Topics The simple life The Simple Life GUI The full IdM life

Slides:



Advertisements
Similar presentations
The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.
Advertisements

Federated Identity for Grid Architects Tom Scavo NCSA
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Multi-Organizational Authorization Services RL “Bob” Morgan, University of Washington Internet2/Educause Advanced CAMP Boulder, Colorado July 2003.
Moonshot Workshop 14 th October Introduction to the Day Moonshot Workshop.
Identity Federation: Some Challenges and Thoughts OGF 19 Jan 30, 2007 Von Welch
Internet Scale Identity, Collaboration and Higher Education.
Some Frontier Issues from the Wild, Wild West Ken Klingenstein.
Leading in a new IT environment: Old saws and new technologies.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
Federated A(A(A))I Jens Jensen hepsysman, RAL,
Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.
Maturation & Convergence in Authentication & Authorization Services in US Higher Education: Keith Hazelton, Sr. IT Architect, University.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
InCommon, other federations, the attribute ecosystem, and some killer apps needing guns…
VO and Internet2 Middleware. Presenter’s Name Topics Motivations for Internet2 Middleware work Federated identity and InCommon Other IdM Groups, privileges,
Stuff, including interfederation stuff Dr Ken Klingenstein, Director, Middleware and Security, Internet2.
Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.
Shibboleth for Real Dave Kennedy
Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.
A Role for Libraries in Helping Users Manage Collaboration.
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
Taking Care of Our Core Business: Managing Collaborations Dr. Ken Klingenstein, Senior Director, Internet2 Middleware and Security.
Scared Straight… if you want to go outside… Authenticate Locally, Act Globally.
Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies cru.fr 7th.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Services Information University Project Sentinel Middleware & Identity Management for the Health Sciences Chad La Joie Georgetown University.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Level of Assurance. LOA LOA classic - The strength of the authentication assertion Depends on identity proofing, delivery of credential, repeated act.
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
More Allergic Reactions Some Potential Next Steps Tom Barton University of Chicago.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
~60 staff 1.Collaborators around the world 2.Supports communities of collaborators external to Internet2 3.Community uses wiki, mailing lists, instant.
Federated Identity in the Global Landscape. Presenter’s Name Topics Federated identity basics International deployments and issues National, local and.
IoT Architecture GISFI # 07, Dec 19-22, 2011, New Delhi Organization: NEC Doc No: GISFI_IoT_
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation.
Brown University Leveraging Social Identities Steve Carmody CSG, May 15, 2013.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
CAMP Shibboleth: Next Steps Steve Carmody, Brown University Ann West, Educause/Internet2/Michigan Tech.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.
Authentication and Authorisation for Research and Collaboration Peter Solagna, Davide Vaghetti, et al. Topics for PY2 activities.
Oracle Virtual Directory
Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.
LIGO Identity and Access Management
AAI for a Collaborative Data Infrastructure
Shibboleth Roadmap
OMG, Another Simple, Lightweight Authentication Service???
eduTEAMS platform for collaboration Niels Van Dijk
Employee Authentication Services (EAS)
Some data about the CBIC Federation
BoF: Campus and Federation (and Interfederation) Policy Issues
AARC Blueprint Architecture and Pilots
GridShib: Grid/Shibboleth Integration Update GGF 18 Shibboleth Developers BoF September 10-11, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey,
Identity & Access Management
Guests and Collaborators
A History of the Next Five Years: (the rise of indoor plumbing)
Shibboleth Deployment Overview
TeraGrid Identity Federation Testbed Update I2MM April 25, 2007
The Attribute and the ecosystem
Authorization in UCTrust
Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS.
NSF Middleware Initiative: GridShib
GEANT Data protection Code of Conduct 2.0 REFEDS meeting 16 June 2019
Ukrainian Numbering, Naming and Addressing Operation Center
Presentation transcript:

From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…

Topics The simple life The Simple Life GUI The full IdM life The full IdM Life GUI The attribute economy Living in an attribute economy Make sure the trust fabrics support the assertions

A Simple Life Application access controls (including network devices) Shib User IdP Source of Authority Source of Authority Source of Authority p2p

A Simple Life GUI Application access controls (including network devices) Autograph Shib User Authn IdP Source of Authority Source of Authority Source of Authority p2p

A Full IdM Life Application access controls (including network devices) Shib User IdP Local apps Source of Authority Source of Authority Source of Authority p2p

A Full Life GUI Application access controls (including network devices) Autograph Shib User Authn IdP Local apps Signet/ Grouper Source of Authority Source of Authority Source of Authority p2p

Real Life Application access controls (including network devices) Shib Source of Authority Application access controls (including network devices) Source of Authority Portal Gateway Shib Source of Authority Proxy Source of Authority IdP User Source of Authority Source of Authority Source of Authority Source of Authority p2p

An Example Flow in the Attribute Economy Source of Authority Application access controls (including network devices) VO Service Center IdP Gateway Shib Source of Authority IdP User Source of Authority Source of Authority Source of Authority Source of Authority p2p

Application access controls (including network devices) Portal Shib Autograph User Authn IdP S/G S/G Source of Authority p2p Source of Authority

A VO Service Center Flow Application access controls (including network devices) Source of Authority Shib S/G Autograph User Authn IdP S/G S/G Source of Authority p2p Source of Authority

Inviting Attributes into your life… For privacy and secrecy For better security For efficiency

Peering

Possible peering parameters LOA Attribute mapping Economics Liability Privacy

VOs plumbed to federations

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.