INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Slides:

Advertisements

Similar presentations

PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.

Advertisements

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

Your Technology Is Connected. Are You? Your technology doesn’t exist in a vacuum. Welcome to the networked and interconnected technology ecosystem where.

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

InCommon and Federated Identity Management 1

NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

(Rev 1/11) UW System Identity and Access Management (IAM) Current Status and Roadmap Tom Jordan, IAM-TAG Chair Ty Letto, IAM Support Team Manager January,

SWITCHaai Team Federated Identity Management.

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.

InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb

Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.

Internet 2 Corporate Value Proposition Stuart Kippelman (J&J) Jeff Lemmer (Ford) December 12, 2005.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.

Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

The National Science Digital Library & Shibboleth.

Microsoft Partner Program Overview. Agenda Microsoft Partner Program Overview Partner Program Benefits Competency Requirements.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Services Information University Project Sentinel Middleware & Identity Management for the Health Sciences Chad La Joie Georgetown University.

The UK Access Management Federation John Chapman Project Adviser – Becta.

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

Internet2 and Cyberinfrastructure Russ Hobby Program Manager,

6 February 2004 Internet2 Priorities 2004 Internet2 Industry Strategy Council Douglas Van Houweling.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

AUSTRALIAN ACCESS FEDERATION. Who we are Shared service for R&E Provide the trusted authentication framework for:  Universities  Education  Research.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.

Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

© Copyright AARNet Pty Ltd PRAGMA Update & some personal observations James Sankar Network Engineer - Middleware.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Federated Wireless Network Authentication Kevin Miller Duke University Internet2 Joint Techs Salt Lake City February, 2005.

Trust and Identity Infrastructure Services Above the Network Ann Harding, SWITCH/GÉANT UbuntuNetConnect 2014.

Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,

1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)

Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.

A Shared Commitment to Digital Preservation and Access.

Project Moonshot Daniel Kouřil EGI Technical Forum

Open Collaboration Exchange Alexander Blanc, Niels van Dijk, Jocelyn Manderveld, Remco Poortinga - van Wijnen VAMP 2013, Espoo.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC CORBEL Workshop The AARC Project Paris, 31 May.

THE VALUE PROPOSITION FOR IDENTITY FEDERATIONS APAN 41 – TF-IAM 27 January 2016.

Networks ∙ Services ∙ People Marina Adomeit TNC16 Conference, Prague Towards a platform for supporting collaboration GÉANT VOPaaS

THE CAMPUS IDENTITY SYSTEM Lucy Lynch, NSRC. Learning Objectives Discovering the key role campus networks play in trusted identities for R&E Authoritative.

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

WACREN EduID Fostering Identity Federations in West and Central Africa 3rd Sci-GaIA Workshop Dar es Salaam, Tanzania – 5 th September Omo Oaiya.

Introduction to AAI Services

Innovative Solutions from Internet2

InCommon Steward Program: Community Review

ESA Single Sign On (SSO) and Federated Identity Management

Baseline Expectations for Trust in Federation

Presentation transcript:

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC

Learning Objectives Why identity management is important, and what federations have to offer How to bring identity management and identity federation to your campus or region How identity federation can enable campus services and research How to build a business model that in support of identity federation on your campus What policies and operational practices you need to have in place How to engage with the global R&E community

What Is Identity Federation? “a common framework for trusted shared management of access to on-line resources” InCommon “...identities from one organisation may use Shibboleth [or another authentication service] to gain federated access to services hosted by another organisation. Membership of a federation places obligations on members which allow members to trust identity assertions provided by other members.” JISC

Building Blocks of Federation AttributesIdentity Provider / Service ProviderDiscoveryFederation ToolsMetadataPolicy

Who Benefits? Students and Researchers more collaboration opportunities potential access to more resources and data Students and researchers more efficient utilization of resources easier research collaboration – can be setup within hours rather than days/weeks easier to share or move data between sites/nodes - where relevant The research community

Who Benefits? The Campus a solidly branded institutional identity which improves the overall reputation of the organization a stronger security profile for the network an ability to logically budget for the network based on actual data (who is on the system, how quickly is it growing, where are the bottlenecks) fewer bilateral contracts; more organizations can function under a common framework The campus or institution “Identity federation participants could spend time establishing operating principles, technology hooks, and agreed-upon data exchange elements with each partner; or they could do it once through the federation and then leverage these common elements for many relationships.” -- InCommon

Benefits/Compelling Reason to Act Authentication-related calls to Penn State University’s helpdesk dropped by 85% after they installed Shibboleth Reduces work Studies of applications that maintain user data show that the majority of data is out of date. Are you “protecting” your app with stale data? Provides current data In FIM data is pushed to services as needed. If those services are compromised the attacker can’t get everyone’s data. Insulation from service compromises Only the IdP needs to be able to contact user data stores. All effort can be focused on securing this one connection instead of one or more connections per service. Minimize attack surface area

What Are Some Compelling Service Possibilities? eduroam eduGAIN digital libraries licensed software Learning Management Systems Wikis Cloud service providers supporting research and education Researchresearch.com Qualtrics AWS Research Grants

What do Federations do? At a minimum a federation maintains the list of which IdPs and SPs are in the federation Most federations also Define agreements, rules, and policies Provide some user support (documentation, list, etc.) Operate a central discovery service and test infrastructure Some federations Provide self-service tools for managing IdP and SP data (Resource Registry) Provide application integration support Host or help with outsourced IdPs (IdP in the Cloud, hosted IdP Provide tools for managing "guest" users Develop custom tools for the community

How to Make Federated Identity Work Start with establishing campus identity systems Base-level requirements: centralized campus or institution identity store (e.g., database, LDAP directory) documented policies regarding the life cycle of organizational identity a business model for ongoing development and support

Additional Reading Material “Ready the Pipes” – Campus Technologies. the-pipes.aspx the-pipes.aspx “Lowering costs of identity proofing by federated identity management” – Swedish Alliance for Middleware Infrastructure. dm_roi.pdf dm_roi.pdf “Identity Management Toolkit” – JISC /Home /Home

The NSRC cultivates collaboration among a community of peers to build and improve a global Internet that benefits all parties. We facilitate the growth of sustainable Internet infrastructure via technical training and engineering assistance to enrich the network of networks. Our goal is to connect people.