Campus Identity Management Requirements (=IAP) REFEDs meeting 7.6.2009 Mikael Linden,

Slides:



Advertisements
Similar presentations
Federation management A mess? Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.
Advertisements

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC May 2014 Dublin.
Resource Entitlement Management System Manne Miettinen Mikael Linden Janne Lauros CSC – IT Center for Science.
Getting to Silver: Practical Matters for CIC Universities Tom Barton University of Chicago © 2009 The University of Chicago.
Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.
5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Kalmar Union Mikael Linden CSC, the Finnish IT Center for Science.
Insight Consulting Siemens Identity Management Survey Conducted April – June 2007 Info
Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Refeds federation survey update Theme of the day: Campus Identity Management TF-EMC2 Umeå 9th Jul 2008 CSC, the Finnish IT Center.
EduGAIN Code of Conduct Workshop, , Brussels GEANT eduGAIN Data Protection "Code of Conduct" Workshop Dieter Van Uytvanck
InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb
CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science
EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.
Authentication and Authorization in a federated environment Jules Wolfrat (SARA)
Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
The ReFEDS/GÉANT Code of Conduct (CoC) An Approach to Compliance with the EU Data Protection Directive Steve Carmody April 23, 2012.
(Inter)Federation as Identity Management Policy Driver? RL "Bob" Morgan University of Washington.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
FIM, , Nijmegen CLARIN: status of FIM Dieter Van Uytvanck 1.
Kalmar Union, a Conferedation of Nordic Identity Federations TNC2009 Mikael Linden, CSC Andreas Solberg, UNINETT.
Introduction Moonshot workshop
European Life Sciences Infrastructure for Biological Information Life science community update for the 7 th Federated Identity Management.
10/25/2015 AEB/Yleisesittely Organising Federated Identity in Finnish Higher Education TNC2005 Mikael Linden June 8th, 2005.
Identity Assurance: When it Matters David L. Wasley Internet2 / InCommon.
Kalmar Union lessons: Findings in federation harmonisation REFEDS Mikael Linden, CSC.
OIX initiative, US only? Mapping Swedish Academic Identity Federation 2.0 Policy Framework to Open Identity Exchange (OIX) Trust Framework Provider Assessment.
Federations round table Haka federation of Finland EuroCAMP Mikael Linden CSC, the Finnish IT Center for Science.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Innovation through participation eduGAIN interfederation service for research and education Cern FedID workshop in RAL, UK 2-3 Nov 2011 Mikael Linden,
Innovation through participation eduGAIN policy: A worm report TF-EMC2 Vienna Mikael Linden, CSC The worm farmer.
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
Federations, the Data Protection Directive and WP29 TF-EMC2 Mikael Linden, CSC, the Finnish IT Center for Science.
Authentication and Authorisation for Research and Collaboration Mikael Linden AARC all hands Milan Authentication and Authorisation.
Level of Assurance. LOA LOA classic - The strength of the authentication assertion Depends on identity proofing, delivery of credential, repeated act.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Clain update TF-EMC Mikael Linden, CSC.
Example Use Case for Attribute Authorities and Token Translation Services Jens Jensen, EUDAT/AARC/STFC.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation.
Innovation through participation EduGAIN policy (working draft) Status update REFEDs 30th May 2010
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
B2access.eudat.eu B2ACCESS User Training How to register with B2ACCESS Version 1 February 2016 This work is licensed under the Creative Commons.
ELIXIR AAI Michal Procházka, Mikael Linden, EGI VC 15 March 2016.
Innovation through participation Data Protection Code of Conduct (DP CoC) TNC2013 conference, 4 June 2013 Mikael Linden, CSC – IT Center for Science
InCommon Participant Operating Practices: Friend or Foe?
TF-EMC2 meeting Mikael Linden,
AAI Alignment Nicolas Liampotis (based on the work of Mikael Linden)
Minimal Level of Assurance (LoA)
REFEDS Assurance Framework
PASSHE InCommon & Federated Identity Workshop
Campus Middleware Issues
InCommon Participant Operating Practices: Friend or Foe?
Community AAI with Check-In
Moving forward with assurance
Appropriate Access InCommon Identity Assurance Profiles
GEANT Data protection Code of Conduct 2.0 REFEDS meeting 16 June 2019
Presentation transcript:

Campus Identity Management Requirements (=IAP) REFEDs meeting Mikael Linden,

Two aspects for Campus IdM  Campus IdM = the IdM system feeding the IdP with identities (technics+processes) 1.Traditional LoA: Level of Assurance for Authentication Initial identity proofing, credential quality etc NIST and EU IDABC/STORK covers only this 2.Attribute quality (especially, those for authorisation) ePA=”student” (Has s/he graduated but accounts not closed?) ePEntitlement=… (Has s/he changed his/her project but entitlement not cancelled?) Out of scope for NIST

Implementing Campus IdM  Supplemented by manual processes Metadirectory Syncronise attributes Relying systems operating systems, applications Base Registries New identities Student registry HR registry Enterprise directory UnixmailIdPetc

Why Campus IdM quality? It Increases Trust!  Earlier poor Campus IdM quality was an internal problem for universities  Now also the federation SPs suffer form it  SPs want to know there is a floor for IdM quality in any IdP Requirements coming, e.g. (”community of practice”)  TERENA Grid Certificate Service Project  CLARIN project

The floor and the steps The IdM quality floor Every IdP in a federation needs to fulfil Higher LoA level (e.g. indicated using SAML authenticationContext) Higher LoA level Hierarchical or not? What is easy enough to fly?

Assuring the CIdM quality with audits Who makes? 1.Self-audit E.g. checklists, questionnaires that home organisations fill in The federation operator checks the answers 2.Peer audit As above, but joining home organisations audit each others 3.External audit External auditor makes the audit (1000 EUR a day) When? 1.When an IdP is registered to the federation 2.Reqular re-audits?

The Haka way  Common knowledge: some universities in Finland didn’t bother to close accounts for departing users  When Haka policy was outlined, Haka steering group insisted First do your homework and clean the Campus IdM Then register your IdP to Haka  Federation operator has published Minimum requirements A questionnaire for self-audit  IdP-wannabe fills in and publishes the questionnaire  Haka federation checks that minimum requirements are fulfilled

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.