1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Slides:



Advertisements
Similar presentations
Secure Single Sign-On Across Security Domains
Advertisements

Lousy Introduction into SWITCHaai
Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.
Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.
U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.
Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.
EAuthentication in Higher Education Tim Bornholtz Session 58.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
E-Authentication: The Need for Open-Standards in Implementing E-Government October 6, 2004 The E-Authentication Initiative.
1 Conservation Transaction Plug-In (CTP) Tool Overview March 23 & 25, 2010 Tim Pilkowski State Conservation Agronomist Annapolis, MD USDA is an equal opportunity.
The InCommon Federation The U.S. Access and Identity Management Federation
Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco.
1 Web Services and E-Authentication Adele Marsh, AES Charlie Miller, RIHEAA Session 35.
1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.
Session 52 Security Architecture – What Does It Mean Katie Blot Nina Colon.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
TUESDAY, 4:00 – 4:20PM WEDNESDAY, 4:00 – 4:20PM Douglas Hill, NHIN Implementation Lead (Contractor), Office of the National Coordinator for Health IT Vanessa.
Tech Terminology for non-technical people Tim Bornholtz 2006 Annual Conference.
1 NCHELP Update Common Record for FFELP & Alternative Loans Meteor The High Performance Channel.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
Shibboleth: An Introduction
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
State of e-Authentication in Higher Education August 20, 2004.
E-Authentication in Higher Education April 23, 2007.
The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.
Federated Identity in Texas Paul Caskey The University of Texas System HEAnet National Conference Kilkenny, Ireland 13 November 2008.
1 E-Authentication and Web Services Charlie Miller, RIHEAA.
E-Authentication & Authorization Presentation to the EA2 Task Force March 6, 2007.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Project Presentation to: The Electronic Access Partnership July 13, 2006 Presented by: Tim Cameron, Meteor Project Manager The.
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.
Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
SEPARATE ACCOUNTS FOR PROSPECTS? WHAT A HEADACHE! Ann West Assistant Director, InCommon Assurance and Community Internet2 at Michigan Tech.
The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop.
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.
USDA/STATE AGENCY MEETING U.S. Department of Agriculture Food and Nutrition Service November 2, Sarah Smith-Holmes, National Office Shannon Jones,
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Secure Single Sign-On Across Security Domains
GEOSS Federated Single Sign-On
Shibboleth Roadmap
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
U.S. Federal e-Authentication Initiative
Tim Bornholtz Director of Technology Services
HIMSS National Conference New Orleans Convention Center
Appropriate Access InCommon Identity Assurance Profiles
“Real World” METEOR Implementation Issues
NCHELP Update Common Record for FFELP & Alternative Loans Meteor
Presentation transcript:

1 eAuthentication in Higher Education Tim Bornholtz Session #47

2 What is the problem? We all have different passwords to many different systems. We should be able to log in once and use those credentials as we move from site to site. Must be able to securely pass credentials without compromising passwords.

3 Transitive Property of Equality If a = b and b = c, then a = c Note: This is a property of equality and inequalities. One must be cautious, however, when attempting to develop arguments using the transitive property in other settings.

4 Mathematics and Trust A trusts B and B trusts C. Does this mean that A will trust C? These trust relationships can only go so far. We probably would not trust a friend of a friend of a friend of a friend. There are not indefinite levels of trust. The boundaries of your trust make up the Federation.

5 Federations A Federation is a group of organizations that have agreed to trust each other. All members of the Federation trust all other members within the Federation. Separate agreements with each and every member not necessary.

6 Rules of a Federation Members agree to abide by rules of the Federation. Each Federation has some sort of “steering committee” that decides on the rules: –Legal rules – who can participate and what can they do within the Federation. –Technical rules – technical infrastructure and specifications necessary to communicate with other Federation members.

7 So what is eAuthentication? eAuthentication is a Federation of US government agencies and private sector organizations. GSA is coordinating the Federation –Determined the legal policies required for joining the network. –Specified the technical requirements to participate.

8 How do Federations work? Security Assertion Markup Language (SAML). Security authentication statements are passed as XML from one provider to the next. Passwords are never sent across the wire. Assertions are signed with XML signatures and verified as valid participants within the Federation.

9 Some Current Federations Shibboleth based federations (InCommon) ‏ Federal Government (eAuthentication) ‏ Meteor

10 Shibboleth Shibboleth is an Open Source Web Single Sign On system Currently supports SAML 1.0 and 1.1 Shibboleth 2.0 in Open Beta –Supports SAML 2.0 –Interoperable with many other SAML 2.0 compliant products

11 InCommon A federation of higher education and research institutions in the U.S. Uses Shibboleth as its federating software. Membership continues to grow –Currently over 60 participants. –Serving over 1.3 million end users.

12 InCommon and eAuthentication December 2006 InCommon demonstrated federated access to National Institutes of Health (NIH), by two campuses GSA has reiterated that interfederated interoperability with InCommon is a high priority

13 Other Shibboleth Based Federations FEIDE – Norway –Educational sector in Norway. HAKA Federation – Finland –Identity federation of Finnish universities, polytechnics and research institutions SDSS – United Kingdom –Federation for managing access to UK academic online resources SWITCH – Switzerland –Eleven universities - more than 140,000 users –More than 80 resources - primarily in the field of e- learning

14 Federal Student Aid Shibboleth as a relying product was chosen by Federal Student Aid as the primary solution for E-Authentication. eCampus Based will be the first application to be E-Authentication enabled. Integrate E-Auth Solution (Shibboleth) into Federal Student Aid Security Architecture. Utilize Federal Student Aid Security Architecture TAM LDAP.

15 Federal Student Aid Status Received official sign off and acceptance testing report from GSA. Awaiting hardware at Perot VDC. Inter-System testing in progress. Go Live date scheduled for December 2007.

16 Meteor Network Meteor is an Open Source application that aggregates student financial aid. information from multiple sources Meteor 3.3 available for testing September 15. Production availability December –Technical enhancements to increase security and auditing. –Usability enhancements based on extensive customer feedback.

17 Meteor Technical Infrastructure Uses SAML assertions to convey authentication information. Assertion is signed with XML signatures. Each request is also signed with XML signatures. Uses central Index Providers to determine optimal locations of data. Data Providers access real-time backend systems for up to date information.

18 Implementation Roadmap How to join a federation. Define the business problem. –Make sure you understand the business problem you are solving. Get started with legal process as soon as possible. –May take up to 18 months for internal legal approval. Technology is not complicated.

19 Federation Concerns Policy determination and enforcement –Who makes the rules? How are they modified? Provider eligibility –What is the scope of the federation? Security and privacy –Technologies used. –Appropriate policies in place. Removal from the network –What are the legal and political ramifications?

20 Lessons Learned The policy work is much harder than the technical work. The legal staff at every member will need to review the policies. All members will need to be educated: –Why federations work –Why they are secure

21 Summary I appreciate your feedback and comments. I can be reached at: Name:Tim Bornholtz Phone: Web:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.