Stuff Ken Klingenstein. Four pieces of stuff Federation soup Cormack slides on EU (and US) privacy NIH-InCommon International federation.

Slides:



Advertisements
Similar presentations
The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.
Advertisements

Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.
Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
DOCUMENT #:GSC15-PLEN-08 FOR:Presentation SOURCE:ISACC AGENDA ITEM:Opening Plenary (4.5) CONTACT(S):Jim MacFie ISACC Activities Since GSC-14 Jim MacFie.
FIM-ig Federated Identity Management Interest Group.
SWITCHaai Team Federated Identity Management.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
US NITRD LSN-MAGIC Coordinating Team – Organization and Goals Richard Carlson NGNS Program Manager, Research Division, Office of Advanced Scientific Computing.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Stuff Ken Klingenstein. Stuff sack InCommon Stuff Infocard, Open Id, etc… Federation soup Cormack slides on EU (and US) privacy International.
The InCommon Federation The U.S. Access and Identity Management Federation
Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.
11-July-2011, SURFnet Heather Flanagan, COmanage Project Coordinator Benn Oshrin, COmanage Developer Scott Koranda, U. Wisconsin – Milwaukee and LIGO.
Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
The ReFEDS/GÉANT Code of Conduct (CoC) An Approach to Compliance with the EU Data Protection Directive Steve Carmody April 23, 2012.
SAML Right Here, Right Now Hal Lockhart September 25, 2012.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Identity Federation Policy Marina Vermezović, AMRES Federated Identity Technology Workshop Sofia, Bulgaria, 20. Jun 2014.
Federated Identity: What It Brings to Open Government Dr Ken Klingenstein Director, Internet2 Middleware and Security.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Stuff, including interfederation stuff Dr Ken Klingenstein, Director, Middleware and Security, Internet2.
1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
The UK Access Management Federation John Chapman Project Adviser – Becta.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Copyright JNT Association 2009GN3, 8 th September Inter-Federation Agreements eduGAIN and beyond? Andrew Cormack Chief Regulatory Adviser, JANET(UK)
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.
Federated Identity in the Global Landscape. Presenter’s Name Topics Federated identity basics International deployments and issues National, local and.
Growth. Interfederation PKI is globally scalable Unfortunately, its not locally deployable… Federation is locally deployable Can it.
Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Networks ∙ Services ∙ People Nicole Harris UK federation meeting eduGAIN, REFEDS and the UK 23 June 2015 Project Development Officer GÉANT.
The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Progress Report on the U.S. NSTIC Efforts Jack Suess – Delegate for Research, Development, Education & Innovation
IPDA Architecture Project International Planetary Data Alliance IPDA Architecture Project Report.
Networks ∙ Services ∙ People Andrea Biancini #TNC15, Porto, Portugal Implementing Grouper to federate user authorization Federated Authorization.
Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.
Designing Identity Federation Policy, the right way Marina Vermezović, Academic Network of Serbia TNC2013 conference 4 May 2013.
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Shibboleth Roadmap
InCommon Steward Program: Community Review
TF-EMC2 meeting Mikael Linden,
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Stuff Ken Klingenstein.
Policy and Best Practice … in practice
Context, Gaps and Challenges
Presentation transcript:

Stuff Ken Klingenstein

Four pieces of stuff Federation soup Cormack slides on EU (and US) privacy NIH-InCommon International federation & Liberty Alliance ISOC and Identity and trust

Federation Soup: An Assembly of Ingredients

Welcome to the kitchen A bit of context Goals and outcomes Overview of agenda Some other agendas Who we are in the room – some stories Reference terminology

A bit of context A very brief history of federating software An even briefer history of federations Interfederation interactions of peering and soup of technology and policy of identity providers and service providers outside our sector…

Federating software Shibboleth project formation - Feb 2000 OASIS starts SAML work; linkages with Shib established Dec 2000 Architecture and protocol completion - Aug 2001 Release dates: Shib alpha1 April 2002, OpenSAML July, 2002, Shib v1.0 April 2003 SAML TC evolved a fusion of Liberty, Shib and SAML into SAML 2.0 Nov 2005 Microsoft-led business consortium develops WS-*, including WS-Fed,

A brief history of federations Federations at national levels in several countries, beginning with a variety of protocols and converging on SAML Federations form along natural relationships – state university systems, state educational agencies, regional optical networks,… Federations in the business context begin as 1-1 (outsourced services, like accounting) and sometimes grow into hub and spoke (e.g. automobile industry) Other types of identity federations exist in pockets (e.g. federated PKI roots for IGTF)

Why we are here: Interfederation Interactions Peering and soup Service providers often belong to multiple federations; some identity providers are being asked to join several federations Federal government interactions happening, but not as first anticipated Virtual organizations are now presenting real use cases that require international federation interactions Other sectors keenly watching us

Workshop Goals and Outcomes Inform specific efforts fostering of local federations blending of local federations with national ones minimizing challenges down the road through some up-front consensus and coordination (ala federation best practices) international peering/soup Exchange governance and organizational approaches Understand businesses and business models Establish ongoing mechanisms for communication and coordination Grow community

Overview of Workshop Agenda Monday Identifying the ingredients Talking soup BoF’s Tuesday Making soup Affinity groups Wednesday Tasting the soup Next steps

Some other agendas Getting to know each other And finding affinity groups Maximal discussions Minimal powerpoint

Some soup dimensions Alignments – LOA, attributes, user experience Legal models – Dispute Resolution, Indemnification, etc Business models – Operator, Source of funds, Services offered, Communities served Privacy management and international issues

Alignments Level of assurance – for strength of authentication Attributes – for conveying authorization information, preserving privacy, etc User experience – large multiplier…

Possible business opportunities Trust For identity management For ?? Content distribution, ala BBC Operate collaboration management platforms Circulate related metadata VO stuff (Schema, arps) ? Training

Some stories International tales – Edupass.ca, UK Federation, Swami InCommon State and system activities UCOP, UNC, Clair Spices and salt DOEgrids, Great Plains, Farmfed

Who we are in the room – some stories Communities served Purpose of federation Organizational and business approaches One thing that has been surprising…

Reference terminology Terms vary in meaning by country and context Shelf life of terms, especially policy and business ones, may be short It’s ratholes all the way down…

Thanks To the Shibboleth crew To the federation workers To all of you For the time you’ve taken For tolerating an overdone metaphor For the consequence we may have

Federation Soup: Out of the Kitchen…

Topics Use cases Federations.org SAML-rama Peering frameworks Next steps

Motivation St. Mary’s of the Plains wanting access to StudentUniverse Does a commercial SP have to join every federation? Overlapping US federations, with different membership criteria Where/how do we reach agreement on: Attribute mapping Identity Assurance mapping Common approaches, in order to avoid mapping... Do other communities need standardized attributes? How do they do that? Can we help?

More questions How do VOs fit into the federation picture? How do US sites handle international partners, respecting privacy laws, etc. What can the national level federations do to simplify this process (signed agreements, policy alignment, etc.) Logging and audit in a federated space What types of businesses are proper work for federations Home for the homeless, alumni and OpenIds Migrations from other technologies

More use cases LIGO and OOI WUN MUSE NIH and NSF Spaces wiki

Federations.org Interfederation of national R&E federations More peering than soup Possible activities Reference point for new national federations Aggregation of common materials Triage for SP’s that want to learn how to deal with multiple federations Assist in taking the federation template doc to RFC status IDABC and EU Article 29 coordination Successor to Refeds (

International Activities A summary of discussions among R&E networks, including a survey of national efforts Excellent policy analytics, especially around international issues of privacy, peering, and attributes TransEuropean activities in IdM for use among citizens, governments, and businesses

IDABC, EU Article 29, Concordia Issues IDABC The pluses and minuses of gateways between SAML federations EU Article 29 Liberty attributes and PII EPTID Concordia End-end use cases in federated identity intended to highlight gaps in protocols, schema, etc

SAML-rama The meeting right after this… Developing a spec for a metadata profile Addresses some of the critical technical issues in interfederation

Peering Parameters Parameters: LOA Attribute mapping Legal structures Liability Adjudication Metadata VO Support Economics Privacy

Peering frameworks JISC Member-Federated Operator analysis Feasability of cross-federation EAuth-InCommon peering corpse Kalmar Union JISC template for inter-federation

UK Bilateral Interfederation Template Purpose, scope and limits of agreement Entity assurance Member-operator behavior Problem resolution Member-member behavior Interfederation infrastructure

Major Sections Introduction (parties, nature of agreement, …) Background (context, terminology, …) Scope of the Agreement Rights and Obligations of the Parties (see next) Dispute Resolution Financial Considerations Limitation of Liability Special Considerations (communications, implementation, technical issues) Suspension or Termination

Responsibilities of Parties 1. Ensure proper operation of federation operator according to documentation 2. Evaluate ISPs for conformance with defined identity assurance standards 3. Provide the other Party information about new federation members 4. Provide the other Party accurate metadata for federation members 5. Make federation metadata available to the other Party 6. Notify the other Party of changes to federation member requirements 7. Notify the other Party of federation inability to comply with its obligations 8. Coordinate with the other Party with respect to federation changes 9. Require transaction logs be kept by federation members for at least 6 months 10. Coordinate problem resolution with the other Party 11. Work with the other Party to resolve technical or operational problems 12. Respond to requests from the other Party for information about the federation 13. Notify the other Party in case of non-compliance with this agreement

Kalmar Union Common terminology Rules Privacy and Security Technology Change control User Interface

Terminology & Rules Who? What? Who does what to whom?

Privacy and Security PII baseline Explicit tie-in with EU PI directive Delegate responsibility for 95/46/EC

Technology & Standards Gory details in appendix (RSN)‏ Establish ”do now lower loa”-principle

Change control Regulate change to KALMAR including new members.

User Interface Make the user aware that she is crossing a national border (!)‏

Next Steps International Federations.org Peering between edupass.ca and InCommon, UK and InCommon, Kalmar Union Federation roadmap Soup

Next soup steps Affinity group in system federations State feds – not yet PII normalization Ask NACUA Coping with EU privacy compliance Interfederation template agreement InCommon as a focus point for interfederation in the US

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.