Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stuff Ken Klingenstein. Four pieces of stuff Federation soup Cormack slides on EU (and US) privacy NIH-InCommon International federation.

Published byDinah Gilbert Modified over 8 years ago

Similar presentations

Presentation on theme: "Stuff Ken Klingenstein. Four pieces of stuff Federation soup Cormack slides on EU (and US) privacy NIH-InCommon International federation."— Presentation transcript:

1 Stuff Ken Klingenstein

2 kjk@internet2.edu Four pieces of stuff Federation soup Cormack slides on EU (and US) privacy NIH-InCommon International federation & Liberty Alliance ISOC and Identity and trust

3 Federation Soup: An Assembly of Ingredients

4 kjk@internet2.edu Welcome to the kitchen A bit of context Goals and outcomes Overview of agenda Some other agendas ------------------- Who we are in the room – some stories ------------------- Reference terminology

5 kjk@internet2.edu A bit of context A very brief history of federating software An even briefer history of federations Interfederation interactions of peering and soup of technology and policy of identity providers and service providers outside our sector…

6 kjk@internet2.edu Federating software Shibboleth project formation - Feb 2000 OASIS starts SAML work; linkages with Shib established Dec 2000 Architecture and protocol completion - Aug 2001 Release dates: Shib alpha1 April 2002, OpenSAML July, 2002, Shib v1.0 April 2003 SAML TC evolved a fusion of Liberty, Shib and SAML into SAML 2.0 Nov 2005 Microsoft-led business consortium develops WS-*, including WS-Fed, 2002-2008

7 kjk@internet2.edu A brief history of federations Federations at national levels in several countries, beginning with a variety of protocols and converging on SAML Federations form along natural relationships – state university systems, state educational agencies, regional optical networks,… Federations in the business context begin as 1-1 (outsourced services, like accounting) and sometimes grow into hub and spoke (e.g. automobile industry) Other types of identity federations exist in pockets (e.g. federated PKI roots for IGTF)

8 kjk@internet2.edu Why we are here: Interfederation Interactions Peering and soup Service providers often belong to multiple federations; some identity providers are being asked to join several federations Federal government interactions happening, but not as first anticipated Virtual organizations are now presenting real use cases that require international federation interactions Other sectors keenly watching us

9 kjk@internet2.edu Workshop Goals and Outcomes Inform specific efforts fostering of local federations blending of local federations with national ones minimizing challenges down the road through some up-front consensus and coordination (ala federation best practices) international peering/soup Exchange governance and organizational approaches Understand businesses and business models Establish ongoing mechanisms for communication and coordination Grow community

10 kjk@internet2.edu Overview of Workshop Agenda Monday Identifying the ingredients Talking soup BoF’s Tuesday Making soup Affinity groups Wednesday Tasting the soup Next steps

11 kjk@internet2.edu Some other agendas Getting to know each other And finding affinity groups Maximal discussions Minimal powerpoint

12 kjk@internet2.edu Some soup dimensions Alignments – LOA, attributes, user experience Legal models – Dispute Resolution, Indemnification, etc Business models – Operator, Source of funds, Services offered, Communities served Privacy management and international issues

13 kjk@internet2.edu Alignments Level of assurance – for strength of authentication Attributes – for conveying authorization information, preserving privacy, etc User experience – large multiplier…

14 kjk@internet2.edu Possible business opportunities Trust For identity management For ?? Content distribution, ala BBC Operate collaboration management platforms Circulate related metadata VO stuff (Schema, arps) ? Training

15 kjk@internet2.edu Some stories International tales – Edupass.ca, UK Federation, Swami InCommon State and system activities UCOP, UNC, Clair Spices and salt DOEgrids, Great Plains, Farmfed

16 kjk@internet2.edu Who we are in the room – some stories Communities served Purpose of federation Organizational and business approaches One thing that has been surprising…

17 kjk@internet2.edu Reference terminology Terms vary in meaning by country and context Shelf life of terms, especially policy and business ones, may be short It’s ratholes all the way down…

18 kjk@internet2.edu Thanks To the Shibboleth crew To the federation workers To all of you For the time you’ve taken For tolerating an overdone metaphor For the consequence we may have

19 Federation Soup: Out of the Kitchen…

20 kjk@internet2.edu Topics Use cases Federations.org SAML-rama Peering frameworks Next steps

21 kjk@internet2.edu Motivation St. Mary’s of the Plains wanting access to StudentUniverse Does a commercial SP have to join every federation? Overlapping US federations, with different membership criteria Where/how do we reach agreement on: Attribute mapping Identity Assurance mapping Common approaches, in order to avoid mapping... Do other communities need standardized attributes? How do they do that? Can we help?

22 kjk@internet2.edu More questions How do VOs fit into the federation picture? How do US sites handle international partners, respecting privacy laws, etc. What can the national level federations do to simplify this process (signed agreements, policy alignment, etc.) Logging and audit in a federated space What types of businesses are proper work for federations Home for the homeless, alumni and OpenIds Migrations from other technologies

23 kjk@internet2.edu More use cases LIGO and OOI WUN MUSE NIH and NSF Spaces wiki

24 kjk@internet2.edu Federations.org Interfederation of national R&E federations More peering than soup Possible activities Reference point for new national federations Aggregation of common materials Triage for SP’s that want to learn how to deal with multiple federations Assist in taking the federation template doc to RFC status IDABC and EU Article 29 coordination Successor to Refeds (http://www.terena.org/activities/refeds/)

25 kjk@internet2.edu International Activities http://www.terena.org/activities/refeds/ A summary of discussions among R&E networks, including a survey of national efforts http://www.jisclegal.ac.uk/access/ Excellent policy analytics, especially around international issues of privacy, peering, and attributes http://ec.europa.eu/idabc/ TransEuropean activities in IdM for use among citizens, governments, and businesses

26 kjk@internet2.edu IDABC, EU Article 29, Concordia Issues IDABC The pluses and minuses of gateways between SAML federations EU Article 29 Liberty attributes and PII EPTID Concordia End-end use cases in federated identity intended to highlight gaps in protocols, schema, etc

27 kjk@internet2.edu SAML-rama The meeting right after this… Developing a spec for a metadata profile Addresses some of the critical technical issues in interfederation

28 kjk@internet2.edu Peering Parameters Parameters: LOA Attribute mapping Legal structures Liability Adjudication Metadata VO Support Economics Privacy

29 kjk@internet2.edu Peering frameworks JISC Member-Federated Operator analysis Feasability of cross-federation EAuth-InCommon peering corpse Kalmar Union JISC template for inter-federation

30 kjk@internet2.edu UK Bilateral Interfederation Template Purpose, scope and limits of agreement Entity assurance Member-operator behavior Problem resolution Member-member behavior Interfederation infrastructure

31 kjk@internet2.edu Major Sections Introduction (parties, nature of agreement, …) Background (context, terminology, …) Scope of the Agreement Rights and Obligations of the Parties (see next) Dispute Resolution Financial Considerations Limitation of Liability Special Considerations (communications, implementation, technical issues) Suspension or Termination

32 kjk@internet2.edu Responsibilities of Parties 1. Ensure proper operation of federation operator according to documentation 2. Evaluate ISPs for conformance with defined identity assurance standards 3. Provide the other Party information about new federation members 4. Provide the other Party accurate metadata for federation members 5. Make federation metadata available to the other Party 6. Notify the other Party of changes to federation member requirements 7. Notify the other Party of federation inability to comply with its obligations 8. Coordinate with the other Party with respect to federation changes 9. Require transaction logs be kept by federation members for at least 6 months 10. Coordinate problem resolution with the other Party 11. Work with the other Party to resolve technical or operational problems 12. Respond to requests from the other Party for information about the federation 13. Notify the other Party in case of non-compliance with this agreement

33 kjk@internet2.edu Kalmar Union Common terminology Rules Privacy and Security Technology Change control User Interface

34 kjk@internet2.edu Terminology & Rules Who? What? Who does what to whom?

35 kjk@internet2.edu Privacy and Security PII baseline Explicit tie-in with EU PI directive Delegate responsibility for 95/46/EC

36 kjk@internet2.edu Technology & Standards Gory details in appendix (RSN)‏ Establish ”do now lower loa”-principle

37 kjk@internet2.edu Change control Regulate change to KALMAR including new members.

38 kjk@internet2.edu User Interface Make the user aware that she is crossing a national border (!)‏

39 kjk@internet2.edu Next Steps International Federations.org Peering between edupass.ca and InCommon, UK and InCommon, Kalmar Union Federation roadmap Soup

40 kjk@internet2.edu Next soup steps Affinity group in system federations State feds – not yet PII normalization Ask NACUA Coping with EU privacy compliance Interfederation template agreement InCommon as a focus point for interfederation in the US

Download ppt "Stuff Ken Klingenstein. Four pieces of stuff Federation soup Cormack slides on EU (and US) privacy NIH-InCommon International federation."

Similar presentations

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.
Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.

Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.
Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.

Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna 17-18 Oct 2011

Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
DOCUMENT #:GSC15-PLEN-08 FOR:Presentation SOURCE:ISACC AGENDA ITEM:Opening Plenary (4.5) CONTACT(S):Jim MacFie ISACC Activities Since GSC-14 Jim MacFie.

DOCUMENT #:GSC15-PLEN-08 FOR:Presentation SOURCE:ISACC AGENDA ITEM:Opening Plenary (4.5) CONTACT(S):Jim MacFie ISACC Activities Since GSC-14 Jim MacFie.
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
US NITRD LSN-MAGIC Coordinating Team – Organization and Goals Richard Carlson NGNS Program Manager, Research Division, Office of Advanced Scientific Computing.

US NITRD LSN-MAGIC Coordinating Team – Organization and Goals Richard Carlson NGNS Program Manager, Research Division, Office of Advanced Scientific Computing.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Stuff Ken Klingenstein. Stuff sack InCommon Stuff Infocard, Open Id, etc… Federation soup Cormack slides on EU (and US) privacy International.

Stuff Ken Klingenstein. Stuff sack InCommon Stuff Infocard, Open Id, etc… Federation soup Cormack slides on EU (and US) privacy International.
The InCommon Federation The U.S. Access and Identity Management Federation www.incommon.org.

The InCommon Federation The U.S. Access and Identity Management Federation

Similar presentations

Ads by Google