Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

Slides:

Advertisements

Similar presentations

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

Advertisements

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

Joint CASC/CCI Workshop Report Strategic and Tactical Recommendations EDUCAUSE Campus Cyberinfrastructure Working Group Coalition for Academic Scientific.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

SLN to Open SUNY Task Force on Postsecondary Online Education in Florida Carey Hatch – Associate Provost Academic Technologies and Instructional Services.

The Digital Preservation Network at UT Austin Chris Jordan Texas Advanced Computing Center.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Introduction to Environmental Management Systems (EMS) Environmental Health & Safety Environmental Protection Program

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University

1 Governance in Identity Management Federations Clair Goldsmith, Ph.D. The University of Texas System Administration.

1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.

Promoting Objectivity in Research by Managing, Reducing, or Eliminating Conflicts of Interest UT HOP UT HOP The University of Texas at Austin.

Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)

2/22/2007 TAG Point Persons 1 Seeing the Big Picture of Ohio’s Articulation and Transfer Initiative TAG Point Person Meeting Columbus State Community College.

Identity and Access Management PM COP Forum May 20, 2014Tuesday10100 AMLamont Library.

Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.

UNM and Health System Internal Audit Departments Internal Audit Department Orientation Manu Patel, Internal Audit Director Purvi Mody, Executive Director,

1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

Identity Management Practical Issues Associated with Sharing Federated Services UT System Identity Management Federation William A. Weems The University.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

1 Emergency Alerts as RSS Feeds with Interdomain Authorization Filippo Gioachin 1, Ravinder Shankesi 1, Michael J. May 1,2, Carl A. Gunter 1, Wook Shin.

E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.

FEDERATIONS Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO September 27,

Federations 101 John Krienke Internet2 Fall 2006 Internet2 Member Meeting.

Lighting the Next-Generation Network Across Texas an update on the project _________________________ ___________ Jim Williams.

1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.

Internet 2 Weaving a Trust Fabric Shibboleth & PKI Spring 2003 Barry R Ribbeck University of Texas Health Science Center at.

HiPCAT, The Texas HPC and Grid Organization 4 th DOSAR Workshop Iowa State University Jaehoon Yu University of Texas at Arlington.

Identity Management Practical Issues Associated with Sharing Federated Services William A. Weems The University of Texas Health Science Center at Houston.

Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.

Federations Penn State Case Study Renée Shuey Senior Systems Engineer ITS – Emerging Technologies October 13, 2003.

The UK Access Management Federation John Chapman Project Adviser – Becta.

Shibboleth Trust Model Shibboleth/SAML Communities (aka Federated Administrations) Club Shib Club Shib Application process Policy decision points at the.

Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.

PKI Policy Determination Process Input from PKI Decision Process PKI Policy Determination Process Application(s) Workflows Players.

E-Science Security Roadmap Grid Security Task Force From original presentation by Howard Chivers, University of York Brief content:  Seek feedback on.

Origins: The Requirements of Participating in Federations CAMP Shibboleth June 29, 2004 Barry Ribbeck & David Wasley.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.

SEPARATE ACCOUNTS FOR PROSPECTS? WHAT A HEADACHE! Ann West Assistant Director, InCommon Assurance and Community Internet2 at Michigan Tech.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

A Shared Commitment to Digital Preservation and Access.

1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.

1 David C. Kibbe, MD MBA DirectTrust Collaborating to Build the Security and Trust Framework for Direct Exchange June 20, 2013.

Blackboard Learning System r6 and Shibboleth Barry Ribbeck U.Texas Health Science Center at Houston Christopher Etesse Blackboard Inc.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

University of Texas System

HIMSS National Conference New Orleans Convention Center

Fed/ED December 2007 Jim Jokl University of Virginia

Presentation transcript:

Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston

Context Definitions Target: A federation member offering resource(s) Origin: A federation member requesting access to resources in exchange for asserted information Member: An entity agreeing to abide by the policies governing the federation

Potential Need for Federation(s) UT Information Security UT Austin Define System UTHSC-Houston Blackboard resource UTMB Center for bio-terrorism research Texas Medical Center – Houston collaborative efforts (17 physical institutions, 44 external institutions with hundreds of business partner relations per institution. Houston Higher Ed: UT-HSCH, Rice, A&M, Baylor, U of H, Texas Southern, HCC, Houston Baptist, U of St. Thomas, UT-MDACC

UT Infosec UT – A state agency with 17 component parts geographically dispersed across the state of Texas operating independently. Information Security (Infosec) is a cross institutional group charged with sharing information regarding security related issues and coordinating security related communications between institutions. All UT components operate under a common PKI, so a trust fabric exists Already committed to using Shibboleth as infrastructure exists to support it

UT Austin Define System A legacy mainframe application with extensive web front end development, used by multiple UT institutions within the state. Contains financial, student and other sensitive data. Austin is considering re-vamping their Authentication/Authorization (AA) process for this web based application as well as for the campus in general Austin no longer wants to support Identification and Authorization (I&A) for external components accessing this application.

UTHSCH-Houston Blackboard Houston has satellite programs dispersed around the state. Most of these programs involve faculty and students at other UT institutions. Currently, non-UTHSCH users utilizing the Houston Blackboard Course Management System resource require a guest account. Once the infrastructure is in place, it will allow courses offered at Houston to scale beyond the UT virtual boundaries. Planned deployment in Q1 2004

UTMB bio-terrorism facility UT Medical Branch in Galveston is building a level 4 biological research lab They are a candidate for a federal bio- terrorism facility How do we ensure security and access control to information that will be made available to collaborators inside and outside of the state?

Texas Medical Center 17 institutions operating independently with a 4 square mile area Largest medical center in the world Many of the faculty and providers are cross institutional affiliates. Hippa is forcing US to change the way we distribute non-mainstream health information (SMIME/Web) between institutional providers

Houston Higher Ed Many Institutions of higher learning Many resources (library resources) shared both locally and state wide Programs currently exist to allow students from one institution to take for credit courses at other institutions and pay for those courses locally.

Why does a Federation exist? To provide a venue and policy structure(s) for enterprises with common needs to access or provide digital resources securely while leveraging a common trust fabric. To provide assurance of compliance with policy of the trust fabric to relying parties. To enforce the polices of the Federation

Why does an Origin Join a Federeration? To provide a mechanism for its users to access external resources offered via the Federation thereby extending the utility of its internal resources in a scalable fashion To leverage the scale provided by a trust fabric and reduce the number of 1 to 1 Relying Party Agreements.

Why does a Target join a Federation? To provide access to resources of interest to a larger community with some level of control and accountability. To leverage the scale of a shared trust fabric and reduce the number of 1 to 1 Relying Party Agreements.

Why a another federation? Federations membership is based on the needs of the constituents. Target requirements and Origin requirements may not match nicely with RPA in a more generalized Federation. Will targets that require a high LOA for I&A be satisfied with an assertion of how authenticated? When Target and Origin are “close” within a federation and the applications are mission critical why outsource the federation when they are already supporting the ends. It may be easier to establish a “local” federation as policies within a community may already exist (PKI).