Presentation is loading. Please wait.

Presentation is loading. Please wait.

A World of Resources Just a Click Away – The Canadian Perspective Prague, CZ, TERENA, May 2011.

Published byAllan Hoover Modified over 8 years ago

Similar presentations

Presentation on theme: "A World of Resources Just a Click Away – The Canadian Perspective Prague, CZ, TERENA, May 2011."— Presentation transcript:

1 A World of Resources Just a Click Away – The Canadian Perspective Prague, CZ, TERENA, May 2011

2 Background About –CANARIE –Canadian Access Federation Lessons learned Challenges still out there

3 Background on Higher Ed In Canada Higher Ed In Canada –Post secondary is responsibility of the individual provinces and territories Funding comes from them, tuition fees, federal gov’t and research grants Provinces/Territories control who grants degrees via an Act or Ministerial Consent –Universities typically grant degrees while colleges grant diplomas & certificates (some exceptions) –Both are eligible for Canadian Access Federation membership Mirrors the geographical, technology boundaries & demarcations –Hard to tell which is the reflection and which is the original & which influences which

4 Canada’s Digital Infrastructure: CANARIE Why CANARIE? To improve the effectiveness of research in Canada

5 How does CANARIE do it? 98% of CANARIE’s funding goes towards improving the effectiveness of research in Canada –Network capacity improvements and new services –Programs to simplify researcher access –Support for provincial partner networks Annual cost: about $25M Underpins $3.5B spent per year on research in Canadian universities and government labs

6 Why CANARIE as the Operator? CANARIE is already a nationwide operator –Currently federates provincial networks CANARIE serves a broad set of users –Other organizations are institution specific CANARIE already has international presence – Seen as the voice of Canadian IT/ICT –Validates peering at a worldwide level. CANARIE funding model is attractive in the long view 6

7 What is the Access Federation? A collection of trust frameworks for the Canadian electronic identity ecosystem –Targets the challenge of secure access to the network and to online resources –Home for different flavours of trust frameworks –Recognizes autonomy of its participants Participants in the ecosystem –The Federation Operator (CANARIE) –Identity Providers (IdP) offer authentication/authorization of their identities –Service Providesr (SP) who offer services. –End Users 7

8 Access Federation Services eduRoam –a wireless access authentication trust framework based on the RADIUS protocol and 802.1x. Shibboleth – an online authentication and authorization trust framework based on the SAML protocol Services are implementations of a specific trust framework 8

9 Eligibility for Access Federation Currently over 30 participants, including all of the larger universities in Canada. Eligible participants include: –higher education institutions –public research institutions –sponsored service providers Participation for other CANARIE members being examined. –Entitlement will be on service by service requirements due to different needs per service. Need to keep in mind what int’l community accepts E.g. eduRoam @ Starbucks across Canada is great, but allowing SBUX employees into eduRoam as identities isn’t & can cause grief Fees may equate to membership in CANARIE by default and subsequent service are added on as needed 9

10 Canadian eduRoam Participants ProvinceInstitution British Columbia British Columbia Institute of Technology Camosun College Great Northern Way Campus Okanagan College Royal Roads University Simon Fraser University Thompson Rivers University University of British Columbia University of Victoria Alberta Mount Royal University University of Alberta University of Calgary Saskatchewan University of Saskatchewan Ontario Brock University Carleton University McMaster University Queen's University Ryerson University University of Guelph University of Toronto University of Waterloo University of Western Ontario Québec Concordia University École Polytechnique de Montréal HEC Montréal McGill University Université de Montréal New Brunswick University of New Brunswick Newfoundland Memorial University 10

11 Eduroam usage in Canada 11

12 Onboarding Process: eduroam Standard template for connecting new sites Policy sign-off followed by technical implementation Estimated time for Canada federation-level RADIUS server personnel: –on-board a new member site: a few hours to two person-days, depending on member site expertise –general maintenance: ~one person-day per month Local implementation from 4 hours to 4 weeks 12

13 Shibboleth Participants in Canada Identity Providers McGill University Queen's University Simon Fraser University University of Alberta University of British Columbia University of Calgary University of Guelph University of Manitoba University of Ottawa University of Quebec at Montreal University of Saskatchewan University of Toronto University of Waterloo University of Western Ontario University of Windsor York University Service Providers e-academy Elsevier - ScienceDirect Elsevier-Scopus Microsoft Dreamspark ProQuest - Classic ProQuest - Illumina Scholars Portal Books(Ontario Council of University Libraries) 13

14 Areas of Activity for Canadian Access Federation & Potential Future Services Libraries – electronic subscriptions – journals, data bases, etc. Cross institutional/collaboration projects Research organizations accessing common data environments With richer client solutions under development: High performance computing (*Moonshot) Scientific devices 14

15 Lessons Learned

16 Late to the Game is Not Necessarily a Bad Thing May be rationalizing why we are where we are right now HOWEVER… –You get to see how others addressed challenges –Signposts to hard parts are more evident vs having to discover them yourself. –Get to focus on the parts that are important to you –Possible to strategically contribute your #1 enhancement item could be someone elses #9 they benefit getting more done in less time & effort for both parties amplifies your and their team.

17 Paradox of Choice Abounds What is it? –The paradox that having many choices may lead to a poorer decision or a failure to make a decision at all. Crops up in a number of places –Flexibility typically = Choice but leads to … The art is finding the balance of less choice but still have enough flexibility

18 Rightsize Your Information Sharing Wireless (eduroam) SAML Valid Session Log in, share nothing Log in, share Opaque ID SAML as conduit for Information release External Website personal- ization is desired Log in, share NetID Internal Website personal- ization is desired linkage elsewhere desired Log in, share NetID+attr. Internal Website personal- ization is desired linkage elsewhere desired Data needed (ghosted)‏

19 To Educate or to Build? Build body of knowledge in participants or build it for them? –Either-or decision or can you do a hybrid? –Key elements to factor in: Demarcation points of who owns what Service Level Agreements –QOS, response times, break fix requirements At the end of the day, what type of operational posture/cost structure do you want to shoulder and can you do it?

20 Can & Want are Two Different Things AKA the Golden Hammer Syndrome: if the only tool you have is a hammer, then everything looks like a nail. –Example: Yes, you CAN use Shib to secure a wireless network, but do you WANT to? –Costly to support N IdPs * M locations via a Shibboleth approach –Eduroam, for the onsite radius operator is a onetime configuration and the infrastructure is designed to deal with the resolving of Where Are You From problem.

21 Being All Things to All People Choose which value proposition to amplify/mature –Best fit –Highest value –Shortest delivery time Incremental delivery with demonstrable improvements at each step of the way

22 Unified View Leverages Infrastructure (aka internal/nested/layered trust groups) The ‘Federation’ Local Fed IdpSP Local Fed IdpSP Idp SP Special Interest Trust Groups Idp The Federation. sets POP/FOP requirements. Serves as the base inherited elements for local or SITG activity to enhance or build upon Most efficient way to insure least effort for SP/IdP to participate any way they want, including promotion to eduGain Local Fed. can have need their own isolated SP/IdPs Encourages organic growth on path to full Federation involvement. The Federation enables SITG to form their own special metadata sourced from the core metadata SP Idp Higher Assurance

23 Challenges to Tackle Commoditizing & simplifying the experience to enable apps. –Shib integration is where LDAP was 5-10 years ago … Attribute ‘Bundles’/’Sets’ and data profiles –Establish a consistent way to exchange attributes beyond eduPerson basic elements AuthoriZation optimizations –How much should be centralized in the IdP (Can be done vs Want to do it)? ‘Appstore’ or vm images for SAML ready and enabled applications? IdP as an appliance, we need to get out of the trenches to add value higher up the stack.

24 Domesticated list

25 Thank you Questions: chris.phillips@canarie.ca

Download ppt "A World of Resources Just a Click Away – The Canadian Perspective Prague, CZ, TERENA, May 2011."

Similar presentations

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Agriculture in the Classroom Canada Building Agriculture Awareness through Education.

Agriculture in the Classroom Canada Building Agriculture Awareness through Education.
Systems Approach Workbook A Systems Approach to Substance Use Services and Supports in Canada Communication Tools: Sample PowerPoint presentation The original.

Systems Approach Workbook A Systems Approach to Substance Use Services and Supports in Canada Communication Tools: Sample PowerPoint presentation The original.
RATING AGENCIES APPROACH TO UNIVERSITIES Paul Calder, Director Canadian Public Finance & Infrastructure Group Canadian Association of University Business.

RATING AGENCIES APPROACH TO UNIVERSITIES Paul Calder, Director Canadian Public Finance & Infrastructure Group Canadian Association of University Business.
Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.
Ontario University Library Consortia Activity Ontario University Library Consortia Activity Gwendolyn Ebbett Dean of the Library University of Windsor.

Ontario University Library Consortia Activity Ontario University Library Consortia Activity Gwendolyn Ebbett Dean of the Library University of Windsor.
First Year in Focus at Canadian Colleges and Universities.

First Year in Focus at Canadian Colleges and Universities.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Presented by Tim Mark, Executive Director, Canadian Association of Research Libraries (CARL) In association with Kathleen Shearer, Coordinator of the CARL.

Presented by Tim Mark, Executive Director, Canadian Association of Research Libraries (CARL) In association with Kathleen Shearer, Coordinator of the CARL.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
Scholars Portal Project Ontario Council of University Libraries Scholars Portal in 2007 A Progress Report Leslie Weir Université d’Ottawa - University.

Scholars Portal Project Ontario Council of University Libraries Scholars Portal in 2007 A Progress Report Leslie Weir Université d’Ottawa - University.
A New Model of National Service for a National Museum: A Work in Progress.

A New Model of National Service for a National Museum: A Work in Progress.
EMU Strategic Planning Strategic Planning Material Mission/Vision/Values Goals and Objectives January 10, 2014.

EMU Strategic Planning Strategic Planning Material Mission/Vision/Values Goals and Objectives January 10, 2014.
The InCommon Federation The U.S. Access and Identity Management Federation www.incommon.org.

The InCommon Federation The U.S. Access and Identity Management Federation
1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.

1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.
Ontario Online Inter-ministerial Public Library Discussion Forum January 29, 2014 Ministry of Training, Colleges and Universities Strategic Policy and.

Ontario Online Inter-ministerial Public Library Discussion Forum January 29, 2014 Ministry of Training, Colleges and Universities Strategic Policy and.
UW Senate President’s Report November 21, 2011. Canadian Experience Class to include foreign PhD students Canadian Experience Class is an immigration.

UW Senate President’s Report November 21, Canadian Experience Class to include foreign PhD students Canadian Experience Class is an immigration.
Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.

Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.
Fiscal Work Group, MnOnline1 Fiscal Models Overview for the Minnesota Online Council Qualifiers Funding Models must support the business plan –Consolidated.

Fiscal Work Group, MnOnline1 Fiscal Models Overview for the Minnesota Online Council Qualifiers Funding Models must support the business plan –Consolidated.

Similar presentations

Ads by Google