Solberg, UNINETT."— Presentation transcript:

1 Kalmar Union, a Conferedation of Nordic Identity Federations TNC2009 Mikael Linden, CSC Andreas Solberg, UNINETT

2 What is a confederation Most academic federations cover one country FEIDE in Norway SWAMID in Sweden Haka in Finland WAYF in Denmark and Iceland To enable cross-federation use of resources the federations need to be bridged together => a confederation is a federation of federations

3 Confederation use cases Research collaboration – Cross-national research groups Research Infrastructure – Shared infrastructure => economics of scale Learning collaboration – Cross-national courses, LMS Licensed content – Library article databases etc

4 Juridical Shape of Kalmar Union Joining feds sign a Memorandum of Understanding and Charter – Not fully binding, lowers threshold to join Joining federations remain independent – IdPs&SPs join always a national federation Focuses on privacy issues Liability excluded No invoicing (money not moving between feds)

5 Data protection in Kalmar Union Attribute release between security domains – privacy even more important Following the Data protection directive – Only relevant attributes released from IdP to SP – End user is informed on attribute release – End user consents to attribute release

6 Metadata aggregation

7 Technical set-up WAYF Haka SWAMID FEIDE Haka SWAMID FEIDE WAYF Univ of Helsinki Univ of Turku Univ of Uppsala Univ of Umeå Univ of Oslo Univ of Bergen Univ of Iceland Univ of Copenhagen Univ of Aarhus CSC: supercomputer SP NMS in i ICT: Moodle SP Univ of Uppsala: LMS SP Univ of Umeå: wiki SP Uninett: Foodle SP NorduGrid: SLCS SP Ordbogen.com SP NIAS: AsiaPortal SP Kalmar metadata aggregate IdP SAML2 end-to-end Central Aggregate shares SAML2 metadata

8 National aggregate

9 Entity descriptors

10 How to use SAML Software: – As of now: Shibboleth and simpleSAMLphp SAML 2.0 Interoperable Deployment Profile: – http://rnd.feide.no/documents/saml2simple.html http://rnd.feide.no/documents/saml2simple.html - HTTP-Redirect in request, POST in response – Encryption: either SSL or encrypted assertions SAML2 Metadata interoperability profile – Embedded certificates, no PKIX.

11 Optional Kalmar features Centralized SAML 2.0 Discovery Service Shibboleth ARP file generation

12 Homework: federation harmonisation Harmonise attributes – mandatory attributes – semantics of attributes especially: attributes for authorisation – unique identifiers Campus Identity Management requirements – The floor for IdM quality in the IdP side Usability and user experience SAML 2.0 profile Federation business models – The fee for ”external” SPs joining a federation

13 Conclusions It is possible and there are use cases Start with policy, then go to implementation We showed bridging elements are not needed, just use SAML2.0 end to end Harmonisation of participating federations is recommended to make it easier to confederate

14 www.kalmar2.org A full paper is uploaded to the conference web site

Download ppt "Kalmar Union, a Conferedation of Nordic Identity Federations TNC2009 Mikael Linden, CSC Andreas Solberg, UNINETT."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Federation management A mess? 9.4.2008 Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.

Federation management A mess? Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki 2.10.2013 Mikael Linden, CSC – IT Center for Science

Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki Mikael Linden, CSC – IT Center for Science
Resource Entitlement Management System Manne Miettinen Mikael Linden Janne Lauros CSC – IT Center for Science.

Resource Entitlement Management System Manne Miettinen Mikael Linden Janne Lauros CSC – IT Center for Science.
EduGAIN – Are we there yet? Lukas Hämmerle (ghost writer, Brook Schofield) FIM4R, Helsinki – 2 October 2013.

EduGAIN – Are we there yet? Lukas Hämmerle (ghost writer, Brook Schofield) FIM4R, Helsinki – 2 October 2013.
5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.

5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Kalmar Union 15.1.2008 Mikael Linden CSC, the Finnish IT Center for Science.

Kalmar Union Mikael Linden CSC, the Finnish IT Center for Science.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna 17-18 Oct 2011

Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
AAI with simpleSAMLphp

AAI with simpleSAMLphp
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science

CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science
Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service 2012-02-27 Federated Identity Systems.

Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.
SAML Right Here, Right Now Hal Lockhart September 25, 2012.

SAML Right Here, Right Now Hal Lockhart September 25, 2012.

Similar presentations

Ads by Google