Presentation is loading. Please wait.

Presentation is loading. Please wait.

Updates on Training Andrea Biancini (AARC2.AHM)2 NA2 WP leader

Published byMagdalen Newton Modified over 6 years ago

Similar presentations

Presentation on theme: "Updates on Training Andrea Biancini (AARC2.AHM)2 NA2 WP leader"— Presentation transcript:

1 Updates on Training Andrea Biancini (AARC2.AHM)2 NA2 WP leader
Reti SpA AARC2 Second Meeting, Amsterdam November, 21st 2017

2 What happened from AARC1 Trainings available
The following training materials have been developed: Federation 101: introduction of the federation concepts (available on AARC website) Training for Sirtfi: training on federated security incident response (available on Géant Moodle platform) Attribute Release Training: how to release attributes to SPs in an easy and scalable way (material available on AARC website, course to be finalized within GN4 and uploaded to Géant Moodle platform) Training for Service Providers: how to install and configure a SP with Shibboleth (available on AARC website, to be further developed in AARC2) Toolkit for libraries: learning material about federated access for libraries (available on AARC website) Toolkit for infrastructures: learning material about federated access for e-infrastructures (available on AARC website)

3 Feedback and impact measurement
The AARC2 training process High level description of the process phases Nominations Selection process Identification and prioritization of the training needs. Fine tuning of the training module to better identify shape and format of training modules. Scoping of each module Pilot Execution Planning and execution of the training PR and Marketing Feedback and impact measurement Communication of results and collection of feedbacks.

4 AARC2, planning the first activities The survey performed and the answers collected
To identify first training actions: the task organized an AL/TL meeting to identify and share the training strategy and first initiatives; the task piggybacked the work from SA1, asking all communities to provide answers to a simple survey on training needs. The survey was very lean: Self assessed level of readiness for federated AAI Training 1: Module and Format Training 2: Module and Format Training 3: Module and Format Community event The answers provided have not been as numerous as expected (only EISCAT3d, EPOS and CTA provided answers), nevertheless….

5 The cookbook for Service Providers The structure of the cookbook
The Cookbook for Service Providers gives structure to the work on the training task. This cookbook is a sort of TOC that organizes all the training materials. The cookbook is structured into these sections: Introduction Scenarios and use-cases The Blue Print Architecture Technical Components Policies

6 The cookbook for Service Providers Modules of the AARC2 training
The work on training will be performed in parallel on the different sections of the Cookbook. The major training module groups have been identified in: Basic Training: analyse the gaps in knowledge of user communities that have minimal exposure to federated access. Will cover: introduction, scenarios and use cases sections of the Cookbook. Advanced Technical Training: analyse the needs of targeted user communities that are already running an AAI and that therefore present different requirements in terms of training. Will cover: technical components section of the Cookbook. Blue Print Architecture: train on one of the major final results of AARC  Will cover: BPA section of he Cookbook. Advanced Policy Training: provide the guidance to develop a complete policy suite supporting Federated Identity Management Will cover: policy section of he Cookbook.

7 The cookbook for Service Providers The NA2T2 team composition
Training Module Spokesperson People Task Leadership Lalla Mantovani Lalla Mantovani (GARR) Basic Federica Tanlongo Andrea Biancini (RETI) David Hübner (DAASI) Marco Malavolti (GARR) Federica Tanlongo (GARR) Advanced Technical David Hübner Blue Print Architecture Irina Mikhailava Irina Mikhailava (GÉANT) Advanced Legal & Policies Uros Stevanovic Hannah Short Uros Stevanovic (KIT) Hannah Short (CERN)

8 Cookbook for Service Providers, next steps Basic Training
Introduction “Scenarios”: How to connect to IdPs External authentication Federated authentication How to join eduGAIN as a SP: connecting to a federation of IdPs What is Discovery? Authentication through proxy Best practices in creating a service catalog “Use cases”: SP focused use-cases Federated access to non-web (and mobile) applications AAI for distributed communities (VOs) Centralising authorisation access control for the community’s SPs Attribute aggregation scenarios: pull vs push Federation 101 Module developed and extended with “terms and definition”. Externalising authentication Create "scoping" and execute course testing to verify interest in the training (Federica). Federating a service Create "scoping" and execute course testing to verify interest in the training (Marco). Using a Proxy Create "scoping" and execute course testing to verify interest in the training (David). Non-web applications Create "scoping" and execute course testing to verify interest in the training (Andrea). Authorization

9 Cookbook for Service Providers, next steps Advanced Training on Blue Print Architecture
The AARC blueprint architecture What is an AAI service platform for communities When is it necessary to deploy the blueprint architecture? Which pieces are optional vs recommended? Examples of AAI service platforms for communities: EGI Check-in service EUDAT B2ACCESS GÉANT eduTEAMS BPA Ongoing the creation of a BPA module to upload to Moodle platform (Irina).

10 Cookbook for Service Providers, next steps Advanced Technical Training (1/2)
Setting up a Service Provider (Relying Party/OIDC Client) Shibboleth SP SimpleSAMLphp SP OIDC Client Recommendations for setting up a Discovery Service Introduction on different solutions, when to use which (EDS, CDS, not necessary when using a proxy, new solutions for centralised discovery services) Analysing your authentication sources to design user-friendly authentication processes Planning which user information (attributes) your SP requires to work properly What information Identity Providers can relay to your SP Requiring only the attributes you really need: attributes best practices, tips and examples Attribute aggregation (at the SP level) Setting up a SAML SP Reviewing existing material and integrating. Create "scoping" and execute course testing to verify interest in the training (Marco). Setting up a OIDC RP Upload of existing reviewed material on AARC2 website. Develop a Moodle module with GN4. Create "scoping" and execute course testing to verify interest in the training (Andrea). Recommendations for setting up a Discovery Service Create "scoping" and execute course testing to verify interest in the training (David). User-friendly authentication processes Link to REFEDS best practices. Create "scoping" and execute course testing to verify interest in the training (Andrea). Attribute and claims

11 Cookbook for Service Providers, next steps Advanced Technical Training (2/2)
Best practices for managing authorization from the SP point of view how to profile access based on Affiliation, Entitlement, Assurance, Other attributes or Advanced (XACML) Account linking: benefits and best practices/tips Activating and managing the step-up authentication What is an IdP/SP proxy User identifiers for communities Central access control to different SPs with the proxy Centrally collecting different authentication sources with the proxy Synergies between the proxy and authorization manager tools Account linking with the proxy Consent with the proxy IdP/SP proxy use-cases How to do authorization Create "scoping" and execute course testing to verify interest in the training (Andrea). User information and access control Account Linking Clarify the use case and then develop “scoping” and materials (TBD). Step-up authentication Wait for recommendations from JRA1 and decide whether this should end up in a training (TBD). What is an IdP/SP proxy Align with Basic Training BPA module to define focus of this training. Create "scoping" and execute course testing to verify interest in the training (TBD).

12 Cookbook for Service Providers, next steps Advanced training on policy
Introductory paragraph Why should services care about policies? What would a service need to do to connect to an infrastructure? Which policies should you have when running an infrastructure or service? Closely linked to TNA3.4 Engagement & Coordination (Dave Kelsey’s Task) Main task, policy pack for research collaborations Additional areas of focus GDPR for SPs Consent, attributes, privacy by design Security and Trust Frameworks Sirtfi (SPs, IdPs, Proxies) REFEDS R&S SNCTFI (Proxies) AARC/RAF LoA framework Policy pack Create a module divided including the following policy areas, roughly following Snctifi structure: Data Protection Membership Management Security Incident Response LoA Focus on: What is this policy for? Do I need this policy? Who should agree to the policy and where should it live? A Template Still reasoning on the best format: Moodle, videos, “click-in” style website, … (Hannah).

13

Download ppt "Updates on Training Andrea Biancini (AARC2.AHM)2 NA2 WP leader"

Similar presentations

Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Connect communicate collaborate GÉANT3plus Enabling Users Pilots Lukas Hämmerle Task Leader Enabling Users

Connect communicate collaborate GÉANT3plus Enabling Users Pilots Lukas Hämmerle Task Leader "Enabling Users"
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.

Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Pilots on the Integrated R&E AAI Paul van Dijk, Activity Lead Pilots.

Authentication and Authorisation for Research and Collaboration Pilots on the Integrated R&E AAI Paul van Dijk, Activity Lead Pilots.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Milan, Italy Training and Outreach Authentication and Authorisation.

Authentication and Authorisation for Research and Collaboration Milan, Italy Training and Outreach Authentication and Authorisation.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.

Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.
A uthentication & A uthorization for R esearch & C ollaboration Pilots in SA1 Paul van Dijk, SURFnet AARC.

A uthentication & A uthorization for R esearch & C ollaboration Pilots in SA1 Paul van Dijk, SURFnet AARC.
Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team

Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team
David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.

David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.
Networks ∙ Services ∙ People www.geant.org Andrea Biancini #TNC15, Porto, Portugal Implementing Grouper to federate user authorization Federated Authorization.

Networks ∙ Services ∙ People Andrea Biancini #TNC15, Porto, Portugal Implementing Grouper to federate user authorization Federated Authorization.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Heiko Hütter, Martin Haase, Peter Gietz, David Groep AARC 3 rd.

Authentication and Authorisation for Research and Collaboration Heiko Hütter, Martin Haase, Peter Gietz, David Groep AARC 3 rd.

Similar presentations

Ads by Google