INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Slides:



Advertisements
Similar presentations
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Advertisements

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki Mikael Linden, CSC – IT Center for Science
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) FIM for research collaboration workshop Mikael Linden,
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
SWITCHaai Team Federated Identity Management.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Troubleshooting Federation, AD FS 2.0, and More…
Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
The ReFEDS/GÉANT Code of Conduct (CoC) An Approach to Compliance with the EU Data Protection Directive Steve Carmody April 23, 2012.
InCommon as Infrastructure: How Recommended Practices and Federation Features Help Scale Federated Identity Management Michael R. Gettes, Carnegie Mellon.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Stuff, including interfederation stuff Dr Ken Klingenstein, Director, Middleware and Security, Internet2.
Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)
Federated Identity and Shibboleth Concepts Rick Summerhill Chief Technology Officer Internet2 GEC3 October 29, 2008 Slides by Nate Klingenstein
Test your IdP
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.
Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.
Origins: The Requirements of Participating in Federations CAMP Shibboleth June 29, 2004 Barry Ribbeck & David Wasley.
Growth. Interfederation PKI is globally scalable Unfortunately, its not locally deployable… Federation is locally deployable Can it.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
Networks ∙ Services ∙ People Nicole Harris UK federation meeting eduGAIN, REFEDS and the UK 23 June 2015 Project Development Officer GÉANT.
The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop.
Trust and Identity Infrastructure Services Above the Network Ann Harding, SWITCH/GÉANT UbuntuNetConnect 2014.
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
Keeping Your Federation in Shape Discussion with InCommon Technical Advisory Committee Members Jim Basney Scott Cantor Tom Barton.
Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.
Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Access Policy - Federation March 23, 2016
CoCo and R&S in the UK federation
The Policy Puzzle Many groups and (proposed) policies, but leaving many open issues AARC “NA3” is tackling a sub-set of these “Levels of Assurance” –
User Community Driven Development in Trust and Identity
Federation Systems, ADFS, & Shibboleth 2.0
Géant-TrustBroker Dynamic inter-federation identity management
InCommon Steward Program: Community Review
Scalability of trust and metadata exchange across federations
Identity & Access Management InCommon Research and Scholarship
GÉANT 4-2 JRA3 T1 and T2 Federations and Campus (CaFe) e-Infrastructures and Service Providers (RASP) Daniela Pöhn JRA3 T1 LRZ/DFN-AAI Technology Exchange.
AARC Blueprint Architecture and Pilots
UK Access Management Federation
Community AAI with Check-In
Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.
GÉANT 4-2 JRA3 Daniela Pöhn JRA3 T1 LRZ/DFN-AAI
Shibboleth 2.0 IdP Training: Introduction
The Attribute and the ecosystem
Tom Barton (WG Chair) University of Chicago and Internet2
Baseline Expectations for Trust in Federation
GEANT Data protection Code of Conduct 2.0 REFEDS meeting 16 June 2019
Presentation transcript:

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group

Trust Basics: The Actors User: Person accessing the service Identity Provider: The organization that knows that person and verifies her identity online. Service Provider: The organization the offers the service and grants access to use it. Federation Operator: The organization that vets the membership, implements the community “rules” and publishes metadata about these IdPs and SPs in an aggregated file called the metadata aggregate.

Trust Basics: Federation is Distributed Services Service Provider Authorization Certified Federation Metadata “Phone Book” End User AuthN 6 - Authorization 1 Fed schema Enterprise Directory Federating Software Request Authentication & Access Information (attributes) 4 5 – Authentication Verified. Sending Attributes 7 2 Federating Software Campus Authentication and User Information 3 - Authentication

Trust Basics: Federation is Distributed

Trust Basics: Federation is Shared I have to trust what you do with my IdP: Data that I send you SP: Service that you use Being comfortable with how my partners perform their roles is key.

Trust Basics: Federation is Fractal Roughly speaking… Concerns at the org level are the same at the national level: Privacy Membership Risk Control over who my partners are First step to Trust is Publish what you do

Trust Basics: Publish What you Do First Step: Publish InCommon Participant Operating Practices eduGAIN participation requirements Second Step: Decide IdPs: to release attributes SPs: to authorize access

Refeds MAP

eduGAIN Policy Flow GEANT (governing structure) US Federation (InCommon run by Internet2) eduGAIN Service EU National R&E Federations (Gov sponsored) Feds in Asia, Middle East, India, Africa, North & South America, ….

A Word about Metadata

What’s in the Metadata Aggregate? Information about: Security (signing keys) Contacts (troubleshooting and support) Connection (URLs of services) Verifier of the orgs/metadata (InCommon) Policy and practice compliance “tags” (R&S, Assurance)

eduGAIN is about Metadata Exchange

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.