Presentation is loading. Please wait.

Presentation is loading. Please wait.

REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation.

Published byChastity Montgomery Modified over 9 years ago

Similar presentations

Presentation on theme: "REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation."— Presentation transcript:

1 REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation

2 REFEDS. Rome, October 2009 Setting the Landscape

3 REFEDS. Rome, October 2009 LoLoAs (not an erratum) The LoA concept has originally been associated to quality of credentials  Two-factor authentication vs username/password…  SAML AuthN Context emphasized this  NIST (and NIST-like) classifications did as well Attributes constitute the core of an identity LoA on asserted attributes are key to take informed decisions And that brings us to different Levels of Levels of Assurance

4 REFEDS. Rome, October 2009 The Axes

5 REFEDS. Rome, October 2009 Attribute Authorities Entities providing additional attributes about users  Not available at their home IdP  Mostly because of management reasons Key for the VO promise Explosion of authoritative AttAuts is a concern And they may pose additional privacy challenges Several implementations currently available  VOMS (originally X.509-based, now with SAML gateway)  SWITCH VO management system (Shib-based)  FEIDE VO PoC (OAuth)  RedIRIS AA (SAML-based)  GN3 JRA3T2 (starting)  …

6 REFEDS. Rome, October 2009 Attribute Aggregators User-controlled sources of attributes Collecting them from AttAuts The SHINTAU project  Shib-based  Demo available at http://issrg-beta.cs.kent.ac.uk:8080/loademo.html The Kantara UMA Working Group  Mostly influenced by the OAuth community  Attribute access can be considered a particular case  No implementation yet  http://kantarainitiative.org/confluence/display/uma/

7 REFEDS. Rome, October 2009 Reputation Systems AttAggs that offer additional interfaces to update attribute values Social trust and beliefs  Social does not mean necessarily “massive” The next step in IdM? Object of a work-item in TF-EMC2 Few (if any) implementations  The ARETUSA model for BitTorrent  Plans to extend the RedIRIS AA

8 REFEDS. Rome, October 2009 The Possible Next Steps Attribute source discovery  Open AttAut, AttAgg, Reputation sources?  Are they total or partial members of federations? Representation for attribute sources and LoAs  Meta-attributes? Evaluation procedures for trust on attributes  Attribute algebra?  LoA set operations? Keeping all this in the appropriate practical limits  Avoid to make this an academic issue

Download ppt "REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation."

Similar presentations

Federated Identity for Grid Architects Tom Scavo NCSA

Federated Identity for Grid Architects Tom Scavo NCSA
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…

From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…
TFTM 01-06 Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, 2014 1-14-2014IDESG TFTM Committee1.

TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
REFEDS. Rome, October 2009 The OpenID Case Why It’s Not a Bad Idea to Play with The Big Guys.

REFEDS. Rome, October 2009 The OpenID Case Why It’s Not a Bad Idea to Play with The Big Guys.
Europe Latin America Collaborative e ‑ Infrastructure for Research Activities A Model for Federated Services Brook Schofield, TERENA ● Sofia, Bulgaria.

Europe Latin America Collaborative e ‑ Infrastructure for Research Activities A Model for Federated Services Brook Schofield, TERENA ● Sofia, Bulgaria.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.

Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a.

17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a.
2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.

2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Shibboleth Update a.k.a. “shibble-ware”

Shibboleth Update a.k.a. “shibble-ware”
18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.

18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.

EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.
SAML Right Here, Right Now Hal Lockhart September 25, 2012.

SAML Right Here, Right Now Hal Lockhart September 25, 2012.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….

SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

Similar presentations

Ads by Google