Broadening Iden-ty & Access Management: InCommon Federa-on

Similar documents
InCommon Partnership Models and Trust Fabrics. Mark Johnson Mark Scheible Ann West John Krienke David Walker

Single Sign On at Colorado State. Ron Splittgerber

TRUST AND IDENTITY EXCHANGE TALK

Identity Management Systems for Collaborations and Virtual Organizations

Shibboleth User Verification Customer Implementation Guide Version 3.5

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department


European Research Council

OHIM SEARCH TOOLS: TMVIEW, DSVIEW AND TMCLASS. Making trade mark and design information readily available for users

EUMEDCONNECT2 AAI information day

LIGO Identity Management: Questions I Wish We Would Have Asked

XSEDE12 Panel: Security for Science Gateways and Campus Bridging

How Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data

New InCommon Working Groups

Microsoft survey on enterprise social use and perceptions

SME Instrument statistics

Federated Identity Management Checklist

European Research Council

Identity Management. Manager, Identity Management. Academic Technology Services. Michigan State University Board of Trustees

TEPZZ 87_546A T EP A2 (19) (11) EP A2 (12) EUROPEAN PATENT APPLICATION. (51) Int Cl.: G05B 19/05 ( )

Axioma Risk Monitor Global Developed Markets 29 June 2016

egovernment Digital Agenda Scoreboard 2014

TEPZZ 9 Z5A_T EP A1 (19) (11) EP A1. (12) EUROPEAN PATENT APPLICATION published in accordance with Art.

Collaboration in the Cloud. Niels van Dijk, SURFnet, CAMP, Nov , San Francisco

Bringing Federated Identity to Grid Computing. Dave Dykstra CISRC16 April 6, 2016

Update on the Cloud Demonstration Project

Title (fr) SOURCE IONIQUE INTERNE DOUBLE POUR PRODUCTION DE FAISCEAU DE PARTICULES AVEC UN CYCLOTRON

WorldSkills Leipzig July 2013 Days to go 298

ZOZ 213 VAS

The EU s 2030 Effort Sharing Agreement

An Analysis of the Benefits and Risks to LIGO When Participating in Identity. Federations

Annex A to the MPEG Audio Patent License Agreement Essential Philips, France Telecom and IRT Patents relevant to DVD-Video Player - MPEG Audio

MM, EFES EN. Marc Mathieu

A Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR

TEPZZ 6_Z76 A_T EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (51) Int Cl.:

Update on Internet Identity and Scalable Access Control. Ken Klingenstein,

CAS s IDP system and resources in Education Cloud

Trials and (Minor) Tribulations

Where People Search for Jobs:

The AAF and Shibboleth. eresearch Australasia Prof. James Dalziel Neil Witheridge

The Transition to Tendering Perspective from the Manufacturing Industry

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Measuring Quality of life in the European Union

BIS CEMLA Roundtable on Fiscal Policy, public debt management and government bond markets: issues for central banks

Your first EURES job. Progress Summary 2014Q4. March 2015

The ICT workforce and e-leadership demand and supply ( )

SURVEY ON THE TRAINING OF GENERAL CARE NURSES IN THE EUROPEAN UNION. The current minimum training requirements for general care nurses

DHL Door-To-More UNLOCKING THE POTENTIAL OF DIRECT DISTRIBUTION

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP HP ENTERPRISE SECURITY SERVICES

Payments to Overseas banks Things to be aware of

SD Departmental Meeting November 28 th, Ale de Vries Product Manager ScienceDirect Elsevier

Federated Identity Management and Shibboleth: Policy and Technology for Collaboration

Canadian Access Federation: Trust Assertion Document (TAD)

Milk Market Situation. Brussels, 27 August 2015

Doro PhoneEasy 331ph

ERMInE Database. Presentation by Nils Flatabø SINTEF Energy Research. ERMInE Workshop 2 - Northern Europe Oslo, 1. November 2006

Identity and Access Management for LIGO: International Challenges

Level crossing signs from the view of road users in Europe. Tamás Déri Hungarian NSA

Global Trends in Online Shopping A Nielsen Global Consumer Report. June 2010

European developments in VET Quality Assurance

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Our patent and trade mark attorneys are here to help you protect and profit from your ideas, making sure they re working every bit as hard as you do.

LEXSYNERGY LIMITED, AS A SPECIALIST AFRICAN

ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt

IGI Portal architecture and interaction with a CA- online

Experiences in Supporting Service Providers and User Communities. Lukas Hämmerle, GÉANT/SWITCH Conference 26 November 2014

ehealth in support of safety, quality and continuity of care within and across borders

USING ESPRESSO [ESTABLISHING SUGGESTED PRACTICES REGARDING SINGLE SIGN ON] TO STREAMLINE ACCESS

Issues in federated identity management

Dublin, March EPSO Network of Experts in the field of Personnel Selection 14th March 2013

Put the human back in Human Resources.

ENTERING THE EU BORDERS & VISAS THE SCHENGEN AREA OF FREE MOVEMENT. EU Schengen States. Non-Schengen EU States. Non-EU Schengen States.

Czech Universities and the Environment for Innovation. Rudolf Hanka

Identity and Access Management for Federated Resource Sharing: Shibboleth Stories

Common Communication on the Common Practice on the General Indications of the Nice Class Headings v1.1, 20 February 2014

Retirement Readiness. OECD/IOPS GLOBAL FORUM ON PRIVATE PENSIONS - Sydney Nov 2-3

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

The long term policy view: Shifting Wealth, Income Inequalities and Demography - The Ageing Report

EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (43) Date of publication: Bulletin 2011/37

European Research Council. FP7 IDEAS Programme The European Research Council. Funding possibilities from The Europen Research Council.

From Consultancy. Projects to Case Studies. Ins2tute Case Studies: 10 September 2012, SSI Fellows Programme Launch Steve Crouch

Online job search in the EU: The potential of web 2.0

EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (43) Date of publication: Bulletin 2012/21

Schengen routing or Schengen encryption?

Development and deployment of integrated attribute based access control for collaboration

EXCHANGE STUDIES PRACTICAL INFORMATION. Kadri Toom International Relations Office, Tallinn University of Technology

Canadian Access Federation: Trust Assertion Document (TAD)

sparktable: Generating Graphical Tables for Websites and Documents with R

TEPZZ A_T EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (51) Int Cl.: G06F 21/64 ( )

Private Sector Debt Dívida do Sector Privado. dossiers. Economic Outlook Conjuntura Económica. Conjuntura Económica.

Digital Agenda Targets Progress report. Digital Agenda Scoreboard 2014

The BIPM key comparison database

TEPZZ 68575_A_T EP A1 (19) (11) EP A1. (12) EUROPEAN PATENT APPLICATION published in accordance with Art.

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD)

eduroam in Asian countries - - benefits, and 4ps for opera4on - -

Trial of the Infinera PXM. Guy Roberts, Mian Usman

Client-IP EDNS Option Concerns

Federated Identity Management

Transcription:

Broadening Iden-ty & Access Management: InCommon Federa-on John Krienke jcwk@internet2.edu

700 InCommon Participants Year-to-Year https://www.incommon.org/participants/ Number of Participants 600 500 400 300 200 100 0 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014

incommon.org/par-cipants

Federa-on Basics Iden-ty -ed to campus business systems Campus provides authen-ca-on (IdP) Passes ajributes to service provider for access management decision (SP) Federa-on operator sets legal, policy, and prac-ces to support trust Interna-onal in scope

Number of En77es in Metadata Num IdPs Num SPs 2100 2000 1900 1800 1700 1600 1500 1400 1300 1200 1100 1000 900 800 700 600 500 400 300 200 100 0 351 IdPs 1690 SPs

Federated Service Providers http://www.incommon.org/participants/ Business & Admin Benefits Asset management Human Resources Talent management Mobile alerts Travel management Energy management Surveys and market analysis Learning and Student Affairs LMS, MOOCs Online Journals Databases and analytical tools Homework labs, Quiz tools Plagiarism detection Student travel discounts Transportation and rideshare services. Transcript services 6

Federated Service Providers http://www.incommon.org/participants/ Research NIH: pub med, scien-cv, NSF: research.gov XSEDE, CILogon LIGO LTERN Open Science Grid Scholarly Journals Gov-affiliated labs, Many others 7

Research and Education Identity Federations Identity Federations in production AT ACOnet Identity Federation AU Australian Access Federation AAF BE Belnet R&E Federation BR CAFe CA Canadian Access Federation CAF CH SWITCHaai CL COFRe CZ eduid.cz DE DFN-AAI DK WAYF EE TAAT ES FI FR GR HR HU IE IT JP LV SIR Haka Fédération Éducation-Recherche GRNET AAI@EduHr eduid.hu Edugate IDEM GakuNin LAIFE NL NO NZ PT SE SI UK US int SURFconext FEIDE Tuakiri New Zealand Access Federation RCTSaai SWAMID ArnesAAI Slovenska UK Access Management Federation for Education and Research InCommon IGTF Identity Federations in pilot AR CN COL IN LT PE MA OM MATE PL PIONIERId CARSI RO RoEduNet Federation COLFIRE RS iamres INFED RU ФEDUrus AAI LEFT TR YETKİM INCA ZA SAIF eduidm Oman Knowledge ID Federation This map is intended to provide a high-level overview of countries with identity federations. Last update: 14 October 2013

Maintaining a Common Trust Fabric Governance Defines eligibility, promises and behaviors, terms, fees, and policies of par-cipa-on Defines common vocabulary & usage rules: iden-fiers, ajributes (eduperson), their sharing, storage, & privacy Defines Interoperability technologies: standards, so]ware, services & trust mechanisms Opera-ons, Support, Outreach Verifies organiza-ons, trusted officers, and en-ty metadata Securely collects, validates, decorates, and redistributes metadata Provides support: documenta-on, help desk, training, community Creates addi-onal frameworks for trusted exchange: ajribute release mechanisms, levels of iden-ty assurance, privacy and consent Moving us forward Addi-onal services & partnerships for easy adop-on, interop, & scale From descrip-ve to norma-ve prac-ces From the large few to the many small adopters, from na-onal to interna-onally aligned trust fabrics

Preparing for Federa-on: Campus Basics Manage centralized current directory infrastructure Understand who gets added/access to services Use persistent iden-fiers Support eduperson schema Establish process for provisioning and de- provisioning

Why Care About Iden-ty and CI? Secured Sharing Distributed nature of projects Iden-ty integrity & Assurance Visibility into CI: Incident response Centralized provisioning, audi-ng, and support Global community Growing amount of work! Passwords, iden-ty assurance

A Few Research Roadblocks and Solu-ons Different Trust Infrastructures: SAML vs PKI CILogon Web vs non- browser clients: IdP support ECP profile extension VO managing access to distributed resources for distributed members CoCoA: COmanage + SURFNet s OpenConext + Apps Onboarding new collaborators InCommon Research and Scholarship category: aka R&S trust mark Users show up and get immediate access. Federated SSO & Access Control Shibboleth, SimpleSAML.php, Grouper 100% coverage Social to SAML gateways

Resources Roadmap for using CI with InCommon from Center for Applied Cybersecurity Research CILogon SAML- to- IGTF certs from Cybersecurity Directorate, Na-onal Center for Supercompu-ng Applica-ons, University of Illinois Internet2 Trust and Iden-ty InCommon Affiliates Help for Campus and Research IAM R&S (research & scholarship) trust mark InCommon website and Federa-on Technical Guide wiki

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information