Presentation is loading. Please wait.

Presentation is loading. Please wait.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Published byKory Daniels Modified over 8 years ago

Similar presentations

Presentation on theme: "INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC."— Presentation transcript:

1 INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC

2 Learning Objectives Why identity management is important, and what federations have to offer How to bring identity management and identity federation to your campus or region How identity federation can enable campus services and research How to build a business model that in support of identity federation on your campus What policies and operational practices you need to have in place How to engage with the global R&E community

3 What Is Identity Federation? “a common framework for trusted shared management of access to on-line resources” InCommon “...identities from one organisation may use Shibboleth [or another authentication service] to gain federated access to services hosted by another organisation. Membership of a federation places obligations on members which allow members to trust identity assertions provided by other members.” JISC

4 Building Blocks of Federation AttributesIdentity Provider / Service ProviderDiscoveryFederation ToolsMetadataPolicy

5 Who Benefits? Students and Researchers more collaboration opportunities potential access to more resources and data Students and researchers more efficient utilization of resources easier research collaboration – can be setup within hours rather than days/weeks easier to share or move data between sites/nodes - where relevant The research community

6 Who Benefits? The Campus a solidly branded institutional identity which improves the overall reputation of the organization a stronger security profile for the network an ability to logically budget for the network based on actual data (who is on the system, how quickly is it growing, where are the bottlenecks) fewer bilateral contracts; more organizations can function under a common framework The campus or institution “Identity federation participants could spend time establishing operating principles, technology hooks, and agreed-upon data exchange elements with each partner; or they could do it once through the federation and then leverage these common elements for many relationships.” -- InCommon

7 Benefits/Compelling Reason to Act Authentication-related calls to Penn State University’s helpdesk dropped by 85% after they installed Shibboleth Reduces work Studies of applications that maintain user data show that the majority of data is out of date. Are you “protecting” your app with stale data? Provides current data In FIM data is pushed to services as needed. If those services are compromised the attacker can’t get everyone’s data. Insulation from service compromises Only the IdP needs to be able to contact user data stores. All effort can be focused on securing this one connection instead of one or more connections per service. Minimize attack surface area

8 What Are Some Compelling Service Possibilities? eduroam eduGAIN digital libraries licensed software Learning Management Systems Wikis Cloud service providers supporting research and education Researchresearch.com Qualtrics AWS Research Grants

9 What do Federations do? At a minimum a federation maintains the list of which IdPs and SPs are in the federation Most federations also Define agreements, rules, and policies Provide some user support (documentation, email list, etc.) Operate a central discovery service and test infrastructure Some federations Provide self-service tools for managing IdP and SP data (Resource Registry) Provide application integration support Host or help with outsourced IdPs (IdP in the Cloud, hosted IdP Provide tools for managing "guest" users Develop custom tools for the community

10 How to Make Federated Identity Work Start with establishing campus identity systems Base-level requirements: centralized campus or institution identity store (e.g., database, LDAP directory) documented policies regarding the life cycle of organizational identity a business model for ongoing development and support

11 Additional Reading Material “Ready the Pipes” – Campus Technologies. https://campustechnology.com/articles/2010/03/01/ready- the-pipes.aspx https://campustechnology.com/articles/2010/03/01/ready- the-pipes.aspx “Lowering costs of identity proofing by federated identity management” – Swedish Alliance for Middleware Infrastructure. http://www.incommon.org/docs/other/SWAMI_federated_i dm_roi.pdf http://www.incommon.org/docs/other/SWAMI_federated_i dm_roi.pdf “Identity Management Toolkit” – JISC. https://identitymanagementinfokit.pbworks.com/w/page/50 989755/Home https://identitymanagementinfokit.pbworks.com/w/page/50 989755/Home

12 The NSRC cultivates collaboration among a community of peers to build and improve a global Internet that benefits all parties. We facilitate the growth of sustainable Internet infrastructure via technical training and engineering assistance to enrich the network of networks. Our goal is to connect people. www.nsrc.org

Download ppt "INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC."

Similar presentations

PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.

PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
Your Technology Is Connected. Are You? Your technology doesn’t exist in a vacuum. Welcome to the networked and interconnected technology ecosystem where.

Your Technology Is Connected. Are You? Your technology doesn’t exist in a vacuum. Welcome to the networked and interconnected technology ecosystem where.
Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.
Copyright JNT Association 20051Optional www.ukfederation.org.uk Copyright JNT Association 2007 1 Joining the UK Access Management Federation 4th April.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Www.incommon.org InCommon and Federated Identity Management 1 www.incommon.org.

InCommon and Federated Identity Management 1
NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.

NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
InCommon Policy Conference April 2005. 2 Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
(Rev 1/11) UW System Identity and Access Management (IAM) Current Status and Roadmap Tom Jordan, IAM-TAG Chair Ty Letto, IAM Support Team Manager January,

(Rev 1/11) UW System Identity and Access Management (IAM) Current Status and Roadmap Tom Jordan, IAM-TAG Chair Ty Letto, IAM Support Team Manager January,
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.

Similar presentations

Ads by Google