Presentation is loading. Please wait.

Presentation is loading. Please wait.

Developments and challenges in authentication and authorisation Klaas Wierenga Berlin, 23 May 2006.

Published byJessica Fleming Modified over 8 years ago

Similar presentations

Presentation on theme: "Developments and challenges in authentication and authorisation Klaas Wierenga Berlin, 23 May 2006."— Presentation transcript:

1 Developments and challenges in authentication and authorisation Klaas Wierenga klaas.wierenga@surfnet.nl Berlin, 23 May 2006

2 High-quality Internet for higher education and research Agenda Federations Drivers for (identity) federations Key developments Challenges Summary

3 High-quality Internet for higher education and research Federations Identity Provider User Resource Provider Resource Trust Organisation B Organisation A Federations are about sharing resources across organisational borders

4 High-quality Internet for higher education and research Drivers for (identity) federations Organisational Users are becoming increasingly mobile –Bologna process, ECTS –E-learning for everyone Research is getting to “large” to do alone –Collaboration is common, projects cross organisational borders –Grids Self serving interfaces, changes in workflow inside university –Employees and students get tasks from administration –Cutting cost Technical Higher need for security without stopping people from studying or doing resarch Two-sided communication gets replaced by multidimensional web services, SOA Centralising applications in order to individualise services –Personalisation gets more important Political and societal Government AAI (and commercial IdPs) –Interconnections

5 High-quality Internet for higher education and research Federations are happening HAKA JISC federation DK-AAI Applications outsourcing their users –To the home institution of the user –To a single place at the home institution Academic identity federations are operational –Real services used everyday by large amount of users –Research and educational applications are federated Federation software available in the marketplace Infocard –Making "identity" tangible to users Convergence is there –With SAML as lingua franca

6 High-quality Internet for higher education and research Organisational Challenges Local identity management Provisioning –must be understood both on campus and in applications Managing roles and attributes Scalability problems (many sources of authority)

7 High-quality Internet for higher education and research Technical Challenges (1) Horizontal integration –Government federations –Commercial federations (Liberty Alliance, WS- * based) –Across national boundaries Vertical integration –Web SSO, eduroam, grids –Lightpath provisioning (GLIF), measurement and monitoring (PerfSonar) –E-mail, IM, SIP, SSH

8 High-quality Internet for higher education and research Technical Challenges (2) External IdP’s –Different levels of authentication –Different levels of authorisation From authentication to authorisation –Do those enterprise directories really contain authoritive authorisation information? Security constraints –Policy and technology N-tier problems –Where are the attributes?

9 High-quality Internet for higher education and research Political and Societal challenges Privacy –Locally –Within federations –Across Europe –World-wide Interconnection policies –building federations –bridging federations Integration of enterprise and federated identity with personal identity Agreement on consistent approaches to authentication

10 High-quality Internet for higher education and research Summary Educational federations are happening Convergence to (small number of) standards –SAML International federations are emerging –eduroam –Grids –Géant2 AAI (eduGAIN) Federations are moving up into the stack But campus issues remain a concern

11 High-quality Internet for higher education and research Thanks to Ken Klingenstein (Internet2) Diego Lopez (RedIRIS) Ingrid Melve (UNINETT) Bob RL Morgan (Internet2) Milan Sova (CESNET) Torbjorn Wiberg (Umea University)

Download ppt "Developments and challenges in authentication and authorisation Klaas Wierenga Berlin, 23 May 2006."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Federation management A mess? 9.4.2008 Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.

Federation management A mess? Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Research on Networks Report on session on Grids & access Klaas Wierenga SURFnet Middleware Services Utrecht, 29 April 2004.

Research on Networks Report on session on Grids & access Klaas Wierenga SURFnet Middleware Services Utrecht, 29 April 2004.
Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC 2014 20 May 2014 Dublin.

Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC May 2014 Dublin.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.

Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.

Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.
The EARNEST Foresight Study 2006 - 2007 Results from the EARNEST Technical Study Licia Florio, TERENA EARNEST Workshop, Amsterdam, 8.

The EARNEST Foresight Study Results from the EARNEST Technical Study Licia Florio, TERENA EARNEST Workshop, Amsterdam, 8.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.

High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.

Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Similar presentations

Ads by Google