Presentation is loading. Please wait.

Presentation is loading. Please wait.

Growth and Change in Federations and What This Means for Supporting Technologies Nick Roy and Chris Phillips

Published byTodd Turner Modified over 9 years ago

Similar presentations

Presentation on theme: "Growth and Change in Federations and What This Means for Supporting Technologies Nick Roy and Chris Phillips"— Presentation transcript:

1 Growth and Change in Federations and What This Means for Supporting Technologies Nick Roy and Chris Phillips nroy@internet2.edu nroy@internet2.edu, chris.phillips@canarie.ca chris.phillips@canarie.ca REFEDS at Internet2 TechEx 2015.10.04

2 Agenda: ✧ Tech landscape, continuing the discussion ✧ What is happening in N. America? ✧ Exploring Next Steps 2

3 Context Goal: Stay current while meeting the needs of our community Safely and securely Effectively and efficiently In a scalable fashion

4 2015Q3 IdP Tech Profile (simplified) References: Original data: https://spaces.internet2.edu/display/altidp/Alternative+IdP+Strategies+and+Assessment+Criteriahttps://spaces.internet2.edu/display/altidp/Alternative+IdP+Strategies+and+Assessment+Criteria ADFS: http://www.cloudidentity.com/blog/2015/08/21/openid-connect-web-sign-on-with-adfs-in-windows-server-2016-tp3/

5 Observations ✧ Shibboleth still the ‘reference platform for Federated SSO’ ➢ Shibboleth makes up ~80% of 1828 IdP deployments as of Jul 16, 2015[1] ➢ Understanding features for next 6-18 months will be key ✧ ADFS practically everywhere, but lacks features. ➢ Driven by Active Directory & O365/Azure requirement. ➢ Downside/Upside: ADFS has classically not met functional points Upside: change is happening (see previous link:2016TP3) ✧ SSP still current ➢ Installation is more lightweight ➢ Both SP/IdP in same code base ➢ Others may speak more authoritatively on this. [1] https://spaces.internet2.edu/display/InCFederation/Global+Shib+IdP+Deploymentshttps://spaces.internet2.edu/display/InCFederation/Global+Shib+IdP+Deployments

6 Additional Data Points

7 New IdP Platforms Emerging ✧ Ellucian * building an embedded IdP offering ➢ Partnered with WSO2[1] ➢ Guidance on implementation offered by inCommon[2] ➢ Could be a significant gain if done well. * Ellucian is an ERP vendor with many installs in Higher ed that manages Banner/SCT [1] http://www.ellucian.com/News/Ellucian-Announces-New-Single-Sign-On-Identity-Management-Service/ http://www.ellucian.com/News/Ellucian-Announces-New-Single-Sign-On-Identity-Management-Service/ [2] http://walterhoehn.com/dl/SAML-Impl-Profile/rendered/main.htmlhttp://walterhoehn.com/dl/SAML-Impl-Profile/rendered/main.html

8 InCommon Metadata Growing ✧ The “Steward Model” ➢ Allowing regional networks to act as InCommon registrars for their connected constituent orgs ➢ An outcome of “The Quilt” consortium discussions ➢ MCNC will be the pilot for this ✧ eduGAIN ➢ Phased Opt-Out for IdPs (~400 entities) ➢ Opt-In for SPs ➢ Planned over the next 12 months

9 Aggregate Size Implications Catching Up ✧ Monolithic metadata is unsustainable longterm ➢ REFEDS MDQ work seen as key ➢ InCommon is working toward production support due to critical need ✧ Symptoms of the problem ➢ Shibboleth & SSP have difficulty with signature validation rapid growth in memory usage and time to validate Current response of increase RAM buys time, but for how long? – Long enough to solve problem or introduce MDQ?

10 Entity Categories Key for Attribute Release ✧ Entity Categories critical to enabling attribute release ➢ Instrumental to handling attribute release at scale ➢ Unfortunately not universally enabled across tool space

11 Interpretations & Thoughts

12 Fill the Information Vaccuum ✧ Ellucian is where Microsoft was a few years ago but has the benefit of our insight from us because they asked. ✧ Microsoft only worked from spec and what they thought their customer needs were. ➢ We weren’t vocal or consulted as well as we could have been. ➢ Spec and written authoritative material key. ✧ Material with gaps between Spec and practice: ➢ OASIS ➢ SAML2Int.org ✧ Actions that may improve things ➢ Updating SAML2Int.org to be more robust Complement it with inCommon authored doc? ➢ Capitalize and act on IETF stream Migrate IETF documents (somehow) from personal submissions to a more firm posture Will vendors implement spec under an individual submission? Unlikely? Insight welcome. ➢ Does Kantara have a role here too?

13 Improve on Communicating Technical Needs ✧ Speak up for product features for prioritization. ➢ Different teams have different resourcing models and need to hear from us on what is important. ➢ Otherwise, they will only choose what matters to them. ✧ Case in point: ➢ ADFS is near ubiquitous, but not so good on matching our needs ✧ Understanding team constraints key & ➢ Time constrained? ➢ Resource constrained? ➢ Can we somehow assist?

14 Where To Continue This Dialog?

Download ppt "Growth and Change in Federations and What This Means for Supporting Technologies Nick Roy and Chris Phillips"

Similar presentations

Personalising learning Bernie Zakary, Head of Curriculum and Assessment, Becta BETT 08 Wednesday, 9 January 2008.

Personalising learning Bernie Zakary, Head of Curriculum and Assessment, Becta BETT 08 Wednesday, 9 January 2008.
DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
The Changing Role of the Technologist as Higher Ed Embraces the Cloud Michele Decker, University of Notre Dame Jacob Farmer, Indiana University Derek D.

The Changing Role of the Technologist as Higher Ed Embraces the Cloud Michele Decker, University of Notre Dame Jacob Farmer, Indiana University Derek D.
Agile Architecture Prabhu Venkatesan for COMP-684.

Agile Architecture Prabhu Venkatesan for COMP-684.
Unleash the Power of Collaboration With Peer Coaching Shelee King George.

Unleash the Power of Collaboration With Peer Coaching Shelee King George.
We all know the world is changing… Upgrades may break apps We need sufficient time to test Our key software vendors need time to test & issue statements.

We all know the world is changing… Upgrades may break apps We need sufficient time to test Our key software vendors need time to test & issue statements.
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
Shibboleth and InCommon Copyright Texas A&M University 2008. This work is the intellectual property of the author. Permission is granted for this material.

Shibboleth and InCommon Copyright Texas A&M University This work is the intellectual property of the author. Permission is granted for this material.
Www.regoconsulting.comPhone: 1-888-813-0444 Optimizing Your Clarity Support Team.

Optimizing Your Clarity Support Team.
MICROSOFT AZURE ISV PROFILE: BUYING BUTLER LTD Our free concierge buying service makes complex purchases easy. Our first category is cars: We help consumers.

MICROSOFT AZURE ISV PROFILE: BUYING BUTLER LTD Our free concierge buying service makes complex purchases easy. Our first category is cars: We help consumers.
Problems with reuse – Increased maintenance costs; lack of tool support; not-invented- here syndrome; creating, maintaining, and using a component library.

Problems with reuse – Increased maintenance costs; lack of tool support; not-invented- here syndrome; creating, maintaining, and using a component library.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
SOFTWARE AND VENDOR SELECTION

SOFTWARE AND VENDOR SELECTION
OFC 200 Microsoft Solution Accelerator for Intranets Scott Fynn Microsoft Consulting Services National Practices.

OFC 200 Microsoft Solution Accelerator for Intranets Scott Fynn Microsoft Consulting Services National Practices.
Using the Powerful Microsoft Azure Platform, e-SUAP Properly and Securely Manages All Steps for Customizable Business Activities Permissions MICROSOFT.

Using the Powerful Microsoft Azure Platform, e-SUAP Properly and Securely Manages All Steps for Customizable Business Activities Permissions MICROSOFT.
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.

Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Java Net Project BUS517 Project Management September 12, 2012 1.

Java Net Project BUS517 Project Management September 12,
InCommon as Infrastructure: How Recommended Practices and Federation Features Help Scale Federated Identity Management Michael R. Gettes, Carnegie Mellon.

InCommon as Infrastructure: How Recommended Practices and Federation Features Help Scale Federated Identity Management Michael R. Gettes, Carnegie Mellon.
SAML Right Here, Right Now Hal Lockhart September 25, 2012.

SAML Right Here, Right Now Hal Lockhart September 25, 2012.

Similar presentations

Ads by Google