EduGAIN Code of Conduct Workshop, 2012-02-09, Brussels GEANT eduGAIN Data Protection "Code of Conduct" Workshop Dieter Van Uytvanck

Slides:

Advertisements

Similar presentations

Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki Mikael Linden, CSC – IT Center for Science

Advertisements

CLARIN AAI, Web Services Security Requirements

Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC May 2014 Dublin.

Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) FIM for research collaboration workshop Mikael Linden,

User Attributes; who, where, how many? Daan Broeder TLA – MPI for Psycholinguistics.

Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Remote Assistance  Using this program you can allow someone to work on your computer, chat with you and view your screen with your permission  The other.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

SWITCHaai Team Federated Identity Management.

AAI with simpleSAMLphp

Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

The ReFEDS/GÉANT Code of Conduct (CoC) An Approach to Compliance with the EU Data Protection Directive Steve Carmody April 23, 2012.

CLARIN and the Humanities Daan Broeder The Language Archive – MPI for Psycholinguistics CLARIN EU/NL Workshop on Federated Identity Management CERN, June.

Michal Procházka, Jan Oppolzer CESNET.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

CLARIN Infrastructure Vision (and some real needs) Daan Broeder CLARIN EU/NL Max-Planck Institute for Psycholinguistics.

RDN Enhancements Dear Customers, RDN is happy to announce our next release, scheduled to go into production on June 25, Below is a list.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

The I-Trust Federation: Federating the University of Illinois Keith Wessel Identity Management Service Manager University of Illinois at Urbana-Champaign.

FIM, , Nijmegen CLARIN: status of FIM Dieter Van Uytvanck 1.

Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.

PerfSONAR developer workshop - Zagreb, 7 th -9 th April AuthN and AuthR Where we have come from… Where we are going to… Cándido Rodríguez

Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.

Campus Identity Management Requirements (=IAP) REFEDs meeting Mikael Linden,

Federated Identity Management IG FIM4R CLARIN pilot – progress report Menzo Windhouwer (CLARIN ERIC, Meertens Institute)

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

GDB July 2015 Jeremy’s quick summary notes Also refer to the meeting minutes

Innovation through participation eduGAIN interfederation service for research and education Cern FedID workshop in RAL, UK 2-3 Nov 2011 Mikael Linden,

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.

Innovation through participation eduGAIN policy: A worm report TF-EMC2 Vienna Mikael Linden, CSC The worm farmer.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Authentication and Authorisation for Research and Collaboration Mikael Linden AARC all hands Milan Authentication and Authorisation.

Authorization and Authentication Infrastructure Daan Broeder & Dieter Van Uytvanck Max Planck Institute for Psycholinguistics

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Clain update TF-EMC Mikael Linden, CSC.

Example Use Case for Attribute Authorities and Token Translation Services Jens Jensen, EUDAT/AARC/STFC.

EResearchers Requirements ELIXIR AAI Workshop Presenter: Mikael Linden (ELIXIR AAI-TF)

June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.

EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No B2ACCESS LSDMA.

Understanding deployment issues on the Supply Chain Ann Harding, SWITCH, Nicole Harris, TERENA Cambridge July 2014.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

A uthentication & A uthorization for R esearch & C ollaboration Pilots in SA1 Paul van Dijk, SURFnet AARC.

Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team

Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.

Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,

Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.

AAI needs of the Distributed Computing Infrastructures - CLARIN Dieter Van Uytvanck Max Planck Institute for Psycholinguistics

David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.

Networks ∙ Services ∙ People Marina Adomeit TNC16 Conference, Prague Towards a platform for supporting collaboration GÉANT VOPaaS

Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.

Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.

Innovation through participation Data Protection Code of Conduct (DP CoC) TNC2013 conference, 4 June 2013 Mikael Linden, CSC – IT Center for Science

eduTEAMS platform for collaboration Niels Van Dijk

Identity Federations - Overview

Géant-TrustBroker Dynamic inter-federation identity management

AAI Alignment Nicolas Liampotis (based on the work of Mikael Linden)

CLARIN Federated Identity Vision

GÉANT 4-2 JRA3 T1 and T2 Federations and Campus (CaFe) e-Infrastructures and Service Providers (RASP) Daniela Pöhn JRA3 T1 LRZ/DFN-AAI Technology Exchange.

Thursday pilot session: 7-minutes

AAI For Researchers Licia Florio AARC Project Coordinator GÉANT DI4R

AARC Blueprint Architecture and Pilots

eduPersonAffiliation semantics – a spin-off of eduGAIN policy

Björn Erik Abt :: Paul Scherrer Institut

GEANT Data protection Code of Conduct 2.0 REFEDS meeting 16 June 2019

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

eduGAIN Code of Conduct Workshop, , Brussels GEANT eduGAIN Data Protection "Code of Conduct" Workshop Dieter Van Uytvanck Brussels 1

eduGAIN Code of Conduct Workshop, , Brussels We, the Service Providers CLARIN SPs – DARAH SPs More general: DASISH community EUDAT community 2

eduGAIN Code of Conduct Workshop, , Brussels German IDF Dutch IDF Finish IDF … User Depositor EU IDF (GEANT/eduGain) CLARIN ERIC CLARIN Service Provider Organization CLARIN SPs

eduGAIN Code of Conduct Workshop, , Brussels The ideal world… 4

eduGAIN Code of Conduct Workshop, , Brussels Identity Provider Service Provider Discovery Service 3. User selects IdP 5. User enters credentials

eduGAIN Code of Conduct Workshop, , Brussels Back to reality Main problems: Not enough (worst case: no) attributes are released Opt-in at the side of the Identity Providers No support for “exotic” SAML profiles like ECP at the side of the providers 6

eduGAIN Code of Conduct Workshop, , Brussels Identity Provider Service Provider Discovery Service 3. User selects IdP 5. User enters credentials

eduGAIN Code of Conduct Workshop, , Brussels Identity Provider Service Provider Error "Universiteit van Tilburg" is not in the list of organisations that have requested access for the service "CATALOG (CLARIN)". If you require access you need to contact your organization's ICT department regarding this service; when they agree, they can contact SURFfederatie to include your organization in the list. Error "Universiteit van Tilburg" is not in the list of organisations that have requested access for the service "CATALOG (CLARIN)". If you require access you need to contact your organization's ICT department regarding this service; when they agree, they can contact SURFfederatie to include your organization in the list.

eduGAIN Code of Conduct Workshop, , Brussels University ICT dept. Faculty ICT dept. Research Group ICT dept. But which ICT department?

eduGAIN Code of Conduct Workshop, , Brussels And what to ask for? From: To: Re: Component Registry Dear support team, I would like to access the CLARIN component registry but get an error message: "Universiteit van Tilburg" is not in the list of organisations that have requested access for the service "CATALOG (CLARIN)" What should I do now? Best regards, Christian

eduGAIN Code of Conduct Workshop, , Brussels … to summarize Logging in to an SP for the first time: Takes a while (asking for permission!) Depends on a non-standardized workflow Depending on the reaction of the researcher Depending on the reaction of the IT helpdesk Adds to the bureaucratic burden that AAI was supposed to address Takes more effort for the user than creating a new ad-hoc account Scalability problem: many SPs and IdPs (CLARIN e.g. – S * I times permission requests)

eduGAIN Code of Conduct Workshop, , Brussels Exotic SAML profiles CLARIN and DARIAH want to use web service trust delegation This has been tested by DARIAH and works … … but depends on the IdP, who has to configure the ECP SAML profile correctly

eduGAIN Code of Conduct Workshop, , Brussels Summarizing our needs Less problematic attribute release policy (eduGAIN code of conduct = good initiative!) Get rid of opt-in for IdPs Try to configure the ECP profile by default at the side of IdP

eduGAIN Code of Conduct Workshop, , Brussels Temporary workaround For CLARIN: the CLARIN IdP In practice: running our own federation Not what we want to do! Gold standard for attributes: eduPersonPrincipleName (EPTID) Common name Organisation (schacHomeOrganisation) Mail eduPersonScopedAffiliation

eduGAIN Code of Conduct Workshop, , Brussels Practical questions about CoC What about trust delegation? Web service A calls web service B on behalf of user X How long can a Service Provider store attributes?