Federated Identity Management Interest Group
|
|
|
- Alison Foster
- 10 years ago
- Views:
Transcription
1 1 Federated Identity Management Interest Group The FIM interest group (FIMig) is an international crossdomain interest group to work on all issues related to the use FIM for the implementation of AAIs (Authentication and Authorization Infrastructures) in research infrastructures
2 Agenda 2 IG Federated Identity Management (FIM) This session will provide the opportunity to update participants on the recent activity of the deployment of pilots from several research communities and gather their input for policy alignment between European and US activities in the federated identity management domain. Bob Jones (CERN) - Overview of FIM4R activities and AARC: Authorisation and Authentication for Research Communities Ken Klingenstein (Internet2) - Covering the rest of the waterfront in FIM Dieter Van Uytvanack (Clarin): Single-sign on for a distributed infrastructure for social sciences and humanities - an update on CLARIN's FIM implementation Please use the sign-up sheet for this session: 2
3 What is FIM 4 R Series of workshops starting in June 2011 hosted by European research communities which have led to Convergence on a common vision for FIM Set of requirements and proposed a number of recommendations for the uptake of FIM paper Undertaken a series of prototypes/pilots with providers 3
4 The FIM 4 R Vision A common policy and trust framework for Identity Management based on existing structures and federations either presently in use by or available to the communities. This framework must provide researchers with unique electronic identities authenticated in multiple administrative domains and across national boundaries that can be used together with community defined attributes to authorize access to digital resources. Bob Jones (CERN) April 2014
5 FIM Pilots WLCG international grid/cloud data transfers High Energy Physics Community ELIXIR European genome phenome archive Life Science community CLARIN see Dieter s talk Umbrella AAI - Photon / Neutron community DARIAH: Digital Research Infrastructure for the Arts and Humanities ESA - Earth Observation community 5
6 edugain The purpose of edugain is to interconnect identity federations and simplify access to content, services and resources for the global research and education community Built on existing federations and infrastructures 6
7 4 Feb 15 Sirtfi at FIM4R, Kelsey 7
8 Wild West Impossible to impose practices on edugain participants! No minimal requirements for IdPs and SPs! No requirement to help/share/respond during security incidents! No process to make sure you will be informed of incidents, compromised IdPs, etc.! No incident reporting channel! No identity banning process 4 Feb 15 Sirtfi at FIM4R, Kelsey 8 8
9 Security for Collaborating Infrastructures (SCI) A collaborative activity of information security officers from large-scale infrastructures EGI, OSG, PRACE, EUDAT, CHAIN, WLCG, XSEDE, Developed out of EGEE security policy group We are developing a Trust framework Enable interoperation (security teams) Manage cross-infrastructure security risks Develop policy standards Especially where not able to share identical security policies Version 1 of SCI document 4 Feb 15 Sirtfi at FIM4R, Kelsey 9
10 AARC? Authentication and Authorisation for Research and Collaboration support the collaboration model across institutional and sector borders advance mechanisms that will improve the experience for users guarantee their privacy and security build on the very many existing and evolving components ESFRI clusters, edugain, national AAI federations, NGIs, IGTF, SCI, SirTFi, design, test and pilot any missing components integrate them with existing working flows 10
11 AARC Authentication and Authorisation for Research and Collaboration Two year project 19 funded plus 2 unfunded partners Coordinated by the Amsterdam Office NRENs, e Infrastructure providers and Libraries as equal partners About 3M euro budget Starting date 1 May,
12 AARC/REFEDS/GN4 Working together AARC Requirements REFEDS Anchored in real use cases Pilot AARC technical and policy findings Training Pre existing design work Federation Operators expertise Validate AARC finding GN4 Develop business case (P1) Costing Supply chain Pilot the deployment (P2) edugain Incorporate (P2, P3) 12
13 AARC Goals OUTREACH and TRAINING To lower entry barriers for organisations to join national federations To improve penetration of federated access TECHNICAL and POLICY Work To develop an integrated AAI built on production services (i.e. edugain) To define an incident response framework to work in a federated context To agree on a LoA baseline for the R&E community To pilot new components and best practices guidelines in existing production services 13
14 Training Activities Training for IdPs Directly focusing on research use cases, engaging their local researchers and their requirements Encourage them to harmonize through best practices Expand coverage of national identity federations, supporting institutions with low levels of technical or organisational preparedness Architectures for integrated/interoperable AAI technical elements needed for the integrated AAI: attribute frameworks and deployable web & non web technologies Support for guest IdPs Risk based models for AAI solutions GÉANT, Jim Buddin GRNET, Christos Kanellopoulos
15 Technical pilots Pilots on integrated R&E AAI Introduction of attribute management services Access to R&E + commercial services Guest services Build PoCs together with the community SURFnet, Paul & Niels van Dijk Demonstrate production worthy pilots that have a sustainability model e.g. adoption by the GEANT services activity, run by the research community, or by the e Infrastructures Facilitate researchers to collaborate in a secure and trusted virtual research environment
16 Policy and best practice harmonization Policy and Best Practices harmonisation collate a level of assurance framework for SPs: where we already have DP CoC, R&S EC for IdPs: express reasonably achievable assurances for AAs and communities: a new domain consistent handling of security incidents (in edugain &c) scalable policy expression and negotiation identify policies needed for attribute aggregation policy & security to enable the integration of attribute providers and of credential translation services support models for (inter)federated access (i.e. how are we going to sustain something scalable once AARC is over? guidelines to enable exchange of accounting data Nikhef, DavidG
17 Bob Jones (CERN) April 2014
18 Bob Jones (CERN) April 2014
19 Bob Jones (CERN) April 2014
Federated Identity Management for Research Communities (FIM4R)
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL, UK) [email protected] Federations Virtual Day 19 Jun 2013 Who am I? Head of Particle Physics Computing at RAL
VOPaaS Virtual Organisation Platform as a Service
VOPaaS Virtual Organisation Platform as a Service Marina Adomeit Task Leader, AMRES, Serbia Niels Van Dijk Technical Lead, SURFnet, The Netherlands FIM4R meeting Nov 30, 2015, Austria About VOPaaS in GÉANT
Federated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure
Federated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure Ahmed Shiraz Memon (JSC - DE) Jens Jensen (STFC escience - UK) Ales Cernivec (XLAB - SL) Krzysztof Benedyczak
Federated Identity Management for Research Collaborations
Federated Identity Management for Research Collaborations Paper Type: Research paper Date of this version: 23 rd April 2012 Abstract Federated identity management (FIM) is an arrangement that can be made
Federated Identity Management
Federated Identity Management SWITCHaai Team [email protected] Agenda 2 What is Federated Identity Management? What is a Federation? The SWITCHaai Federation Interfederation Evolution of Identity Management
The Case for NRENs John DYER
The Case for NRENs John DYER TF- MSP Meeting, Espoo, Finland 9/10 September 2015 Networks Services People www.geant.org The Case for NRENs Published January 2009 This presentation is dedicated to continuing
Building blocks for establishing federation with organizations like ESA
Building blocks for establishing federation with organizations like ESA ESA Single Sign-on & OGC Authentication Standard A. Baldi ESA: [email protected] M. Leonardi RHEA: [email protected] Helsinki
Federations 101. An Introduction to Federated Identity Management. Peter Gietz, Martin Haase
Authentication and Authorisation for Research and Collaboration Federations 101 An Introduction to Federated Identity Management Peter Gietz, Martin Haase AARC NA2 Task 2 - Outreach and Dissemination DAASI
Collaboration in the Cloud. Niels van Dijk, SURFnet, [email protected] CAMP, Nov 15 2013, San Francisco
Collaboration in the Cloud Niels van Dijk, SURFnet, [email protected] CAMP, Nov 15 2013, San Francisco R&E SURF in and The SURFnet Netherlands: SURF and SURFnet National Research & Education Network
Scientific Cloud Computing Infrastructure for Europe Strategic Plan. Bob Jones,
Scientific Cloud Computing Infrastructure for Europe Strategic Plan Bob Jones, IT department, CERN Origin of the initiative Conceived by ESA as a prospective for providing cloud services to space sector
Licia Florio Project Development Officer [email protected] www.terena.org Identity Federations in Europe
APAN Conference Honolulu, Hawaii 24 January 2008 Licia Florio Project Development Officer [email protected] www.terena.org Identity Federations in Europe Outline Networking Organisations in Europe Requirements
Toward the Clouds, Together!
Toward the Clouds, Together! Collaboration effort of European NRENs in Cloud Computing Branko Radojević, Deputy Director, CARNet/GEANT E-Infrastructure Autumn Workshops Chișinău Where do I come from? NRENs.000
Strategic approach to cloud computing deployment
Strategic approach to cloud computing deployment Slavko Gajin, (GN3plus, SA7T1) Datacenter IaaS workshop 2014 11-12. September, 2014 Cloud and NRENs Cloud is the latest big thing affecting NREN users Do
9360/15 FMA/AFG/cb 1 DG G 3 C
Council of the European Union Brussels, 29 May 2015 (OR. en) 9360/15 OUTCOME OF PROCEEDINGS From: To: Council Delegations RECH 183 TELECOM 134 COMPET 288 IND 92 No. prev. doc.: 8970/15 RECH 141 TELECOM
Executive summary. Prepared by Bob Jones (IT department) on behalf of CERN 17 March 2015
Towards the European Open Science Cloud Executive summary The objective of this paper is to propose the establishment of the European Open Science Cloud that will enable digital science by introducing
GÉANT IaaS suppliers meeting Towards Pan-European Cloud Services. Utrecht October 14 2015
GÉANT IaaS suppliers meeting Towards Pan-European Cloud Services Utrecht October 14 2015 Why and what TODAY More information about IaaS delivery through GÉANT Tender Provider GÉANT interaction Opportunity
8970/15 FMA/AFG/cb 1 DG G 3 C
Council of the European Union Brussels, 19 May 2015 (OR. en) 8970/15 NOTE RECH 141 TELECOM 119 COMPET 228 IND 80 From: Permanent Representatives Committee (Part 1) To: Council No. prev. doc.: 8583/15 RECH
Big Data in BioMedical Sciences. Steven Newhouse, Head of Technical Services, EMBL-EBI
Big Data in BioMedical Sciences Steven Newhouse, Head of Technical Services, EMBL-EBI Big Data for BioMedical Sciences EMBL-EBI: What we do and why? Challenges & Opportunities Infrastructure Requirements
TERENA Trusted Cloud Drive
SUCRE Workshop Open Source Clouds in the public sector 16-17 April, 2013 Poznan, Poland Peter Szegedi Project Development Officer [email protected] www.terena.org TERENA Trusted Cloud Drive Unleashing
data infrastructures framework for action for H2020
data infrastructures framework for action for H2020 Event Open Access Policy in Portugal Lisbon, 17 June 2013 Carlos Morais Pires European Commission e-infrastructures, DG CNECT.C1 Author s views do not
Procurement Innovation for Cloud Services in Europe
Procurement Innovation for Cloud Services in Europe CERN 14 May 2014 Bob Jones (CERN) This document produced by Members of the Helix Nebula consortium is licensed under a Creative Commons Attribution 3.0
Разработка программного обеспечения промежуточного слоя. TERENA BASNET Workshop, 16-17 November 2009 Joost van Dijk - SURFnet
Разработка программного обеспечения промежуточного слоя TERENA BASNET Workshop, 16-17 November 2009 Joost van Dijk - SURFnet Contents - SURFnet Middleware Services department: - eduroam, SURFfederatie,
THE RESEARCH INFRASTRUCTURES IN FP7
29 October 2004 Working Document on THE RESEARCH INFRASTRUCTURES IN FP7 Introduction In the Commission s communication on the financial perspectives of the European Union for the period 2007-2013 1, the
e-irg workshop Dublin 22-23 May 2013 Track 1: Coordination of e-infrastructures
e-irg workshop Dublin 22-23 May 2013 Track 1: Coordination of e-infrastructures Rossend Llurba e-irgsp3 Track 1 2 sessions Session 1 (Chair: Lajos Balint) 4 presentations Bob Jones Stephen Moffat Sandra
Federated Identity Management
Federated Identity Management SWITCHaai Introduction Course Bern, 1. March 2013 Thomas Lenggenhager [email protected] Overview What is Federated Identity Management? What is a Federation? The SWITCHaai Federation
ESKISP6055.01 Manage security testing
Overview This standard covers the competencies concerning with managing security testing activities. Including managing resources activities and deliverables. This includes planning, conducting and reporting
Federated Identity Management. Willem Elbers (MPI-TLA) EUDAT training
Federated Identity Management Willem Elbers (MPI-TLA) EUDAT training Date: 26 June 2012 Outline FIM and introduction to components Federation and metadata National Identity federations and inter federations
Bob Jones Technical Director [email protected]
Bob Jones Technical Director [email protected] CERN - August 2003 EGEE is proposed as a project to be funded by the European Union under contract IST-2003-508833 EGEE Goal & Strategy Goal: Create a wide
Estonian Scientific Computing Infrastructure (ETAIS)
Estonian Scientific Computing Infrastructure (ETAIS) Week #7 Hardi Teder [email protected] University of Tartu March 27th 2013 Overview Estonian Scientific Computing Infrastructure Estonian Research infrastructures
Cloud Computing Security Considerations
Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction
ELIXIR.SI elearning platform - EeLP
ELIXIR.SI elearning platform - EeLP Brane Leskošek, Jure Dimec, Domen Soklič, Aleš Maver, Jan Jona Javoršek, Jure Kranjc, Peter Juvan ELIXIR.SI, Faculty of Medicine Ljubljana, University Medical Centre,
Cisco Data Center Services for OpenStack
Data Sheet Cisco Data Center Services for OpenStack Use Cisco Expertise to Accelerate Deployment of Your OpenStack Cloud Operating Environment Why OpenStack? OpenStack is an open source cloud operating
ISA Work Programme SECTION I
ISA Work Programme SECTION I TABLE OF CONTENTS INTRODUCTION...4 1. THE CONTEXT...4 1.1. The need for the ISA programme...4 1.2. The political context...4 2. THE ISA PROGRAMME...5 3. THE EUROPEAN INTEROPERABILITY
NATIONAL CENTER FOR PUBLIC HEALTH INFORMATICS (CPE)
NATIONAL CENTER FOR PUBLIC HEALTH INFORMATICS (CPE) The National Center for Public Health Informatics (NCPHI) protects and improves the public s health through discovery, innovation, and service in health
Cisco Integrated Video Surveillance Solution: Expand the Capabilities and Value of Physical Security Investments
Cisco Integrated Video Surveillance Solution: Expand the Capabilities and Value of Physical Security Investments What You Will Learn In many enterprises, physical security departments are making a notable
Federated Identity Management for the EUDAT Data e-infrastructure
Federated Identity Management for the EUDAT Data e-infrastructure Principled promoting of persistent personal principals: particular practical perspectives Jens Jensen, STFC EUDAT AAI TF DPConline workshop
Agenda. NRENs, GARR and GEANT in a nutshell SDN Activities Conclusion. Mauro Campanella Internet Festival, Pisa 9 Oct 2015 2
Agenda NRENs, GARR and GEANT in a nutshell SDN Activities Conclusion 2 3 The Campus-NREN-GÉANT ecosystem CAMPUS networks NRENs GÉANT backbone. GÉANT Optical + switching platforms Multi-Domain environment
CLOUD POWER. NREN collaboration in GÉANT @ STF
CLOUD POWER NREN collaboration in GÉANT to enable and facilitate the Research and Education community to use online services on a large scale, with the right conditions @ STF MARCH 24 Andres Steijaert
Identity Management Systems for Collaborations and Virtual Organizations
Identity Management Systems for Collaborations and Virtual Organizations Topics Update on Internet identity IdM Systems for Virtual Organizations Goals Early Implementations Issues and Discussions Update
Steven Newhouse, Head of Technical Services
Challenges at EMBL-EBI Steven Newhouse, Head of Technical Services European Bioinformatics Institute Outstation of the European Molecular Biology Laboratory International organisation created by treaty
DASISH. Workshop Trust and Certification
DASISH Digital Services Infrastructure for Social Sciences and Humanities Workshop Trust and Certification Vigdis Kvalheim Norwegian Social Science Data Services (NSD) 16th -17th October NWO, Den Haag
TERENA Task Force TF-MSP Meeting Thursday 27th and Friday 28th November 2014 Hosted by University of Malta, Valletta. Notes by Magda Haver, TERENA
Page 1/n TERENA Task Force TF-MSP Meeting Thursday 27th and Friday 28th November 2014 Hosted by University of Malta, Valletta Notes by Magda Haver, TERENA 1. Introduction Martin Bech chair of TF-MSP opened
A Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR
A Shibboleth View of Federated Identity Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR Short Section Title Agenda Assumptions and Trends Identity Management and Shibboleth Shibboleth
Workprogramme 2014-15
Workprogramme 2014-15 e-infrastructures DCH-RP final conference 22 September 2014 Wim Jansen einfrastructure DG CONNECT European Commission DEVELOPMENT AND DEPLOYMENT OF E-INFRASTRUCTURES AND SERVICES
CLOUD POWER. NREN collaboration in GÉANT
CLOUD POWER NREN collaboration in GÉANT to enable and facilitate the Research and Education community to use online services on a large scale, with the right conditions @ edupert MARCH 19 Andres Steijaert
Introduction to perfsonar
Introduction to perfsonar Loukik Kudarimoti, DANTE 27 th September, 2006 SEEREN2 Summer School, Heraklion Overview of this talk Answers to some basic questions The need for Multi-domain monitoring What
DG CONNECT (Unit H5) Overview of the European Data Centre/Smart Cities initiatives in DG Connect H5
DG CONNECT (Unit H5) Overview of the European Data Centre/Smart Cities initiatives in DG Connect H5 Svetoslav Mihaylov Scientific/Technical Project Officer Smart Cities and Sustainability Directorate-General
The European Alliance for IoT Innovation
The European Alliance for IoT Innovation An Innovation Perspective Rolf Riemenschneider Thibaut Kleiner DG CONNECT E1 Network Technologies European Commission 1 Value creation from digitisation: Products,
A cross-platform model for secure Electronic Health Record communication
International Journal of Medical Informatics (2004) 73, 291 295 A cross-platform model for secure Electronic Health Record communication Pekka Ruotsalainen National Research and Development Centre for
PAKITI Patching Status System
PAKITI Patching Status System EGI-InSPIRE A Race for Security: Identifying Vulnerabilities on 50 000 Hosts Faster then Attackers Michal Procházka 1, Daniel Kouřil 1, Romain Wartel 2, Christos Kanellopoulos
European Research Area
European Research Area Facts and Figures 2013 Research and Innovation EUR 26030 EN EUROPEAN COMMISSION Directorate-General for Research and Innovation Directorate B European Research Area Unit B1 ERA Policy
Certified Information Security Manager (CISM)
Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security
