Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scared Straight… if you want to go outside… Authenticate Locally, Act Globally.

Published byHope Daniels Modified over 8 years ago

Similar presentations

Presentation on theme: "Scared Straight… if you want to go outside… Authenticate Locally, Act Globally."— Presentation transcript:

1 Scared Straight… if you want to go outside… Authenticate Locally, Act Globally

2 Topics Externalities who care about our IdM Content Services Government Virtual organizations Internal federations Security, usability and privacy And now, for the rest of the story…

3 Externalities Relying Parties want to use campus authn For economies Not another sso to incorporate into the app Avoid much of the costs of account management For scaling in users Interest is tempered by legal considerations, policy considerations, and unintended disruptive economic consequences

4 Content To protect IPR (the JSTOR incident…) To open up markets Popular content – Ruckus, CDigix, etc MS Scholarly content – Google, OCLC WorldCat Scope of IdM may be an issue

5 Services Student travel, charitable giving, web learning and testing, plagiarism testing service, etc. Allure for alumni services and other internal businesses Student loans, student testing, graduate school admissions, etc. The Teragrid

6 Government NSF Fastlane Grant Submission Dept of Agriculture Permits Social Security NIH Dept of Ed

7 Virtual Organizations The big team science efforts, and even smaller collaborations with real resources to be managed seriously Have their own IdM issues Collaboration tools Domain science identity management Today’s solutions are non-existent, insecure or widely despised… Could leverage federated identity for both ease of use and better security

8

9 Peering

10 Possible peering parameters LOA Attribute mapping Economics Liability Privacy

11 VOs plumbed to federations

12 Inviting Attributes into your life… For privacy and secrecy Albeit for a refined view of privacy For better security Federated identity allows for stronger security where needed in a manner scalable for both RP and the user. For efficiency

13 The impacts on cyberinfrastructure “ The event was a nice example of why you get on an airplane and travel to a workshop - to make progress about 50 times faster than exchanging email and position papers! Having made this investment, we are ready to take the next concrete steps to make this vision a reality. Improving security and usability at the same time. How often do you get a chance to do that? “ Charlie Catlett, Teragrid Director

14 And Now for the Rest of the Story The Simple Life and the Simple User The Full IdM Life Real IdM Life and the Attribute Economy

15 User Application access controls (including network devices) IdP Shib p2p

16 User Application access controls (including network devices) IdP Shib p2p Source of Authority Source of Authority Source of Authority Authn Autograph A Simple Life GUI

17 User Application access controls (including network devices) IdP Shib p2p Source of Authority Source of Authority Source of Authority A Full IdM Life Local apps

18 Relative Roles of Signet & Grouper Grouper Signet RBAC (role-based access control) model Users are placed into groups (aka “roles”) Privileges are assigned to groups Groups can be arranged into hierarchies to effectively bestow privileges Grouper manages, well, groups Signet manages privileges Separates responsibilities for groups & privileges

19 User Application access controls (including network devices) Shib p2p Source of Authority Source of Authority Source of Authority Authn Autograph A Full Life GUI Signet/ Grouper IdP Local apps

20 User Application access controls (including network devices) IdP Shib p2p Source of Authority Source of Authority Source of Authority Portal Gateway Proxy Source of Authority Source of Authority Source of Authority Source of Authority Source of Authority Real Life

21 User Application access controls (including network devices) IdP Shib p2p Source of Authority Source of Authority Source of Authority VO Service Center Gateway Source of Authority Source of Authority Source of Authority IdP

22 User Application access controls (including network devices) IdP Shib p2p Autograph Authn Source of Authority Source of Authority S/G VO Service Center Source of Authority S/G A VO Service Center Flow

Download ppt "Scared Straight… if you want to go outside… Authenticate Locally, Act Globally."

Similar presentations

GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.

GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.
Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.

The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.
PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.

PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.
From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…

From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…
User Attributes; who, where, how many? Daan Broeder TLA – MPI for Psycholinguistics.

User Attributes; who, where, how many? Daan Broeder TLA – MPI for Psycholinguistics.
Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,

Internet2 and other US WMD Update. Topics Update on non-merger, Newnet (and the control plane), InCommon and other feds “Product” update – Shib, Grouper,
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.

Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
Identity Federation: Some Challenges and Thoughts OGF 19 Jan 30, 2007 Von Welch

Identity Federation: Some Challenges and Thoughts OGF 19 Jan 30, 2007 Von Welch
Internet Scale Identity, Collaboration and Higher Education.

Internet Scale Identity, Collaboration and Higher Education.
Some Frontier Issues from the Wild, Wild West Ken Klingenstein.

Some Frontier Issues from the Wild, Wild West Ken Klingenstein.
NSF Middleware Initiative: GridShib Tom Barton University of Chicago.

NSF Middleware Initiative: GridShib Tom Barton University of Chicago.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
New CyberInfrastructure for Collaboration between Higher Ed and NIH.

New CyberInfrastructure for Collaboration between Higher Ed and NIH.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
NOS Objectives, YR 4&5 Tony Rimovsky. 4.2 Expanding Secure TeraGrid Access A TeraGrid identity management infrastructure that interoperates with campus.

NOS Objectives, YR 4&5 Tony Rimovsky. 4.2 Expanding Secure TeraGrid Access A TeraGrid identity management infrastructure that interoperates with campus.
Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.

Intro to Identity for Developers Tom Barton, U Chicago Scott Cantor, Ohio State Patrick Michaud, U Washington.
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.

Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.

Similar presentations

Ads by Google