Presentation is loading. Please wait.

Presentation is loading. Please wait.

Federations and Higher Education. Topics  Federations: What they may be and where they may fit The theory The practice: first instantiations –Ice9: Shibboleth.

Published byValerie Barton Modified over 9 years ago

Similar presentations

Presentation on theme: "Federations and Higher Education. Topics  Federations: What they may be and where they may fit The theory The practice: first instantiations –Ice9: Shibboleth."— Presentation transcript:

1 Federations and Higher Education

2 Topics  Federations: What they may be and where they may fit The theory The practice: first instantiations –Ice9: Shibboleth and Liberty FOO  Federations in Gov  Federations in the Business Community  InCommon Discussion Mission Key Early Issues –Membership and affiliations –Process for governance and direction –When and how to change the wings CREN CA relationship

3 VidMid-VC Scenario [1] Resource Discovery  Origin user initiates VC session by selecting from: Local directory (“White Pages”), or Federated directory(s), or Drop-down list of frequent targets –Directory-enabled -- always up to date  Target user entry denotes client capability(s): H.323 SIP Voice

4 VidMid-VC Scenario [1a] Resource Discovery  GUI tools to enable user to manage their location to receive VC, e.g.: For the next 90 minutes I will be in Conf. Room B, if anyone tries to reach me For the next 4 hours I will be at 192.168.1.244, if Jane Doe, Bob Smith, or Alice Jones tries to reach me. All others should be notified that I will be available for VC at my own station at 14:00 today. I want calls from Prof. Jones from the Medical School to be encrypted

5 VidMid-VC Scenario [2] Authentication  Utilize user’s authentication credential from their “home” security domain  On the target side, pop-up window appears on workstation, reading: Jane Doe from Penn State U. is attempting to initiate a videoconference with you, and Penn State U. asserts that this is in fact Jane Doe. Would you like to accept the call? [Yes] [No]  Needed: ability to utilize credentials received from local security domain, and pass them as needed to Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs) as needed

6 VidMid-VC Scenario [3] Authorization  Management tools to control access to VC based on role and/or location. E.g.: Dormitory student users not permitted to VC between 08:00–17:00 Mon-Fri Math Dept. Admin Asst. permitted to initiate VC on behalf of faculty/staff at any time. Only faculty/staff users permitted to exceed 384 Kbps Faculty is allowed to set up a multipoint conference call GUI tools to enable user to manage their location to receive VC Only faculty/staff users permitted to exceed 384 Kbps Faculty is allowed to set up a multipoint conference call  Need clients enabled to be controlled based on user role and/or device location, or other attributes

Download ppt "Federations and Higher Education. Topics  Federations: What they may be and where they may fit The theory The practice: first instantiations –Ice9: Shibboleth."

Similar presentations

Secure Videoconferencing Jill Gemmill, UAB. Room for Improvement… Videoconferencing applications today No resource discovery – need to already know address.

Secure Videoconferencing Jill Gemmill, UAB. Room for Improvement… Videoconferencing applications today No resource discovery – need to already know address.
802.1AF - directions define requirements to find and create connections in terms of Discovery - Authentication - Enable 1.Discover of what can be done.

802.1AF - directions define requirements to find and create connections in terms of Discovery - Authentication - Enable 1.Discover of what can be done.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.

EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.

 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
Understanding Active Directory

Understanding Active Directory
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Www.incommon.org InCommon and Federated Identity Management 1 www.incommon.org.

InCommon and Federated Identity Management 1
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.

Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.

June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.
Shibboleth Update a.k.a. “shibble-ware”

Shibboleth Update a.k.a. “shibble-ware”
SIM402. Kerberos, NTLM, Basic, Digest, Forms?

SIM402. Kerberos, NTLM, Basic, Digest, Forms?
The Rise of Collaborative Tools Ken Klingenstein Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado at Boulder.

The Rise of Collaborative Tools Ken Klingenstein Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado at Boulder.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.

Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George.

National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George.

Similar presentations

Ads by Google