Presentation is loading. Please wait.

Presentation is loading. Please wait.

A(nother) view on federation issues

Published bySara Cummings Modified over 5 years ago

Similar presentations

Presentation on theme: "A(nother) view on federation issues"— Presentation transcript:

1 A(nother) view on federation issues

2 Has become common place And federations are (or soon will be) in bloom
The F... word Has become common place And not only in AC space And federations are (or soon will be) in bloom This raises/reformulates additional issues Reconciling base technologies Agreeing on trust mechanisms Aligning on schemas Reaching applications Coordinating metadata

3 SAML is the commonly agreed lingua franca for identity data exchange
The L... word SAML is the commonly agreed lingua franca for identity data exchange But unconquered kingdoms exist Most of the Grid territory BS infrastructures MS and its strategy WS are still most unexplored Rebellions arise Lightweight identity protocols And even civil wars Migration paths from 1.1 to 2.0

4 Moving towards conformance
In the protocol and profile forest, conformance must be at least assessed Reference implementations Testing facilities Practical, hybrid approaches deserve to be explored Identify minimal properties to be preserved Let it happen

5 But it is not clear whether infrastructure should follow the two above
The T... word Another common understanding is the use of public key techniques in building trust But it is not clear whether infrastructure should follow the two above Current federation software uses different kind of metadata structures to exchange public keys But this poses maintenance problems And many existing federations are based on PKI But convergence seems the only path

6 Possibilities to merge
Merging the two paths Possibilities to merge Extensions can include references to Attribute Authorities X.509 certificate <=> SAML AuthN assertion X.509 AC <=> SAML Attr assertion Pieces are already around And approaches like PMAs and TACAR can play a key role

7 Schemas constitute the core of federation data exchange
The D... word Schemas constitute the core of federation data exchange But even the simplest agreement is lengthy and complicated Even inside relatively small, tightly coupled groups And recurrent discussions about the nature of data arise New communities always try to bring their own parlance And privacy constraints must be stated once again

8 Concentrate on data usage
Getting out of the cave Concentrate on data usage The common entitlement value for general license access in ShibEnable Decouple attributes the SCHAC way From specific ontologies From local dialectal forms Do not fear some redundancy As long as a canonical representation exists

9 We are still far for reaching even half of the current applications
The A... word We are still far for reaching even half of the current applications Talking just about the Web-based ones And there is a lot of dark matter around there Simply legacy I-do-it-my-way-and-no-other-possible Commercial providers not willing to risk And a great number of non-Web natural niches To be filled asap

10 Keys for pervasiveness
Try to keep as close to applications as possible Speaking their own language Try to go beyond the Web cage Keeping usability Exploring WS is specially relevant Pave the migration way A mixed solution is far better than no solution Proxy when no other choice exists

11 A federation is defined by its metadata
The C... word A federation is defined by its metadata Metadata distribution is a key issue And directly related to the trust establishment process Current methods simply do not scale Growth requires additional features Dynamic publication Location Service composition And many potential metadata is still in an implicit state Another case of middleware dark matter

12 Making interoperation possible
Metadata distribution is essential Repositories and location protocols Registries and naming schemas Gatewaying and proxying are going to stay for a long time To reach all the moving targets around And policies are still to be defined Many things to think about As we are still at the very beginning

Download ppt "A(nother) view on federation issues"

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
The Next Generation Grid Kostas Tserpes, NTUA Beijing, 22 of June 2005.

The Next Generation Grid Kostas Tserpes, NTUA Beijing, 22 of June 2005.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
OOI-CI–Ragouzis–2007.10.15 Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop 17-19 October 2007.

OOI-CI–Ragouzis– Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop October 2007.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public University of the Future 1 TF-Mobility future Klaas Wierenga

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public University of the Future 1 TF-Mobility future Klaas Wierenga
Supporting education and research E-learning tools, standards and systems Sarah Porter Head of Development, JISC.

Supporting education and research E-learning tools, standards and systems Sarah Porter Head of Development, JISC.
Diego R. Lopez Middleware & identity Along the winding way.

Diego R. Lopez Middleware & identity Along the winding way.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Connect. Communicate. Collaborate The eduGAIN Way Diego R. Lopez - RedIRIS.

Connect. Communicate. Collaborate The eduGAIN Way Diego R. Lopez - RedIRIS.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Directories and PKI Keith Hazelton Senior IT Architect, UW-Madison PKI Summit, Snowmass, 9-Aug-01.

Directories and PKI Keith Hazelton Senior IT Architect, UW-Madison PKI Summit, Snowmass, 9-Aug-01.
Helsinki Institute of Physics (HIP) - 2003 Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005

High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005
A survey based analysis on training opportunities Dr. Jūratė Kuprienė Framing the digital curation curriculum International Conference Florence, Italy.

A survey based analysis on training opportunities Dr. Jūratė Kuprienė Framing the digital curation curriculum International Conference Florence, Italy.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)

Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)
Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.

Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.

Similar presentations

Ads by Google