Presentation is loading. Please wait.

Presentation is loading. Please wait.

New CyberInfrastructure for Collaboration between Higher Ed and NIH.

Published byJulian Moses Bradley Modified over 8 years ago

Similar presentations

Presentation on theme: "New CyberInfrastructure for Collaboration between Higher Ed and NIH."— Presentation transcript:

1 New CyberInfrastructure for Collaboration between Higher Ed and NIH

2 Presenter’s Name Topics Drivers in the R&E community A very brief history of federated identity Shibboleth and InCommon today How robust is the cyberinfrastructure Collaboration and federated identity

3 Presenter’s Name Drivers in the R&E community Strong, urgent needs to collaborate inter- institutionally First TCP/IP, now federated identity Importance of Virtual Organizations A common infrastructure to serve research, educational, and administrative needs Need to preserve privacy and provide rich attribute exchange mechanisms

4 Presenter’s Name A brief history of federated identity Shibboleth discussions begin in Feb 2000 at a meeting of higher ed’s best/brightest IT architects OASIS SAML effort forms December 2000 and engages higher ed to align work SAML would handle basic formats for attribute packets and simple push/pull protocols for exchanging them Shibboleth would build on SAML mechanisms for multilateral federation support, user control of privacy, metadata, etc. Shibboleth::SAML ~ TCP::IP Three of the seven authors of the SAML 1 spec are Shib folks; the technical editor of SAML 2.0, Scott Cantor of OSU, is the lead Shib architect

5 Presenter’s Name Shibboleth use ~ 12 M in Europe/Asia and ~6 M in the US; growing exponentially in many countries; almost all Shib 1.3 Almost all users do not know they are using it (some may see a redirect…) but that is to change OpenSAML used by Google, Verisign, etc.

6 Presenter’s Name Federations Federations are now occurring broadly, and internationally, to support inter-institutional and external partner collaborations Almost all in the corporate world are bi-lateral; almost all in the R&E world are multilateral Federations are learning to peer Internal federations are also proving quite useful

7 Presenter’s Name R&E Federations Substantial deployments in many countries, including UK, Norway, Switzerland, Sweden, Australia, France, Denmark, Finland, Spain, Germany, Netherlands, etc. Coverage in a number of countries is now 100%. InCommon, Texas (three federations), UCTrust, CalState Trust, CCLA of Florida, CC of Washington State DHS + DOJ

8 Presenter’s Name InCommon US R&E Federation, a 501(c)3 Addresses legal, LOA, shared attributes, business proposition, etc Members are universities, service providers, government agencies, national labs Over 70 organizations and growing steadily; 1.3 million user base now, crossing 2 million by the end of the year Almost all use is transparent to users (its middleware) but that is about to change www.incommonfederation.org

9 Presenter’s Name Uses Access controlled wikis Access to academic content, such as Elsevier Access to popular content, such as Cdigix Access to services, such as student travel agencies, testing services, Grid computational resources, portal providers, recruitment services, etc (Trust base for dynamic circuit authorization/accounting) (Access to parts of MS) (Google Apps for Education)

10 Presenter’s Name The Higher Ed interests in federated NIH Researchers using their campus credentials to access major NIH data and computational resources such as BIRN and caBIG Researchers using local credentials to submit grant proposals, compliance certificates Administrators using local credentials, or roles, to submit regular statistical reporting Students using enrollment in appropriate campus courses to access federal research materials

11 Presenter’s Name Benefits for the campus Improve the overall security environment Reduce accounts, improve identity vetting, etc Provide enhanced services for their researchers Privacy management, integrated workflows, manage firewalls etc. Ability to integrate research with instruction in a more sustainable fashion Reduce exposure of internal passwords to off-campus sites Motivate the campus business processes to improve local identity management

12 Presenter’s Name It works both ways – NIH as an identity provider Researchers at NIH wanting to participate in academic processes Using your NIH credential to access Elsevier journals, with privacy- protection enabled Accessing a controlled campus research wiki using NIH credentials Staff at NIH wanting to access inter-realm resources Using the NIH login to access professional development society materials Soon, access to MS NIH interns using their NIH credentials for medical school applications Students-only services, portal providers, etc…

13 Presenter’s Name For application owners Scalable growth in communities of users Relief from much of the pain of identity management Compliance with privacy directives The potential to offer higher risk applications in a secure and scalable fashion

14 Presenter’s Name The Transition Barriers The duct tape and the yellow sticky Either run dual systems for a while or ask some of the existing user base to do a one- time change Not all the pieces for scale are in place yet Getting to the network externality level in use

15 Presenter’s Name Robustness of infrastructure Coverage Reliability How good is the credential

16 Presenter’s Name Coverage and Reliability Shibboleth deployment widespread but often in local or state federations InCommon is growing steadily, and has a more significant research institution percentage Peering is not yet in place The enterprise directory and federation platform are usually redundant/load-balanced and secured systems.

17 Presenter’s Name How good is the credential As good as it needs to be… Broadly, credentialing in higher ed is good; it is the scope of who are granted identities that is unusual Campuses can do strong identity proofing, two factor authentication and extended audits for key subsets of their users that need such strength At most campuses, assertions within minutes can reflect account compromise, loss of credentials by the user, suspension of privileges by the campus, etc. DOJ and DHS

18 Presenter’s Name Collaboration and Federated Identity Two powerful forces being leveraged the rise of federated identity the bloom in collaboration tools, most particularly in the Web 2.0 space but including file shares, email list procs, etc Collaboration management platforms provide identity services to “well-behaved collaboration applications” Results in user and collaboration centric identity, not tool-based identity

19 Presenter’s Name Such interesting use cases UW-M wants to put their strategic planning process on a wiki and solicit inputs. They would like the inputs to be restricted to campus members but also be anonymous A class wiki has write access restricted to enrolled students, and another section available only to TA’s Permitting specific external users to view parts of some users calendars (e.g. allowing certain collaborators to search a local users calendar for open space) Scientific and administrative integrated workflow

20 Presenter’s Name Collaboration management platforms Addresses the pain of collaboration management, not the joy of collaboration tools Built on federated identity, they permit collaborators to organize around their shared activities, not the tools they might use to collaborate in their activities Manage the groups that have access to a wiki, are an email list, are in your video application phone book, have their own IM channel and audioconference, share files, etc. The applications make external calls for their identity services Communicate with each other via an attribute ecosystem

21 Federated Wiki Domain Science Grid Domain Science Instrument University AUniversity B Laboratory X Collaboration Management Platform Collaboration Tools/ Resources Application Attributes Home Org & Id Providers/ Sources of Authority Attribute Ecosystem Flows Attribute/Resource Info Data Store Collaboration Management Platform (CMP) and the Attribute Ecosystem Sources of Authority C o Authorization – Group Info Authorization – Privilege Info Authentication People Picker Other Functions manage File Sharing Calendar Phone/ Video Conference Email List Manager

22 Presenter’s Name What we’re on the edge of… A brave new world of operational interrealm trust Visible to the user as privacy managers, info-cards, etc Creating a richness of services and applications that build on the security and privacy On top of that trust layer, an operational collaboration mesh Supporting sciences, R&D and social collaboration Many of the web 2.0 genre, real time communications, file shares, etc Likely leveraging both federated and p2p trust A lot of unanticipated consequences…

Download ppt "New CyberInfrastructure for Collaboration between Higher Ed and NIH."

Similar presentations

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.
The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.

Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,

Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.

Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Internet Scale Identity, Collaboration and Higher Education.

Internet Scale Identity, Collaboration and Higher Education.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Www.incommon.org InCommon and Federated Identity Management 1 www.incommon.org.

InCommon and Federated Identity Management 1
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
InCommon Policy Conference April 2005. 2 Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.

Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.
Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.

Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Similar presentations

Ads by Google