Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Federations: Here and Now David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke.

Published byDora Dawson Modified over 8 years ago

Similar presentations

Presentation on theme: "Identity Federations: Here and Now David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke."— Presentation transcript:

1 Identity Federations: Here and Now David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke

2 David L. Wasley2 Agenda Brief Federation overview Higher Ed & Research federations in Europe US Federal eAuthentication federation InCommon: the US Higher Ed federation Inter-federation Q&A

3 David L. Wasley3 Federations Otherwise independent entities that give up a certain degree of autonomy in order to achieve a common set of goals. Working together requires Common way to express meaning Agreed upon ways to convey information Acceptable governance and trust models

4 David L. Wasley4 Identity Federations Authenticate locally Campus or other Identity Service Provider IdP provides trustworthy needed identity information to Resource Providers Part of access management decision Trust established through Federation Operator by means of standards, rules, and participation agreements

5 David L. Wasley5 Federations and Trust Requires common IdP and RP practices Federation governance roles include Establishing the rules Overseeing adherence Degrees of trust may be inherent/useful Allows flexibility in IdP and RP services What happens when trust is violated? Liability and indemnification

6 David L. Wasley6 Not all Federations are the same... Identity federations may have different rules or constraints on identity release For example in Europe... Some may choose to offer on-line services as well, or hold contracts for resources on behalf of members Some are for specific business purposes or industries, etc.

7 David L. Wasley7 And now for some examples...

8 David L. Wasley8 Linking Federations How can federations interoperate? Information models must be compatible Conversion may be difficult Communication protocols Gateways are hard and may break trust models Governance and trust models Must be equivalent at some level

9 David L. Wasley9 Governance & Linking Federations Governance sets community standards May need to enhance or redefine somewhat Must uphold inter-federation agreement Responsible for trust between federations May require stronger role within federation May affect existing participation agreements May incur new liabilities, etc. Federation services might not interoperate

10 David L. Wasley10 Linking InCommon and eAuthentication Higher Ed is an important community for Federal many agency applications Both have federations in place Have been working together for ~ a year Compatible technology Similar identity attributes InCommon has richer set InCommon includes privacy protections

11 David L. Wasley11 Linking InCommon and eAuthentication... Trust issues eAuth defines 4 levels of identity assurance InCommon allows ‘best effort’ will need to define at least one compatible LOA Privacy... Operational issues Will need to include LOA in identity assertions Will need to tag metadata, etc...

12 David L. Wasley12 Linking InCommon and eAuthentication... Where we are now Draft Memorandum of Agreement Draft “InCommon Bronze” requirements Based on eAuth Level 1 Three campuses already known to qualify Working on inter-federation assessment Goal Interoperability by Fall of this year

13 David L. Wasley13 Q & A ?

Download ppt "Identity Federations: Here and Now David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke."

Similar presentations

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
Trust Router. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any.

Trust Router. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any.
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker.

InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.

Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna 17-18 Oct 2011

Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Shibboleth Update a.k.a. “shibble-ware”

Shibboleth Update a.k.a. “shibble-ware”
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Similar presentations

Ads by Google