Presentation is loading. Please wait.

Presentation is loading. Please wait.

FIM-ig Federated Identity Management Interest Group.

Published byStephanie Gordon Modified over 8 years ago

Similar presentations

Presentation on theme: "FIM-ig Federated Identity Management Interest Group."— Presentation transcript:

1 FIM-ig Federated Identity Management Interest Group

2 2  Introduction FIM, what is it what should it do. A short overview including FIM4R activities  Stakeholders, who is here, what are their interests?  What is or should be within the IG scope?  Specific topics within FIM, priorities for our group.  How to organize ourselves further. Agenda

3 3 Purpose:  Allow access to distributed services with a single set of credentials  Maintained at the user’s (trusted) home organization  Single Sign-on Why?  Economic advantages  Scaling  Separate domains of responsibility  Convenience  Existing organizational infrastructure for research & education: National Identity Federations etc. Federated Identity

4 4 Federations Federation External Local DB HTTP LDAP SAML (HTTP) DB IDP SP B BB HTTP From a local user store to a federation…

5 5 Federations Federation External Local DB HTTP LDAP SAML (HTTP) DB IDP SP B BB HTTP From a local user store to a federation… IDP DB RDB SP B SAML (HTTP)

6 6 Federation IDP SP IDP SP IDP SP W  Federation Operator  A formal agreement:  Privacy issues  Traceability  Agreement on user attributes exchange  Agreement on attribute semantics  Common Attribute set definition  …  Exchange method for (federation) metadata What makes a Federation? FO Federations

7 7 Federation A IDP SP IDP SP IDP SP W Inter Federation FO Federations Federation B IDP SP IDP SP IDP SP FO IFO

8 8  The attributes released by the Home Organization can be used for Authorization  Can be sufficient to identify ‘academic users’ or ‘affiliation’  So allow students of ‘University X’ access to ‘Library Y’  However more complicated cases are difficult:  Organizational distance between IdP and SP inhibits having very specific attributes such as: User A signed ‘license B’ and is a member of ‘Organization X’  There is eduPersonEntitlement, but the scope of use is limited  Better use ‘external’ community specific attribute providers that can hold such specific attributes  User authentication and identification is already a worthwhile cause FIM for Authorization

9 9  Sharing data with non-academic users  Homeless Identity Provider operated by specific communities  Allowing access with social network accounts  What are the consequences  Level of assurance  Federation operators  ? Homeless users

10 10  IN EU, several research communities saw the potential of FIM and have been experimenting and using FIM  But not in a unified approach,  Unification and coordination came mostly from FIM service providers as the national academic federation providers  While technology and organizational structure is still maturing and in need of steering  Common needs should be communicated to FIM providers, funding agencies etc.  So FIM4R initiative as an initiative of the research communities to find commonalities in FIM requirements and  discuss with the stakeholders and  produce recommendations FIM for Research (FIM4R) initiative

11 11  Communities Involved: High Energy Physics, Life Sciences, SSH, European Neutron Photon facilities, Earth Sciences  Had now six FIM4R workshops organized by different communities: CERN in June 2011, RAL in November 2011, Taipei in February 2012, MPI-PL in June 2012, PSI in March 2013, CSC in Oct 2013  As a result of these workshops, a common vision for FIM across the research collaborations has emerged along with the desire to see this implemented with a roadmap and a set of recommendations. FIM for Research (FIM4R) initiative

12 12 Need for a common policy and trust framework for Identity Management based on existing structures and federations either presently in use by or available to the communities. This framework must provide researchers with unique electronic identities authenticated in multiple administrative domains and across national boundaries that can be used together with community defined attributes to authorize access to digital resources. The necessary brevity of the vision statement had us skip some issues, but it is relatively complete Common Vision for FIM

13 13 Non exhaustive list of problems the communities need solved  Non-browser based application support  Multi-tier delegation for Web Services  Generation of (short-lived) X509 certificates  Lacking attribute release by IdPs  Within the academic federations themselves  Between federations i.e. eduGAIN inter-federation  Need different Levels of Assurance (LoA) to cater for different sensitive data levels  User friendly solutions: Homeless IdP, Discovery Services, …  Community specific attributes  Unique persistent user identification  Cater for citizen scientists (homeless IdP, Social networks) Community perceived FIM problems from FIM4R discussions

14 14  Recommendations to the research communities  Pragmatic Risk Analysis from the RI viewpoint  Pilot studies to explore further requirements and provide feedback on technologies and service providers  Recommendations to technology providers  Separation of Authentication and Authorization  Credential revocation  Attribute delegation to the research community  More levels of security  Recommendations to funding agencies  Funding for FIM technologies that are focused on solving the described issues Recommendations

15 15  Hope to catch a wider, global audience  More facilities to have a continuous interaction  Perhaps create an umbrella for other also non-RDA related FIM activities  Possibility to create WGs on specific topics within the FIM IG  Interaction with other groups:  DFT  User Identification, ORCID  … Why a FIM Interest Group next to FIM4R?

16 16  As Research Communities, ESFRI Research Infrastructures have also identified FIM as a key common point: Paper: “Realising the full potential of research data: common challenges in data management, sharing and integration across scientific disciplines” https://zenodo.org/record/7636 ESFRI Research Infrastructures

17 17  Research Communities  FIM Service providers  Federation operators  FIM Software developers  ?  Funding  Industry Stakeholders in FIM, who is here?

18 18  No exclusions? Specific topics:  User attributes: release policy, attribute sets  Security levels  Scenarios needing connection to other technologies:  OpenID (Connect)  OAUTH  X509  Non-browser tools  Organizational/management issues  Federation as a service What should be in the FIM ig scope, what are priorities

19 19  Documentation gathering  Prioritising areas of investigation and building a roadmap to produce results How to organize ourselves further.

20 Thank You

Download ppt "FIM-ig Federated Identity Management Interest Group."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
CLARIN AAI, Web Services Security Requirements

CLARIN AAI, Web Services Security Requirements
Federated Identity Management for Research Communities: FIM 4 R CSC, Helsinki 2 nd October 2013 Bob Jones, CERN.

Federated Identity Management for Research Communities: FIM 4 R CSC, Helsinki 2 nd October 2013 Bob Jones, CERN.
Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC 2014 20 May 2014 Dublin.

Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC May 2014 Dublin.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
ESA EO Federated Identity Management Initiatives A. Baldi ESA: M. Leonardi RHEA:

ESA EO Federated Identity Management Initiatives A. Baldi ESA: M. Leonardi RHEA:
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.

BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.
Authentication and Authorization in a federated environment Jules Wolfrat (SARA)

Authentication and Authorization in a federated environment Jules Wolfrat (SARA)
Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service 2012-02-27 Federated Identity Systems.

Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop 09.06.2011, CERN,

EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop , CERN,

Similar presentations

Ads by Google