Presentation is loading. Please wait.

Presentation is loading. Please wait.

Networks ∙ Services ∙ People www.geant.org Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Published byOsborne Tucker Modified over 8 years ago

Similar presentations

Presentation on theme: "Networks ∙ Services ∙ People www.geant.org Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT."— Presentation transcript:

1 Networks ∙ Services ∙ People www.geant.org Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT

2 Networks ∙ Services ∙ People www.geant.org When and how it all started Where we are now Where we want/should be 2 Overview

3 Networks ∙ Services ∙ People www.geant.org 3 10 years of 1 st March 2005: SAML2.0 was approved Now used by 50 R&E federations! REFEDS – 10 years of discussion on how federations can interoperate. And of course federated access

4 Networks ∙ Services ∙ People www.geant.org 4 A look at the past

5 Networks ∙ Services ∙ People www.geant.org Our community realised very soon that username and password would not scale in a world: Where on-line access was becoming more and more common Where students mobility was growing and it was expected to grow more Where remote access to resources was becoming a main requirement 5 Importance of Federated Access

6 Networks ∙ Services ∙ People www.geant.org 6 From the Internet Archives Tuesday 29 Oct 2002 I2 News Item: “After two months of using Shibboleth to manage web course material at North Carolina State University, we saw an 80- to 85-percent drop in our help desk call” https://lists.internet2.edu/sympa/arc/i2-news/2002-10/msg00003.html Dec Oct 2002 SWITCH AAI Info Day: “Demo on Shibboleth demo (v 0.7!) And an overview on other AAIs in Europe ” https://www.switch.ch/aai/support/presentations/infoday-2002/

7 Networks ∙ Services ∙ People www.geant.org 7 How it all started A-Select PAPI FEIDE Shibboleth Athens PermisSPOCP

8 Networks ∙ Services ∙ People www.geant.org 8 The good year! Source: Ton Verschuuren http://geant2.archive.geant.net/upload/pdf/2005-11- 14_Confederation_-_JISC_Workshop.pdf SAML becomes the de-facto lingua franca with multiple implementations (i.e. simpleSAMLphp and commercial products)

9 Networks ∙ Services ∙ People www.geant.org 9 Federations in 2005 Source: TERENA CompendiumTERENA Compendium 6 Federations Many NRENs planning

10 Networks ∙ Services ∙ People www.geant.org 10 Challenges back then Scalability Inter-federation Business Models Schema harmonization Support for VOs Authorization

11 Networks ∙ Services ∙ People www.geant.org 11 Please meet eduGAIN grandpa

12 Networks ∙ Services ∙ People www.geant.org 12 Federations in the past 5 years

13 Networks ∙ Services ∙ People www.geant.org April 2011: Official start of eduGAIN Nov 2013: 21 Federations are members (50%), 5 joining Apr 2014: 24 Federations are members (51%), 6 joining April 2015: 32 Federations are members (57%), 9 joining Whole (academic) SAML landscape: 56 Federations, 3007 IdPs, 6514 SPs (gathered from metadata) Not all of them need to be interfederated, e.g. many internal SPs 13 The Rise of Federations

14 Networks ∙ Services ∙ People www.geant.org 14 eduGAIN and Federations 32 eduGAIN Members 9 Joining eduGAIN 3 Candidate Federation 12 Other Federations April 2015

15 Networks ∙ Services ∙ People www.geant.org 15 Identity is QUEEN Demand for Federated Access Identity as important as the network Users want to access services across various e- Infrastructures Industry recognises the importance of identity and federated access

16 Networks ∙ Services ∙ People www.geant.org 16 Scalability Business Models Support for VOs Authorization Non-Web Browser federated access Assurance Security Incident Response in Federations Support for Guest Users Data Protection Technology translators Attribute release Schema harmonisation Schema harmonization Business Models Scalability The Challenges Inter-federation

17 Networks ∙ Services ∙ People www.geant.org 17 Work in progress

18 Networks ∙ Services ∙ People www.geant.org 18 The Project Two-year EC-funded project 20 partners NRENs, e-Infrastructure providers and Libraries as equal partners About 3M euro budget Starting date 1st May, 2015 https://aarc-project.eu/ Authentication and Authorisation for Research and Collaboration

19 Networks ∙ Services ∙ People www.geant.org 19 AARC - Objectives Build on federated access, improve its up- take and address current challenges Harmonise policies among e-Infrastructures to ease service delivery Avoid the creation of project-specific AAIs by enabling researchers to use their existing credentials to access different resources Avoid the creation of project-specific AAIs by enabling researchers to use their existing credentials to access different resources Define a training package for institutions and services to support federated access Integrate existing R&E AAIs to create an highway for identities

20 Networks ∙ Services ∙ People www.geant.org 20 The landscape 20 AARC Requirements Anchored in real use cases Pilots AARC technical and policy findings Training REFEDS/FIM4R REFEDS: Feedback and validation from Fed Operators on best practices FIM4R: Feedback on pilots from AAI user communities Requirements/feedback for training and architecture e-Infrastructures i.e. GEANT Develop business case Costing Supply chain Pilot the deployments eduGAIN Incorporate

21 Networks ∙ Services ∙ People www.geant.org 21 Where do we want to be

22 Networks ∙ Services ∙ People www.geant.org 22 Challenges in 5 years The role of the IdPs will change: To become only authentication? A national single authentication point for the R&E ? Or a hub? eduID.se to create user accounts to access courses (and more) in all Swedish universities Federations will change More hubs and mesh as needed And to cope with privacy laws Engagement with other sectors: eGov – different approaches per countries/federations Industry – OIDC, social identities and cloud services Account linking

23 Networks ∙ Services ∙ People www.geant.org 23 What will be solved Non-Web federated access Incident response in federated access Attribute release for some use- cases Many issues related to Support for VOs

24 Networks ∙ Services ∙ People www.geant.org 24 Conclusions Plenty of work ahead Environment is right to collaborate rather than reinventing the wheel

25 Networks ∙ Services ∙ People www.geant.org Thank you and any questions Networks ∙ Services ∙ People www.geant.org 25

Download ppt "Networks ∙ Services ∙ People www.geant.org Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT."

Similar presentations

EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC 2014 20 May 2014 Dublin.

Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC May 2014 Dublin.
EduGAIN – Are we there yet? Lukas Hämmerle (ghost writer, Brook Schofield) FIM4R, Helsinki – 2 October 2013.

EduGAIN – Are we there yet? Lukas Hämmerle (ghost writer, Brook Schofield) FIM4R, Helsinki – 2 October 2013.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.

BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.
Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service 2012-02-27 Federated Identity Systems.

Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.

Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.
Connect communicate collaborate GÉANT3plus Enabling Users Pilots Lukas Hämmerle Task Leader Enabling Users

Connect communicate collaborate GÉANT3plus Enabling Users Pilots Lukas Hämmerle Task Leader "Enabling Users"
John Dyer Business & Technology Strategist TERENA Business & Technology Strategist 4 October 2013 European NRENs Evolution.

John Dyer Business & Technology Strategist TERENA Business & Technology Strategist 4 October 2013 European NRENs Evolution.
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.

Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
European Life Sciences Infrastructure for Biological Information www.elixir-europe.org Life science community update for the 7 th Federated Identity Management.

European Life Sciences Infrastructure for Biological Information Life science community update for the 7 th Federated Identity Management.
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Similar presentations

Ads by Google