Presentation is loading. Please wait.

Presentation is loading. Please wait.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Published byJessie Harris Modified over 8 years ago

Similar presentations

Presentation on theme: "INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group."— Presentation transcript:

1 INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group

2 Trust Basics: The Actors User: Person accessing the service Identity Provider: The organization that knows that person and verifies her identity online. Service Provider: The organization the offers the service and grants access to use it. Federation Operator: The organization that vets the membership, implements the community “rules” and publishes the certified phonebook.

3 Trust Basics: Federation is Distributed Services Service Provider Authorization Certified Federation Metadata “Phone Book” End User Authn 6 - Authorization 1 Fed schema Enterprise Directory Federation Software 3 2 - Request Authentication & Access Information (attributes) 4 5 – Authentication Verified. Sending Attributes 7 2 Federation Software Campus Authentication and User Information 3 - Authentication

4 Trust Basics: Federation is Distributed InCommon Federation (7.8 million users and 663 organizations) Identity Provider Services (368) Application Services (1,849) InCommon Operations (1)

5 Trust Basics: Federation is Shared I have to trust what you do with my Data that I send you Service that you use Being comfortable with how my partners perform their roles is key.

6 Trust Basics: Federation is Fractal Roughly speaking… Concerns at the org level are the same at the national level: Privacy Membership Risk Control over who my partners are First step to Trust is Publish what you do

7 Trust Basics: Publish What you Do First Step: Publish InCommon Participant Operating Practices eduGAIN participation requirements Second Step: Decide

8 Refeds MAP

9 eduGAIN Policy Flow GEANT (governing structure) US Federation (InCommon run by Internet2) eduGAIN Service EU National R&E Federations (Gov sponsored) Feds in Asia, Middle East, India, Africa, North & South America, ….

10 A Word about Metadata InCommon Metadata Aggregate (Official “phone” book) Federation tags and authority Identity provider info Service connection Info

11 What’s in the Metadata “Phonebook”? Information about: Security (signing keys) Contacts (troubleshooting and support) Connection (URLs of services) Verifier of the orgs/metadata (InCommon) Policy and practice compliance tags (R&S, Assurance)

12 eduGAIN is about Metadata Exchange International Metadata Aggregate eduGAIN authority All Fed A info Limited Fed B Info

13 Questions?

Download ppt "INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group."

Similar presentations

EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna 17-18 Oct 2011

Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
InCommon Policy Conference April 2005. 2 Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
SIM402. Kerberos, NTLM, Basic, Digest, Forms?

SIM402. Kerberos, NTLM, Basic, Digest, Forms?
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
The InCommon Federation The U.S. Access and Identity Management Federation www.incommon.org.

The InCommon Federation The U.S. Access and Identity Management Federation
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
Troubleshooting Federation, AD FS 2.0, and More…

Troubleshooting Federation, AD FS 2.0, and More…
1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.

1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.
Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service 2012-02-27 Federated Identity Systems.

Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

Similar presentations

Ads by Google