Presentation is loading. Please wait.

Presentation is loading. Please wait.

Federated Identity in the Global Landscape. Presenter’s Name Topics Federated identity basics International deployments and issues National, local and.

Published byGriffin Merritt Modified over 8 years ago

Similar presentations

Presentation on theme: "Federated Identity in the Global Landscape. Presenter’s Name Topics Federated identity basics International deployments and issues National, local and."— Presentation transcript:

1 Federated Identity in the Global Landscape

2 Presenter’s Name Topics Federated identity basics International deployments and issues National, local and sector deployments Gaps and OpenId Capabilities it could provide Real-time delivery of identity and attributes Supports role-based access controls Providing privacy and secrecy Collaboration management platforms

3 Presenter’s Name Federated identity basics Two sets of agreements among enterprises Technical: Federating software version, common attributes and schema, metadata management among members, LOA Policy: Participant operational practices statements, contracts between members and federated operator, privacy and security agreements

4 Presenter’s Name Types of federations Bilateral and hub-and-spoke Corporate Outsourced services, specific business alliances, industry trade associations and members Primarily SAML-based, some WS-* Multilateral R&E Sector General collaborative environments, shared science and data such as grids and repositories All SAML based, many are Shibboleth

5 Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining soon) New types of members Non usual suspects – Lafayette, NITLE, Univ of Mary Washington, etc. National Institute of Health Student service providers Energy Labs MS, Apple Steering Committee chaired by Clair Goldsmith of Univ of Texas; Technical Committee chaired by Renee Shuey of Penn State

6 Presenter’s Name Uses Access controlled wikis Access to academic content, such as Elsevier Access to popular content, such as Cdigix Access to Microsfoft Access to services, such as student travel agencies, testing services, Grid computational resources, portal providers, recruitment services, etc (Trust base for dynamic circuit authorization/accounting) (Google Apps for Education)

7 Presenter’s Name Federations Almost everywhere now Internationally – UK (2-3 new members a day), Spain, France, Sweden, Finland, Switzerland, Netherlands, Germany, Denmark, Norway, Australia, Brazil, Japan, Canada, etc. State university systems Community college libraries Medical associations DoJ and DoD Limited interfederation interactions – Kalmar Federation, UK-Australia, MS, Elsevier

8 Presenter’s Name International federation highlights Several countries at 100% coverage, including Norway, Switzerland, Finland Community served varies somewhat by country, but all are multi-application and include HE UK intends a single federation for HE and Further Education ~ tens of millions of users Real use cases involving international team science now driving interfederation peering urgency

9 Presenter’s Name International Activities http://www.terena.org/activities/refeds/ A summary of discussions among R&E networks, including a survey of national efforts http://www.jisclegal.ac.uk/access/ Excellent policy analytics, especially around international issues of privacy, peering, and attributes http://ec.europa.eu/idabc/ TransEuropean activities in IdM for use among citizens, governments, and businesses

10 Presenter’s Name IDABC IDABC stands for Interoperable Delivery of European eGovernment Services to public Administrations, Businesses and Citizens. http://ec.europa.eu/idabc/en/document/6484/5644 eID Interoperability for PEGS -Report on interoperable eIDM technical solutions, December 2007 (http://ec.europa.eu/idabc/servlets/Doc?id=29619). Offers technical assessment of several technologieshttp://ec.europa.eu/idabc/servlets/Doc?id=29619 Final recommendations due soon. Federated approaches are likely; open source standards may be identified

11 Presenter’s Name Interfederation We used to know more… We thought there was primarily peering and we could do that Things changed… A rich mix of emerging relationships – nested, leveraged, peered, orthogonal, etc.

12 Presenter’s Name Some of those relationships Nested – UC Trust and InCommon eduRoam – single application cross- federation Texas Multi-homed SP –Microsoft, Elsevier, student service industry, etc.

13 Presenter’s Name Peering Efforts between InCommon and EAuth collapsed a while ago We got close, but EAuth priorities changed International Peering UK Feasibility analysis Attribute Alignment Privacy due out in May Peering drafts to follow

14 Presenter’s Name Some of the bases to touch in peering Typical issues - Problem resolution and adjudication, liability and indemnification, financial considerations, impact on member agreements, etc. New issues - Metadata exchange Attribute mapping Transitive trust

15 Presenter’s Name Peering Parameters Parameters: LOA Attribute mapping Legal structures Liability Adjudication Metadata VO Support Economics Privacy

16 Presenter’s Name Federation Soup Workshop to held early June Bringing together all manners of federation to figure out federation relationships InCommon, JISC, state federations, library federations, university system federations, grid federations, etc. Topics include alignment of policies, technologies, attributes, metadata, etc. Approaches include peering, nested, leveraged, and a whole lot of ad hoc Outputs may include best practices, multi-homing, etc.

17 Presenter’s Name Other pieces of federation space Liberty Alliance and OASIS both have eGov SIGs. Liberty holds some important elements of policies and operational standards OASIS is interested in development of additional technical elements ITU claimed to be working peering… Vertical sector federations starting in financials, pharmaceutical, others Overlays (special schema, discovery services, etc.) for team science projects now occurring

18 Presenter’s Name Gaps End user attribute release mechanisms Infocards+Cardspace+Higgins+… ARPviewer from Swiss Dynamic metadata protocols

19 Presenter’s Name OpenId A rapidly growing identifier, particularly in the blogosphere and related very low-assurance applications Needs a reputation or trust system Easy for application developers to incorporate Starting to hit hard issues of privacy, attributes, etc. OpenId 2.0 fixes some things, makes others hard, begins to look like “a federation of 1”

20 Presenter’s Name Capabilities of federated identity Real-time delivery of identity and attributes Supports role-based access controls Providing privacy and secrecy Collaboration management platforms

21 Presenter’s Name Real time access controls Delivery of attributes to control points Initially via web browsers and now via web services and a variety of native api’s Rich controls at policy control points ISOC “Identity, Trust and the Internet” will apply identity and trust to a growing suite of Internet RFC’s.

22 Presenter’s Name Relative Roles of Signet & Grouper Grouper Signet RBAC (role-based access control) model Users are placed into groups (aka “roles”) Privileges are assigned to groups Groups can be arranged into hierarchies to effectively bestow privileges Grouper manages, well, groups Signet manages privileges Separates responsibilities for groups & privileges

23 Presenter’s Name Privacy, secrecy and security Privacy via minimal disclosure, user consent and control Secrecy via ability of trusted agency or IdP to provide opaque, auditable identity Security via levels of authentication, reduction of password exposure, provision of attributes

24 Presenter’s Name Collaboration and Federated Identity Two powerful forces being leveraged the rise of federated identity the bloom in collaboration tools, most particularly in the Web 2.0 space but including file shares, email list procs, etc Collaboration management platforms provide identity services to “well-behaved collaboration applications” Results in user and collaboration centric identity, not tool-based identity

25 Presenter’s Name Comanage A collaboration management platform, supported in part by a NSF OCI grant, being developed by the Internet2 community, with Stanford as a lead institution Open source, open protocol Uses Shibboleth, Grouper, and Signet Parallels activities in the UK and Australia

26 Presenter’s Name Comanageable applications Already done Sympa, Federated wikis, Asterisk (open-source IP audioconferencing), Dim-Dim (open-source web meeting), Bedeworks (federated open-source calendar) Immediate targets Rich access controlled wikis Web-based file shares, IM, Google Apps for Education Domain science resources Instruments Grids

27 Federated Wiki Domain Science Grid Domain Science Instrument University AUniversity B Laboratory X Collaboration Management Platform Collaboration Tools/ Resources Application Attributes Home Org & Id Providers/ Sources of Authority Attribute Ecosystem Flows Attribute/Resource Info Data Store Collaboration Management Platform (CMP) and the Attribute Ecosystem Sources of Authority C o Authorization – Group Info Authorization – Privilege Info Authentication People Picker Other Functions manage File Sharing Calendar Phone/ Video Conference Email List Manager

Download ppt "Federated Identity in the Global Landscape. Presenter’s Name Topics Federated identity basics International deployments and issues National, local and."

Similar presentations

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.
The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.
From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…

From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.

Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.
Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,

Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.

Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
Internet Scale Identity, Collaboration and Higher Education.

Internet Scale Identity, Collaboration and Higher Education.
Fed-Ed Dec 08: Updates on Federations Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at.

Fed-Ed Dec 08: Updates on Federations Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
InCommon Policy Conference April 2005. 2 Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
New CyberInfrastructure for Collaboration between Higher Ed and NIH.

New CyberInfrastructure for Collaboration between Higher Ed and NIH.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
Federations and Security: A Multi-level Marketing Scheme Ken Klingenstein Director, Internet2 Middleware and Security.

Federations and Security: A Multi-level Marketing Scheme Ken Klingenstein Director, Internet2 Middleware and Security.
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
Stitching It All Together. Discussion Topics Peering and confederation Privacy principles Working with other sectors Virtual Organizations (VO's) Moving.

Stitching It All Together. Discussion Topics Peering and confederation Privacy principles Working with other sectors Virtual Organizations (VO's) Moving.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Similar presentations

Ads by Google