Presentation is loading. Please wait.

Presentation is loading. Please wait.

Networks ∙ Services ∙ People Daniela Pöhn REFEDS EWTI, Vienna IdPs and Federations Service Aspects of Assurance 2015-12-01 SA5T1.

Published byLesley Franklin Modified over 8 years ago

Similar presentations

Presentation on theme: "Networks ∙ Services ∙ People Daniela Pöhn REFEDS EWTI, Vienna IdPs and Federations Service Aspects of Assurance 2015-12-01 SA5T1."— Presentation transcript:

1 Networks ∙ Services ∙ People www.geant.org Daniela Pöhn REFEDS meeting @ EWTI, Vienna IdPs and Federations Service Aspects of Assurance 2015-12-01 SA5T1 Subitem Service Aspects of Assurance Research Assistant LRZ/DFN-AAI

2 Networks ∙ Services ∙ People www.geant.org FIM4R: higher LoA  Federations: lower LoA Analysis of user communities (AARC) and identity providers and federations (GÉANT) Investigations of the business, e.g., benefits and implications  Assurance schemes  Achievability / expense of development  Cost and impact of adopting assurance schemes  … End goal: some sort of cost-analysis 2 Motivation

3 Networks ∙ Services ∙ People www.geant.org https://wiki.geant.org/display/gn41sa5/Federation+survey Results: LoA in place with contracts Identity Management Practice Statement, but not enforced Documented, but not enforced Most federations/IdPs do not want a higher LoA Impacts on adopting LoA: between none till high costs Hub-and-spoke federations have more control 3 Survey on federations

4 Networks ∙ Services ∙ People www.geant.org https://wiki.geant.org/display/gn41sa5/IdP+survey Results: Individual accounts Most IdPs have an identity vetting process, but not documented Most IdPs have certain password qualities (Almost) no second-factor authentication Update of account/affiliation between less than 2 weeks and more than 6 months Partly documented Partly Incident Response Process 4 Survey on identity provider

5 Networks ∙ Services ∙ People www.geant.org Without much manpower or high costs: Unique identifies Persistent, not re-assigned identifiers (Internal) documentation of the vetting process Other aspects seem to be more expensive or time consuming: Documentation of all processes Promptly update of information Second-factor authentication Audit 5 Possible costs

6 Networks ∙ Services ∙ People www.geant.org Individual accounts Persistent, non re-assigned identifiers Documented identity vetting, which is not necessarily face to face Password authN with some good practices Departing user’s ePA changes promptly Self-assessment of LoA supported with specific guidelines 6 Baseline requirements

7 Networks ∙ Services ∙ People www.geant.org Self-assessment template / tool: GÉANT web tool including recommendations and best practices (combined with SIRTIFI and other monitoring/testing tools), For IdPs, who need a higher LoA: Peer (pairwise) auditing of IdPs Second-factor authentication: GÉANT could offer it as a service or procure Duo-type solution for community 7 Potential solutions

8 Networks ∙ Services ∙ People www.geant.org Are baseline requirements ok? Individual accounts Persistent, non re-assigned identifiers Documented identity vetting, which is not necessarily face to face Password authN with some good practices Departing user’s ePA changes promptly Self-assessment of LoA supported with specific guidelines How to technically signal compliance with baseline requirements? … 8 Discussions

9 Networks ∙ Services ∙ People www.geant.org Thank you Networks ∙ Services ∙ People www.geant.org This work is part of a project that has applied for funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 691567 (GN4-1). 9 daniela.poehn@lrz.de Do you have any questions?

Download ppt "Networks ∙ Services ∙ People Daniela Pöhn REFEDS EWTI, Vienna IdPs and Federations Service Aspects of Assurance 2015-12-01 SA5T1."

Similar presentations

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
 ELECTRI Council Meeting  Information Technology Assessment for Line Electrical Contractors Vanessa Valentin, Ph.D. Assistant Professor Department of.

 ELECTRI Council Meeting  Information Technology Assessment for Line Electrical Contractors Vanessa Valentin, Ph.D. Assistant Professor Department of.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.

Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.
Networks ∙ Services ∙ People www.geant.org Mandeep Saini TF-MSP, Espoo, Finland Service Delivery and Adoption 10 th Sep 2015 Task Leader, GN4-1 SA7 T3.

Networks ∙ Services ∙ People Mandeep Saini TF-MSP, Espoo, Finland Service Delivery and Adoption 10 th Sep 2015 Task Leader, GN4-1 SA7 T3.
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.

Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Pilots on the Integrated R&E AAI Paul van Dijk, Activity Lead Pilots.

Authentication and Authorisation for Research and Collaboration Pilots on the Integrated R&E AAI Paul van Dijk, Activity Lead Pilots.
Test your IdP

Test your IdP
Networks ∙ Services ∙ People www.geant.org Nicole Harris, GÉANT 45 th TF-CSIRT Meeting, Poznan, Poland Working Group: TI Service Requirements review TF-CSIRT.

Networks ∙ Services ∙ People Nicole Harris, GÉANT 45 th TF-CSIRT Meeting, Poznan, Poland Working Group: TI Service Requirements review TF-CSIRT.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Niels van Dijk AARC General Meeting Authentication and Authorisation.

Authentication and Authorisation for Research and Collaboration Niels van Dijk AARC General Meeting Authentication and Authorisation.
Networks ∙ Services ∙ People www.geant.org 1 European Workshop on Trust and Identity Date: 30 November – 3 December 2015 Location: Vienna, Austria Organisers:

Networks ∙ Services ∙ People 1 European Workshop on Trust and Identity Date: 30 November – 3 December 2015 Location: Vienna, Austria Organisers:
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.
Networks ∙ Services ∙ People Nicole Harris, GÉANT GN4 Project Update “SA5”, or Identity Stuff Internet2 Technology Exchange 2015.

Networks ∙ Services ∙ People Nicole Harris, GÉANT GN4 Project Update “SA5”, or Identity Stuff Internet2 Technology Exchange 2015.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Mikael Linden AARC all hands Milan Authentication and Authorisation.

Authentication and Authorisation for Research and Collaboration Mikael Linden AARC all hands Milan Authentication and Authorisation.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.

Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.

Similar presentations

Ads by Google