Presentation is loading. Please wait.

Presentation is loading. Please wait.

AuEduPerson Schema Schema Derived from: - eduPerson - person [RFC 4517, RFC 4519] - organizationalPerson [RFC 4517, RFC 4519] - inetOrgPerson [RFC 2798]

Published byTerence Fleming Modified over 9 years ago

Similar presentations

Presentation on theme: "AuEduPerson Schema Schema Derived from: - eduPerson - person [RFC 4517, RFC 4519] - organizationalPerson [RFC 4517, RFC 4519] - inetOrgPerson [RFC 2798]"— Presentation transcript:

1 auEduPerson Schema Schema Derived from: - eduPerson - person [RFC 4517, RFC 4519] - organizationalPerson [RFC 4517, RFC 4519] - inetOrgPerson [RFC 2798] - schac - auEduPerson-specific See (Sep-09): https://wiki.caudit.edu.au/confluence/download/attachments/784/auEd uPerson_attribute_vocabulary_v02+1+0.pdf?version=1 https://wiki.caudit.edu.au/confluence/download/attachments/784/auEd uPerson_attribute_vocabulary_v02+1+0.pdf?version=1 REFEDS: 21-Oct-09 1 Alex Reid, AAF & AARNet

2 auEduPerson Schema Standard Vocabulary: auEduPersonAffiliation auEduPerson auEduPersonLegalName auEduPerson auEduPersonSharedTokenauEduPerson eduPersonAffiliation eduPerson eduPersonAssurance eduPerson cn person eduPersonPrimaryAffiliation eduPerson eduPersonPrincipalName eduPerson eduPersonScopedAffiliation eduPerson eduPersonTargetedID eduPerson givenName inetOrgPerson mail inetOrgPerson mobile inetOrgPerson o inetOrgPerson postalAddress organizationalPerson preferredLanguage inetOrgPerson schacGenderschac schacPersonalTitle schac schacPersonalUniqueCode schac schacUserPresenceID schac sn person telephoneNumber person userCertificate inetOrgPerson userSMIMECertificate inetOrgPerson REFEDS: 21-Oct-09 2 Alex Reid, AAF & AARNet

3 auEduPerson Schema Levels of Assurance Attributes Guided by: 1.NeAF: Australian National e-Authentication Framework 2.Liberty Alliance: Identity Assurance Framework v1.1 3.NIST: SP800 63V1_0_2 NIST chosen to align with, as it is the most widely used. However, it is not as definitive as desired, so reference is made to the LA Framework (which has more useful detail, but is subject to review at present). NeAF is still at a formative stage (but provides useful guidance on undertaking a risk assessment analysis). NeAF and LA/Kantara will be kept under review. Two dimensions of LoA are defined: - Identity (or Registration) LoA: levels 1 to 4: eduPersonAssurance - Authentication LoA: levels 1 to 4: SAML AuthenticationMethod REFEDS: 21-Oct-09 3 Alex Reid, AAF & AARNet

4 auEduPerson Schema eduPersonAssurance (Identity or Registration LoA): 1= no identity proofing (but some assurance that this is the same person) 2= possession of some government-issued identity documents 3= detailed verification of valid government-issued picture Id required 4= in-person verification against government-issued picture Id SAML AuthenticationMethod (Authentication LoA): 1= simple passwords 2= password verified through a secure authentication protocol 3= 2-factor authentication through a cryptographic protocol 4= as for 3 but only hard cryptographic tokens allowed NOTE: the above summaries are very much simplified – see Schema document or LA Framework for details (especially as they relate to the difference between in-person & remote identity verification). REFEDS: 21-Oct-09 4 Alex Reid, AAF & AARNet

5 REFEDS: 21-Oct-09Alex Reid, AAF & AARNet5 THIS SLIDE INTENTIONALLY LEFT BLANK

6 Federation Operator CPS Purpose: Establish rules for SAML operation. = SAML Metadata Signing Policy & Aggregation Practice Statement Framework. [cf the way RFC3647 Internet X.509 Public Key Infrastructure Certificate Policy & Certificate Practices Framework is used to manifest trustworthiness in a PKI Federation]. Process: a. Establish small group & set up mailing list, group pages; b. Small group develop draft; c. Submit to REFEDS, ECAM, MACE, TF-EMC2 for comment? d. Small group incorporate feedback; e. Submit to IETF for eventual endorsement? REFEDS: 21-Oct-09 6 Alex Reid, AAF & AARNet

7 Federation Operator CPS Participants: - Rodney McDuff - Andrew Cormack - Victoriano Giralt - Scott Rea (Director of the HE Bridge Certificate Authority (HEBCA) Operating Authority (@ Dartmouth, USA) - Leif Johansson. Corresponding member: Milan Sova. Lurkers: Licia Florio & Alex Reid. Progress: - Members agreed; - Mailing List & Wiki set up; see https://wiki.caudit.edu.au/confluence/display/SMAPS/Homehttps://wiki.caudit.edu.au/confluence/display/SMAPS/Home - Rodney prepared a very preliminary draft; - Scott preparing a fleshing-out of the headings taken from RFC3647; - Andrew to be asked to flesh out policy/legal/audit & Leif the dynamic metadata components. REFEDS: 21-Oct-09 7 Alex Reid, AAF & AARNet

8 Federation Operator CPS Proposed 8 Sections to the Document: 1.Audit (Security & Compliance) 2.ID Proofing 3.Certificate Issuance 4.Certificate Maintenance 5.Personnel (Trusted Roles) 6.Physical & Logical Protection of Hardware 7.Certificate Status & Repository 8.Miscellaneous [derived from RFC3647, so may vary as fleshed out] REFEDS: 21-Oct-09 8 Alex Reid, AAF & AARNet

Download ppt "AuEduPerson Schema Schema Derived from: - eduPerson - person [RFC 4517, RFC 4519] - organizationalPerson [RFC 4517, RFC 4519] - inetOrgPerson [RFC 2798]"

Similar presentations

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.
PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.

PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
X509-bindings-profiles-sep061 Bindings and Profiles for Attribute-based Authz in the Grid Tom Scavo NCSA.

X509-bindings-profiles-sep061 Bindings and Profiles for Attribute-based Authz in the Grid Tom Scavo NCSA.
ANSI/ASQ E Overview Gary L. Johnson U.S. EPA

ANSI/ASQ E Overview Gary L. Johnson U.S. EPA
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.

Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
Council of Australian University Directors of Information Technology Promoting and advancing the use and support of information technology in higher education.

Council of Australian University Directors of Information Technology Promoting and advancing the use and support of information technology in higher education.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.

Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna 17-18 Oct 2011

Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Similar presentations

Ads by Google