Presentation is loading. Please wait.

Presentation is loading. Please wait.

+ Challenges in the VO Space Heather Flanagan (Spherical Cow Group) REFEDS meeting; 4 October 2015 Cleveland, OH, US.

Published byAgnes Quinn Modified over 9 years ago

Similar presentations

Presentation on theme: "+ Challenges in the VO Space Heather Flanagan (Spherical Cow Group) REFEDS meeting; 4 October 2015 Cleveland, OH, US."— Presentation transcript:

1 + Challenges in the VO Space Heather Flanagan (Spherical Cow Group) REFEDS meeting; 4 October 2015 Cleveland, OH, US

2 + Studies Done Original FIM4R paper in 2012 described a set of recommendations to the research communities, technology providers, and funding agencies The core use cases came from large research organizations with funding https://cdsweb.cern.ch/record/1442597 The “Advancing Technologies and Federated Communities”, also in 2012, described a set of recommendations around technology, policy, funding, and legal issues. A more generalized approach than the FIM paper, but the recommendations are largely the same https://www.terena.org/publications/files/2012-AAA-Study-report-final.pdf

3 + Findings Summarized Federated technologies are good. Take advantage of them. The infrastructure needs to be improved to take advantage of federated technologies. Do it. Relying on the older models of local account creation and IP- based ACLs is easier. This is a very limited view. Stop it. If you can’t fix it all yourself (and you can’t), facilitate the efforts of groups that can. Build relationships, target your spending or funding to make the biggest impact.

4 + Progress Made Technology Providers Entity Categories - https://wiki.refeds.org/display/ENT/Entity-Categories+Homehttps://wiki.refeds.org/display/ENT/Entity-Categories+Home Caveat: of the 1434 IdPs in eduGAIN, 43 support R&S Data Protection Code of Conduct - https://wiki.refeds.org/display/CODE/Data+Protection+Code+of+Conduct+Home https://wiki.refeds.org/display/CODE/Data+Protection+Code+of+Conduct+Home Caveat: of the 980 SPs in eduGAIN, 64 assert compliance with the DPCoC Funding Agencies Authentication and Authorisation for Research and Collaboration (AARC) US National Science Foundation grants (CILogon 2.0 - http://www.nsf.gov/awardsearch/showAward?AWD_ID=1547268&HistoricalAwards= false) Research Community new deployments and implementations Caveat: some big VOs are falling back on account creation rather than federation since they can’t get what they need out of federation

5 + Narrowing Down to the VO Space Progress still slow Remember a VO is often not a legal entity in and of itself – so who would sign any kind of legal agreement to participate? implementing federation involves a learning curve to properly implement things like single sign on (SSO) – who handles that within the VO? not all participants will even be a member of an institution that is part of a federation – how can they be brought on-board? VOs are the test case that expands into discussing federation outside of academia. We need to get this done, and get it right. Need to make the story of federation more compelling to VOs who have an uphill battle to get here from there. We can start by RELEASING ATTRIBUTES.

6

7 + Life After Attribute Release Are the technologies easy to deploy for your average sys admin (or, perhaps, your average grad student)? Is it clear how to handle security incidents when you’re just a little VO? Are the collaboration and domain tools ready for a federated environment?

8 + Technology Shibboleth 3, CAS, Microsoft AD Support for SSO and identity federation Are they packaged and documented well enough for a small VO to be able to deploy them? OAuth2 and OpenIDConnect are easier to deploy, but the VO loses out on being able to have the variety of IdP options; what they gain in simplicity of initial deployment is potentially eaten by needing to buy or build and deploy a proxy or gateway. And what about all those tasty attribute schemas?

9 + Security SIRTFI - https://wiki.refeds.org/display/GROUPS/SIRTFIhttps://wiki.refeds.org/display/GROUPS/SIRTFI A framework is being developed Is it something that small VOs can follow?

10 + Tools and Services Collaboration Management Systems Perun – http://perun.cesnet.cz/web/http://perun.cesnet.cz/web/ OpenConext – https://www.openconext.orghttps://www.openconext.org COmanage – http://www.internet2.edu/products-services/trust-identity-middleware/comanage/http://www.internet2.edu/products-services/trust-identity-middleware/comanage/ Video conferencing with support for SAML BigBlueButton - http://bigbluebutton.org/http://bigbluebutton.org/ WebEx – http://www.webex.comhttp://www.webex.com Jitsi Meet - https://jitsi.org/Projects/JitsiMeethttps://jitsi.org/Projects/JitsiMeet Wikis with support for SAML Confluence - https://www.atlassian.com/software/confluencehttps://www.atlassian.com/software/confluence Dokuwiki - https://www.dokuwiki.org/dokuwikihttps://www.dokuwiki.org/dokuwiki Trac - http://trac.edgewall.org/wiki/TracWikihttp://trac.edgewall.org/wiki/TracWiki Software Development Jenkins - https://wiki.jenkins-ci.org/display/JENKINS/Meet+Jenkinshttps://wiki.jenkins-ci.org/display/JENKINS/Meet+Jenkins JFrog Artifactory - https://www.jfrog.com/confluence/display/RTF/Welcome+to+Artifactoryhttps://www.jfrog.com/confluence/display/RTF/Welcome+to+Artifactory GitHub – https://www.github.comhttps://www.github.com There are more. Lots more. Progress is being made here. But remember, all these tools and services require attributes...

11 + Action Items Can federations do more to offer resources to help make deploying the technologies easier? Start by providing requirements or resources back to software groups to build more easily deployed packages. Federations have a role in education and outreach to help small groups understand their roles and responsibilities in handling security incidents. Continue to find ways to get your IdPs to RELEASE THE ATTRIBUTES. Entity categories are necessary but not sufficient to make this happen.

12 + The Value Proposition for Identity Federations

13 + Brought to you by... https://wiki.refeds.org/display/OUT/The+Value+Proposition+f or+Identity+Federations Joni Brennan (Kantara Initiative) Chris Phillips (CANARIE) Lucy Lynch (NSRC) Nicole Harris (GÉANT) Heather Flanagan (Spherical Cow Group; Editor)

14 + Background Work item came out of the REFEDS meeting at APAN in March 2015 Not our usual set of federations, and they asked for assistance in establishing the business case that they needed to bring back to their campuses and countries regarding identity federation. Our goal: help them understand the value proposition, and help them avoid reinventing our broken and thrown away wheels.

15 + Key Points The campus or institutional brands are critical; don’t lose out on the value they bring to the table The value here is local, regional, AND global Some of the challenges—where resources will be required— are highlighted More information is still required more on the services that might drive their use case sections need summaries; this is a lot of dense material

16 + Next Steps This has been distributed to the TF-IAM APAN group (thanks, Terry!)—need to collect feedback and integrate Fill in the blank spots to summarize the sections Text for federated services Must be completed by end of calendar year (or I can’t live with myself)

Download ppt "+ Challenges in the VO Space Heather Flanagan (Spherical Cow Group) REFEDS meeting; 4 October 2015 Cleveland, OH, US."

Similar presentations

CLARIN AAI, Web Services Security Requirements

CLARIN AAI, Web Services Security Requirements
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.

Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.
11-July-2011, SURFnet Heather Flanagan, COmanage Project Coordinator Benn Oshrin, COmanage Developer Scott Koranda, U. Wisconsin – Milwaukee and LIGO.

11-July-2011, SURFnet Heather Flanagan, COmanage Project Coordinator Benn Oshrin, COmanage Developer Scott Koranda, U. Wisconsin – Milwaukee and LIGO.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
The ReFEDS/GÉANT Code of Conduct (CoC) An Approach to Compliance with the EU Data Protection Directive Steve Carmody April 23, 2012.

The ReFEDS/GÉANT Code of Conduct (CoC) An Approach to Compliance with the EU Data Protection Directive Steve Carmody April 23, 2012.
Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk An Introduction to Access Management and the UK Federation Simon Cooper.

Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.

Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.

Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.

Similar presentations

Ads by Google