Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)

Published byBertram Daniels Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)"— Presentation transcript:

1 1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO) rick.bunt@usask.ca

2 2 What’s CUCCIO? 45 member universities, represented by their CIOs or equivalents Managed by a Board of Directors elected by the members web site : http://www.cuccio-cdpiuc.ca/

3 3 Why We Exist To provide a trusted national voice for IT in Canadian universities To foster the professional development of the higher education IT community in Canada To provide a vehicle for collaboration, cooperation and collective action among Canadian universities in matters relating to higher education IT To provide a focal point for liaison with national and international organizations and interest groups concerned with IT

4 4 What We’re Doing Services for members:  Building an online storehouse of requests for proposals, policies and best practices  Developing a mechanism for Canadian institutions to gather a common set of data for measuring and benchmarking Special interest groups:  Security, Business Continuity/Disaster Recovery, Cyberinfrastructure, Professional Development and Training, … Annual CANHEIT conference (Canadian Higher Ed IT) edupass.ca: The Canadian Access Federation

5 5 Defining Identity Management 2008/10/01 Separate two functions of identity management:  Authentication: proving who you are  Authorization : policies controlling access to resources For enterprise efficiency:  Authenticate centrally: administer one set of credentials (id/password)  Authorize locally: service provider controls access to service according to role Single Sign On:  The “authenticate once” principle

6 6 An Access Federation 2008/10/01 Access management across cooperating institutions  Based on trust Retain local management of identity information:  Preserves privacy  Roles based on local responsibilities Be efficient:  Don’t replicate information or technologies

7 7 Access Federation comprises identity providers and service providers  Identity providers authenticate users  Service providers offer services to users under agreements negotiated with the Access Federation How it Works

8 8 2008/10/01 The Canadian Access Federation (edupass.ca) A made-in-Canada solution  Eligible participants include higher education institutions, public research institutions, sponsored service providers, others Services delivered under two technologies:  Eduroam : for wireless mobility  Shibboleth: for web-based applications Managed by CUCCIO: technology, policies, agreements

9 9 What is eduroam? eduroam stands for Educational Roaming Launched in Europe in 2003 to deal with the “Roaming Scholar problem” Allows users visiting other eduroam institutions to access WLAN using home credentials CUCCIO’s Canadian service launched in June 2008

10 10 Calgary Saskatchewan bunt@usask.ca How it Works: Eduroam

11 11 What is Shibboleth? Supports inter-institutional sharing of web resources subject to access controls Streamlines sharing secured online services Leverages existing campus identity and access management infrastructures  Identity provider chooses what information to send to service provider  Service provider makes final authorization decision based on verified information

12 12 2008/10/01 Remote Application U Saskatchewan ID Mgmt Service Confirm User is known Pass approved identity and role information so service can apply authorization policy. 1 2 3 4 first request use Authenticate (bunt@usask.ca) How it Works: Shibboleth Service Provider Access Policies

13 13 Summary The Canadian Access Federation (edupass.ca)  A CUCCIO-sponsored trust federation providing access management to the higher ed community in Canada –Expanded services for faculty/staff/students, supporting inter-institutional collaboration –Efficiencies in use, efficiencies in negotiations Key Requirements  institutional Identity Management strategy –Enterprise identity repository –Role-based access policies –attributes & policies that recognize federation  Applications that utilize Identity Management services 2008/10/01

14 14 2008/10/01 Benefits of Participating For Identity Providers  Enhanced control of personal information of users  Easier to comply with regulatory requirements (e.g. PIPEDA)  Integrates with existing enterprise identity management systems  Common standardized solution for many services

15 15 2008/10/01 Benefits of Participating For Service Providers  Authentication is performed by the identity providers –Eliminates credential security issues –No need for user accounts database  Reduced requirements for user support  Accurate implementation of license conditions  Users take better care of their credentials

16 16 2008/10/01 Benefits of Participating For Users  Much less need to disclose identity  Personal data kept between user and home institution  Fewer user names/passwords to remember

17 17 2008/10/01 International Turnitin, eAcademy Canadian Access Federation Shared Library Scholars Portal, Elsevier Research Orgs CANARIE, Compute Canada Universities Polytechs Colleges Commercial Service Providers InCommon (US), AAF (Australia), Terena (EU), UK AMF CUCCIO CCCCIO Government -Federal -Provinces -Research Granting Councils

18 18 2008/10/01 Where Do We Go From Here? Finalize business plan, legal agreements, policies, procedures, etc. Recruit participants: institutions, service providers Support users “The only way to do something is to do it.”

19 19 2008/10/01 Questions How can the Canadian Access Federation benefit your applications/services? Which service providers would you be interested in sponsoring? For more info see www.cuccio-cdpiuc.ca

20 20 2008/10/01 International Turnitin, eAcademy Canadian Access Federation Shared Library Scholars Portal, Elsevier Research Orgs CANARIE, Compute Canada Universities Polytechs Colleges Commercial Service Providers InCommon (US), AAF (Australia), Terena (EU), UK AMF CUCCIO CCCCIO Government -Federal -Provinces -Research Granting Councils

Download ppt "1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)"

Similar presentations

April 9, 2006 DINO Data In Ontario Spring Meeting University of Guelph.

April 9, 2006 DINO Data In Ontario Spring Meeting University of Guelph.
Duke Enterprise CMS CGS Meeting 5/7/2004 Cheryl Crupi Senior Manager, Duke OIT Office of Web Services.

Duke Enterprise CMS CGS Meeting 5/7/2004 Cheryl Crupi Senior Manager, Duke OIT Office of Web Services.
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
Www.ja.net/roaming Copyright JNT Association 2006 The JANET Roaming Service.

Copyright JNT Association 2006 The JANET Roaming Service.
Council of Australian University Directors of Information Technology Promoting and advancing the use and support of information technology in higher education.

Council of Australian University Directors of Information Technology Promoting and advancing the use and support of information technology in higher education.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Copyright JNT Association 20051Optional www.ukfederation.org.uk Copyright JNT Association 2007 1 Joining the UK Access Management Federation 4th April.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.

Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Data Management Awareness January 23, 2008 1 University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Www.incommon.org InCommon and Federated Identity Management 1 www.incommon.org.

InCommon and Federated Identity Management 1
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney
NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.

NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.
1 MAIS & ITSS FY09 Priorities Joint UL Meeting October 27, 2008.

1 MAIS & ITSS FY09 Priorities Joint UL Meeting October 27, 2008.

Similar presentations

Ads by Google