GN3plus JRA3 T1 Attribute and Group management in the AAI environment

Transcription

1 GN3plus JRA3 T1 Attribute and Group management in the AAI environment Maarten Kremers, SURFnet Internet2 Technology Exchange 2014, Indianapolis, IN October 29 th 2014

2 GÉANT (GN3plus) - vital to the EU s e-infrastructure strategy Key Facts GN3plus Start date April Duration 24 months Total budget 84,283,018 EC contribution 41,800,000 Participants Project Partners: 38 NRENs, DANTE, TERENA, NORDUnet (representing 5 Nordic countries)! GN3plus: extension and expansion to 3rd term of the successful GÉANT networking project, vital to the EU s e-infrastructure strategy.! GÉANT vision: to become the unified European Communications Commons - driving knowledge creation as the global hub for research networking excellence! GÉANT Mission: to deliver world-class services with the highest levels of operational excellence! Co-funded: by the EU and Europe s NRENs 2

3 GN3plus - Innovation through collaboration for delivery of advanced networking services! Building the GÉANT eco-system through development and delivery of a world-class networking service portfolio:! Flexible connectivity options & test-bed facilities! Performance tools & expertise! Advanced AAI, cloud and mobility services! Collaborative research into state-of-the-art technology! network architectures - mobility, cloud, sensor, scientifc content delivery, high-speed mobile! identity and trust technologies! paradigm shifts in service provisioning and management! influencing global standards development! Open Calls to widen the scope and agility for innovation Delivering innovative services to end users, their projects and institutions across Europe and beyond: secure access to the network and resources they need, when and where they want it. 3

4 Europe s 100Gbps Network - e-infrastructure for the data deluge! Latest transmission and switching technology! Routers with 100Gbps capability! Optical transmission platform designed to provide 500Gbps super-channels! 12,000km of dark fibre! Over 100,000km of leased capacity (including transatlantic connections)! 28 main sites covering European footprint 4

5 GÉANT Global Connectivity - at the heart of global research networking GÉANT connects 65 countries outside of Europe, reaching all continents through international partners 5

6 Delivering world-class services to R&E communities JRA1: Network Architectures for Horizon 2020 JRA2: Technology Testing for Specific Service Applications JRA3: Identity & Trust Technologies for GÉANT Services SA1: Core Backbone Services SA2: Testbeds as a Service SA3: Network Service Delivery SA4: Network Support Services SA5: Application Services SA7: Support to Clouds SA6: Service Management & Operations NA1: Management NA2: Communications & Promotion NA3: Status & Trends NA4: International & Business Devpt 6

7 Collaboration 7

8 What s already there? Is getting more and more members! Opt-in by default gaining momentum Code of Conduct / Entity Category 8

9 Federation in Country A Federation A Federation D Federation B Service Providers Federation C Identity Providers 9

10 Federation A Federation D A A A Federation B Federation C 10

11 ? Federation A s for collaboration A A Federation D? A A Federation C Federation B? Groups 11

12 Federation A VO1 s Federation D Federation B VO2 s Federation C 12

13 What more to expect?! Bring your own Identity Social Identity, Trust frameworks Institution as AA Lifelong Learning, Author Identification Persistent ID, Researcher ID AuthZ in a federated and heterogeneous environment Loosening relation between ID and Attributes à Group Providers and AA s Separating AuthN & AuthZ User in Control 13

14 About JRA3-T1 GN3plus Project Joint Research Activity 3 à Identity and Trust Technologies Task 1 à Attributes and Groups in the cross institution environment SURFnet, CARNet, DFN, BADW-LRZ, GARR, NORDUnet, PSNC 14

15 Topics Group Management across organisations (using Grouper) Group Protocol (VOOT) AA: What s out there Studentness / Simple Validation Service 15

16 Group Management across organisations Use of centralised group management at the federation level for authorisation purposes Authorisation information a delegated to a specific system Leveraging Attributes Authorities using tools like Grouper 16

17 Group Management across organisations Proof of Concept using Grouper and 3 s Grouper as SAML AA implementation guide & Feasiblity report on the set-up available +organisational+context 17

18 Virtual Organisation Orthogonal Technology (VOOT) VOOT Use Cases VOOT specification v1 Finalised draft, gathering review comments VOOT Standardisation Engaging with IETF (SCIM WG) VOOT very close to SCIM (re)work to close the gap 18

19 VOOT Protocol (High-level) Information about me {BASE}/me! The groups that I am member of {BASE}/me/Groups! List of members of a group {BASE}/Groups/{GROUPID}/members! The role for a given combination of user and group. {BASE}/Roles/{GROUPID}/{USERID}! Querying for public groups {BASE}/Groups?search={SEARCH-TERM}! 19

20 AA: What is out there There are many kind of tools to support Collaboration Each having its own distinct strengths 20

21 AA: What is out there Heterogeneous environments Both Organisational and Technical Draft White paper together with HEXAA and PERUN on the problem space in the heterogeneous environment Fields for cooperation and standardization Creating an overview (end Q4 2014) 21

22 Simple Validation Service (inacademia.org) Validate Studentness Added value for services who collects there own attributes Usecases in the (non) educational world: discounts SimpleValidationService+Home 22

23 Simple Validation Service (inacademia.org) 23

24 More information: (Federated login possible! )

25 Thank you! Maarten Kremers