Download presentation
Presentation is loading. Please wait.
Published byEugene Lynch Modified over 9 years ago
1
Refeds federation survey update Theme of the day: Campus Identity Management TF-EMC2 Umeå 9th Jul 2008 Mikael.Linden@csc.fi CSC, the Finnish IT Center for Science
2
Federation survey wiki In the Rediris wiki http://www.rediris.es/wiki/tf-emc2/index.php/Federations Publicly readable, editing needs username+passwd for the wiki (ask Diego if you don’t have one) Federation representatives are expected to maintain their data in the wiki by themselves Following numbers are based on the current entries in the wiki
3
Federations covered so far 1.AAF (.au) Some data 2.SWITCHaai (.ch) Full data 3.DFN-AAI (de)Full data 4.WAYF (.dk) Some data 5.CBIC (.es) Full data 6.Sauwok (.es) No data 7.SIR (.es)Full data 8.Haka (.fi) Full data 9.CRU (.fr) Full data 10.GRNET (.gr)Full data 11.AAI@EduHr (.hr) Full data 12.SURFnet (.nl) Full data 13.FEIDE (.no) Full data 14.Swamid (.se) Some data 15.UK Access Management Federation for Education and Research (.uk) Full data 16.InCommon (.us) Full data 17.IGTF (int)Full data
4
13 Production federations Federation (since)ProtocolsImplementations SWITCHaai (ch, 8/2005)Shib 1.3, SAML2Shib 1.3, Shib 2 DFN (de, 11/2007)Shib 1.3, (SAML2)Shib 1.3 CBIC (es, 7/2002)PAPIPAPI 1.4 SIR (es, 4/2008)PAPI, Shib 1.3, OpenIDPAPI 1.4/5, Shib 1.3/2 SimpleSAMLphp Haka (fi, 8/2005)Shib 1.3Shib 1.3 CRU (fr, 10/2006)Shib 1.3Shib 1.3 GRNET (gr, 1/2007)Shib 1.3Shib 1.3 AAI@edu.hr (hr)RADIUS+SOAP/SAML RADIUS+AOSI+SimpleSAML Surfnet (nl,11/2007)A-select, Shib1.3,A-Select+PingFederate SAML2, WS-fed FEIDE (no, 5/2003)SAML2, MoriaMoria2, Sun AM UK fed (uk, 11/2006)Shib 1.3 InCommon (us)Shib 1.3Shib 1.3 IGTF (int, 10/2005)X.509OpenSSL, OpenCA etc
5
IdPs and End users Federation# of users# of IdPs SWITCHaai (ch)260 000 (95%) 35 IdPs DFN (de)26 IdPs CBIC (es) 4469 120 IdPs SIR (es)130 000 (20%)13 IdPs Haka (fi) 260 000 (80%)26 IdPs CRU (fr) 640 000 (45%) 42 IdPs GRNET (gr)30 000 (30%)19 IdPs AAI@edu.hr 530 000 220 IdPs Surfnet (nl)110 00013 IdPs Feide (no) 205 000 (80%) 17 home orgs UK fed (uk) 182 IdPs InCommon (us)1 700 00053 IdPs IGTF (int)thousands57 IdPs
6
SPs and categories Federation# SPsCategories of SPs SWITCHaai (ch) 265eLearning DFN (de)17 CBIC (es)145Content/library SIR (es)4Content/library, eLearning Haka (fi)46eLearning, library, administration CRU (fr)41library, roaming, eLearning GRNET (gr)4 AAI@edu.hr 70network access, eLearning, computing Surfnet (nl)library, eLearning Feide (no)50administration, self-service, library etc UK fed (uk)160eLearning, library InCommon (us)112 IGTF (int)dozengrid
7
Requirements for Campus IdM: Initial authentication FederationRequirements the federation imposes on initial authN SWITCHaai (ch) No (local rules only) DFN (de)No (local rules only) CBIC (es)Face to face registration SIR (es)No (local rules only) Haka (fi)Face to face or first login using bank ID CRU (fr)No (local rules only) GRNET (gr)No (local rules only) AAI@edu.hr Federation lays overall rules, the rest done locally Surfnet (nl)No (local rules only) Feide (no)Photo ID or NIN+PIN UK fed (uk) Federation lays overall rules, the rest done locally InCommon (us)No (local rules only) IGTF (int)Photo ID
8
Requirements for Campus IdM: On-line authentication during login FederationRequirements the federation imposes on on-line authN SWITCHaai (ch) No (local rules only) DFN (de)uid/pwd (local rules only) CBIC (es)Pwd quality control and change patterns. Some use of x509 SIR (es)No (local rules only) Haka (fi)Pwd at least 8 characters CRU (fr)No (local rules only) GRNET (gr)No (local rules only) AAI@edu.hr Federation lays overall rules, the rest done locally Surfnet (nl)No (local rules), some use of X509&OTP. Work on best practice Feide (no)uid/pwd (local rules only) UK fed (uk) IdP stating they provide user accountability must train users InCommon (us)No (local rules only) IGTF (int)X.509
9
Requirements for Campus IdM: When a user departs… FederationRequirements the federation imposes on closing an account SWITCHaai (ch) Local established process DFN (de)in 2 weeks CBIC (es)must be kept up-to-date SIR (es)must be kept up-to-date Haka (fi)in 1 week CRU (fr)Local rules only GRNET (gr)Local rules only AAI@edu.hr On best effort Surfnet (nl)Local rules only Feide (no)in 24 hours UK fed (uk) ”promptly” InCommon (us)Local rules only IGTF (int)not applicable
10
Requirements for Campus IdM: Audits on Campus IdM? FederationRequirements on Campus IdM audits SWITCHaai (ch) No DFN (de)No CBIC (es)According to common policies of CSIC SIR (es)According to local policies Haka (fi)Self-audit for joining IdPs. IdM description published CRU (fr)IdP must provide its IdM policy to CRU on request GRNET (gr)No AAI@edu.hr If deviations detected. Certifications of IdPs planned. Surfnet (nl)If abuse detected, IdP must publish its IdM policy Feide (no)Audit based on a check-list for joining IdPs UK fed (uk) If deviations detected. Uncompliant IdPs dropped out. InCommon (us)No IGTF (int)Initial audit + annual self-audit. CP/CPS published
11
Please remember to update your federations’ data in the Refeds wiki!
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.