Developments and challenges in authentication and authorisation Klaas Wierenga Berlin, 23 May 2006.

Slides:

Advertisements

Similar presentations

Lousy Introduction into SWITCHaai

Advertisements

Federation management A mess? Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.

Identity Network Ideals – Heterogeneity & Co-existence

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Research on Networks Report on session on Grids & access Klaas Wierenga SURFnet Middleware Services Utrecht, 29 April 2004.

Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC May 2014 Dublin.

Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.

Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.

The EARNEST Foresight Study Results from the EARNEST Technical Study Licia Florio, TERENA EARNEST Workshop, Amsterdam, 8.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Athens Building Communities Ed Zedlewski & Lyn Norris UKSG, Warwick, April 2002.

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

John Dyer Business & Technology Strategist TERENA Business & Technology Strategist December 2013 European NRENs Evolution.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Middleware challenges to service providers, the Nordic view TERENA, Ingrid Melve, UNINETT.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

High-quality Internet for higher education and research do you like to puzzle, build an AAI ! xxx AA systems 2nd EuroCAMP - Porto November 8, 2005

Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.

High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005

Information Technology  © 2001 The Trustees of Boston College  5/8/2003  Slide 1 Why Standards? Campus Perspective Bernard W. Gleason XML Forum Alexandria,

Integrating Federated Identity and Web services in the RHIO Environment John Richardson Vice-Chair, Liberty Alliance eHealth SIG Intel Corporation Digital.

Introduction Moonshot workshop

Towards Interconnecting the Nordic Identity Federations TNC2007 Walter M Tveter, UiO Mikael Linden, CSC/HAKA Ingrid Melve, Uninett/Feide.

7 th FIM 4 R meeting April 2014 ESRIN Frascati.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Federation Building Blocks EuroCAMP, Malaga 18 Oct 2006 Julie Frøseth, UNINETT.

University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Diego R. Lopez, RedIRIS JRES2005, Marseille On eduGAIN and the Coming GÉANT Middleware Infrastructure.

Identity Management and Enterprise Single Sign-On (ESSO)

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.

Deploying Authorization Mechanisms for Federated Services in eduroam Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007.

Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

DICE: Authorizing Dynamic Networks for VOs Jeff W. Boote Senior Network Software Engineer, Internet2 Cándido Rodríguez Montes RedIRIS TNC2009 Malaga, Spain.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

NREN Trust and Identity Strategy Ann Harding, SWITCH Cambridge July 2014.

Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.

Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,

Welcome to 3 rd EuroCAMP Diego R. Lopez RedIRIS. Welcome to 3 rd EuroCAMP What Is All This About The third step in our Domination Conspiracy Supported.

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Networks ∙ Services ∙ People Marina Adomeit TNC16 Conference, Prague Towards a platform for supporting collaboration GÉANT VOPaaS

Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.

WLCG Update Hannah Short, CERN Computer Security.

Cross-sector and user-centric AAI

Use case: Federated Identity for Education (Feide)

Federated Identity Management for Researchers (FIM4R)

Current Campus Issues – From My Horizon

ESA Single Sign On (SSO) and Federated Identity Management

Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007

Multi-Domain User Applications Research (JRA3)

GN2 JRA5 Roaming and Authorisation Jürgen Rauschenbach, DFN-Verein

Presentation transcript:

Developments and challenges in authentication and authorisation Klaas Wierenga Berlin, 23 May 2006

High-quality Internet for higher education and research Agenda Federations Drivers for (identity) federations Key developments Challenges Summary

High-quality Internet for higher education and research Federations Identity Provider User Resource Provider Resource Trust Organisation B Organisation A Federations are about sharing resources across organisational borders

High-quality Internet for higher education and research Drivers for (identity) federations Organisational Users are becoming increasingly mobile –Bologna process, ECTS –E-learning for everyone Research is getting to “large” to do alone –Collaboration is common, projects cross organisational borders –Grids Self serving interfaces, changes in workflow inside university –Employees and students get tasks from administration –Cutting cost Technical Higher need for security without stopping people from studying or doing resarch Two-sided communication gets replaced by multidimensional web services, SOA Centralising applications in order to individualise services –Personalisation gets more important Political and societal Government AAI (and commercial IdPs) –Interconnections

High-quality Internet for higher education and research Federations are happening HAKA JISC federation DK-AAI Applications outsourcing their users –To the home institution of the user –To a single place at the home institution Academic identity federations are operational –Real services used everyday by large amount of users –Research and educational applications are federated Federation software available in the marketplace Infocard –Making "identity" tangible to users Convergence is there –With SAML as lingua franca

High-quality Internet for higher education and research Organisational Challenges Local identity management Provisioning –must be understood both on campus and in applications Managing roles and attributes Scalability problems (many sources of authority)

High-quality Internet for higher education and research Technical Challenges (1) Horizontal integration –Government federations –Commercial federations (Liberty Alliance, WS- * based) –Across national boundaries Vertical integration –Web SSO, eduroam, grids –Lightpath provisioning (GLIF), measurement and monitoring (PerfSonar) – , IM, SIP, SSH

High-quality Internet for higher education and research Technical Challenges (2) External IdP’s –Different levels of authentication –Different levels of authorisation From authentication to authorisation –Do those enterprise directories really contain authoritive authorisation information? Security constraints –Policy and technology N-tier problems –Where are the attributes?

High-quality Internet for higher education and research Political and Societal challenges Privacy –Locally –Within federations –Across Europe –World-wide Interconnection policies –building federations –bridging federations Integration of enterprise and federated identity with personal identity Agreement on consistent approaches to authentication

High-quality Internet for higher education and research Summary Educational federations are happening Convergence to (small number of) standards –SAML International federations are emerging –eduroam –Grids –Géant2 AAI (eduGAIN) Federations are moving up into the stack But campus issues remain a concern

High-quality Internet for higher education and research Thanks to Ken Klingenstein (Internet2) Diego Lopez (RedIRIS) Ingrid Melve (UNINETT) Bob RL Morgan (Internet2) Milan Sova (CESNET) Torbjorn Wiberg (Umea University)