Presentation is loading. Please wait.

Presentation is loading. Please wait.

Campus Identity Management Requirements (=IAP) REFEDs meeting 7.6.2009 Mikael Linden,

Published byAlaina May Modified over 8 years ago

Similar presentations

Presentation on theme: "Campus Identity Management Requirements (=IAP) REFEDs meeting 7.6.2009 Mikael Linden,"— Presentation transcript:

1 Campus Identity Management Requirements (=IAP) REFEDs meeting 7.6.2009 Mikael Linden, mikael.linden@csc.fi

2 Two aspects for Campus IdM  Campus IdM = the IdM system feeding the IdP with identities (technics+processes) 1.Traditional LoA: Level of Assurance for Authentication Initial identity proofing, credential quality etc NIST 800-63 and EU IDABC/STORK covers only this 2.Attribute quality (especially, those for authorisation) ePA=”student” (Has s/he graduated but accounts not closed?) ePEntitlement=… (Has s/he changed his/her project but entitlement not cancelled?) Out of scope for NIST 800-63

3 Implementing Campus IdM  Supplemented by manual processes Metadirectory Syncronise attributes Relying systems operating systems, applications Base Registries New identities Student registry HR registry Enterprise directory UnixmailIdPetc

4 Why Campus IdM quality? It Increases Trust!  Earlier poor Campus IdM quality was an internal problem for universities  Now also the federation SPs suffer form it  SPs want to know there is a floor for IdM quality in any IdP Requirements coming, e.g. (”community of practice”)  TERENA Grid Certificate Service Project  CLARIN project

5 The floor and the steps The IdM quality floor Every IdP in a federation needs to fulfil Higher LoA level (e.g. indicated using SAML authenticationContext) Higher LoA level Hierarchical or not? What is easy enough to fly?

6 Assuring the CIdM quality with audits Who makes? 1.Self-audit E.g. checklists, questionnaires that home organisations fill in The federation operator checks the answers 2.Peer audit As above, but joining home organisations audit each others 3.External audit External auditor makes the audit (1000 EUR a day) When? 1.When an IdP is registered to the federation 2.Reqular re-audits?

7 The Haka way  Common knowledge: some universities in Finland didn’t bother to close accounts for departing users  When Haka policy was outlined, Haka steering group insisted First do your homework and clean the Campus IdM Then register your IdP to Haka  Federation operator has published Minimum requirements A questionnaire for self-audit http://www.csc.fi/english/institutions/haka/registration/idm-description  IdP-wannabe fills in and publishes the questionnaire  Haka federation checks that minimum requirements are fulfilled

Download ppt "Campus Identity Management Requirements (=IAP) REFEDs meeting 7.6.2009 Mikael Linden,"

Similar presentations

Federation management A mess? 9.4.2008 Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.

Federation management A mess? Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.
The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC 2014 20 May 2014 Dublin.

Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC May 2014 Dublin.
Resource Entitlement Management System Manne Miettinen Mikael Linden Janne Lauros CSC – IT Center for Science.

Resource Entitlement Management System Manne Miettinen Mikael Linden Janne Lauros CSC – IT Center for Science.
Getting to Silver: Practical Matters for CIC Universities Tom Barton University of Chicago © 2009 The University of Chicago.

Getting to Silver: Practical Matters for CIC Universities Tom Barton University of Chicago © 2009 The University of Chicago.
Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.

Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.
5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.

5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.

Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Kalmar Union 15.1.2008 Mikael Linden CSC, the Finnish IT Center for Science.

Kalmar Union Mikael Linden CSC, the Finnish IT Center for Science.
Insight Consulting Siemens Identity Management Survey Conducted April – June 2007 Info

Insight Consulting Siemens Identity Management Survey Conducted April – June 2007 Info
Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna 17-18 Oct 2011

Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Refeds federation survey update Theme of the day: Campus Identity Management TF-EMC2 Umeå 9th Jul 2008 CSC, the Finnish IT Center.

Refeds federation survey update Theme of the day: Campus Identity Management TF-EMC2 Umeå 9th Jul 2008 CSC, the Finnish IT Center.
EduGAIN Code of Conduct Workshop, 2012-02-09, Brussels GEANT eduGAIN Data Protection Code of Conduct Workshop Dieter Van Uytvanck

EduGAIN Code of Conduct Workshop, , Brussels GEANT eduGAIN Data Protection "Code of Conduct" Workshop Dieter Van Uytvanck
InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb

InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb

Similar presentations

Ads by Google