edugain: services and identity



Similar documents
Broadening Iden-ty & Access Management: InCommon Federa-on

Experiences in Supporting Service Providers and User Communities. Lukas Hämmerle, GÉANT/SWITCH Conference 26 November 2014

EUMEDCONNECT2 AAI information day

RedIRIS Identity Service

Federated Identity Management. Willem Elbers (MPI-TLA) EUDAT training

Managing identities. TICAL 2012, Lima, Peru Roland Hedberg tisdag 3 juli 12

New InCommon Working Groups

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

Licia Florio Project Development Officer Identity Federations in Europe

Shibboleth User Verification Customer Implementation Guide Version 3.5

Collaboration in the Cloud. Niels van Dijk, SURFnet, CAMP, Nov , San Francisco

SURFfederatie - edugain. Opt-in Metadata Management for a Hub & Spoke Federation

Federated Wikis Andreas Åkre Solberg

Federated Identity Management

Разработка программного обеспечения промежуточного слоя. TERENA BASNET Workshop, November 2009 Joost van Dijk - SURFnet

Federated Identity Management

GARR Cloud Services. GARR strategy towards the provisioning of Cloud Services. On behalf of the GARR Cloud Team

VOPaaS Virtual Organisation Platform as a Service

Identity Federation For Authenticating and Authorizing Researchers

APAN Task Force proposal

SWITCH Resource Registry Guide

Federations 101. An Introduction to Federated Identity Management. Peter Gietz, Martin Haase

perfsonar AAI for network-oriented services Cándido Rodríguez

Deliverable D9.2 Market Analysis for Virtual Organisation Platform as a Service (VOPaaS)

A Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR

TRUST AND IDENTITY EXCHANGE TALK

Federated Identity Management for Research Communities (FIM4R)

EUDAT Federated AAI TF (Authentication Authorization Infrastructure Task Force)

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

An Infocard-based proposal for unified SSO to eduroam

Logout Support on SP and Application

OSOR.eu eid/pki/esignature Community Workshop in Brussels, 13. November 2008 IT Architect Søren Peter Nielsen - spn@itst.dk

Index. Registry Report

Project Géant-TrustBroker dynamic identity management across federation borders

Middleware integration in the Sympa mailing list software. Olivier Salaün - CRU

Project Moonshot. TF-EMC2 & TF-Mobility. Vienna, 17 th February. Josh Howlett, JANET(UK) Image Viatour Luc (

Additional information >>> HERE <<< Download, For Free, 2012 silverpop marketing metrics benchmark study ebook

Title: A Client Middleware for Token-Based Unified Single Sign On to edugain

Issues in federated identity management

Lets get a federated identity. Intro to Federated Identity. Feide OpenIdP. Enter your address. Do you have access to your ?

SAML Authentication within Secret Server

Federated Identity for Cloud Computing and Cross-organization Collaboration

DAM-LR Distributed Solution. - ideas -

Open Access Repositories Technical Considerations. Introduction. Approaches to Setting up Repositories

How Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle

Federated Identity Management Interest Group

Structured Data Capture (SDC) The Use of Structured Data Capture for Clinical Research

A Framework for Security e-irg, Zürich, April Christoph Graf

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On

Dynamic Identity Federation using Security Assertion Markup Language (SAML) IDMAN April, 2013

ShibboLEAP Project. Final Report: School of Oriental and African Studies (SOAS) Colin Rennie

Connecting Web and Kerberos Single Sign On

Funded by the European Union s H2020 Programme. D4.1 Virtual Collaboration Platform

Federation Operator Practice (FOP): Metadata Registration Practice Statement

Canadian Access Federation: Trust Assertion Document (TAD)

Overcoming Barriers to Federation and Making IdPs Easier

Updates from France. Migration of the CRU federation Setting up a national anti-spam service. 4 th December

Marketing: The Ins and Outs of Marketing

Moodle and Office 365 Step-by-Step Guide: Federation using Active Directory Federation Services

GÉANT IaaS suppliers meeting Towards Pan-European Cloud Services. Utrecht October

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal

in Swiss Higher Education

How To Protect Your Data From Being Hacked On Security Cloud

DAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture

DAM-LR Distributed Access Management

The case for federation

Identity and Access Management for Federated Resource Sharing: Shibboleth Stories

TERENA Community Satisfaction Survey 2012

Infocard and Eduroam. Enrique de la Hoz, Diego R. López, Antonio García, Samuel Muñoz

Canadian Access Federation: Trust Assertion Document (TAD)

Federating with Web Applications

AAI Info-Day The SWITCHaai Team, 2005 SWITCH

Single Logout. TF-EMC Vienna 17 th February Kristóf Bajnok NIIF Institute

SSO Plugin. Release notes. J System Solutions. Version 3.5

Introduction to perfsonar

EWTI 2014 SESSION NOTES TABLE OF CONTENTS

Federated Portals. Subbu Allamaraju Staff Engineer BEA Systems Inc

TERENA Trusted Cloud Drive

A new Service Activity: SA6 In support of European collaboration

Shibboleth Identity Provider (IdP) Sebastian Rieger

Smart Card Authentication. Administrator's Guide

Agenda. How to configure

Networks Services People 1

Coimisiún na Scrúduithe Stáit State Examinations Commission

AA enabling a closed source legacy application

F-Secure Internet Security 2014 Data Transfer Declaration

Integration of Shibboleth and (Web) Applications

External Authentication with WebCT. What We ll Discuss

Case Studies in Federated Identity Management for Research Communities

Identity Management and E-learning Standards for Promoting the Sharing of Contents and Services in Higher Education

Research Data Store User Guide

CLOUD POWER. NREN collaboration in STF

InCommon Partnership Models and Trust Fabrics. Mark Johnson Mark Scheible Ann West John Krienke David Walker

MULTI COMPANY 4 YOU for VTIGER CRM 6.x

The RAI Application and Content Management System for itv A brief overview

365 Services. 1.1 Configuring Access Manager Prerequisite Adding the Office 365 Metadata. docsys (en) 2 August 2012

MARKETING PREFERRED VENDOR REQUEST FOR PROPOSAL

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications

AAI for mandatory authentication and proxy usage to allow internet access on public workstations of ETH-Bibliothek

Transcription:

edugain: services and identity Brook Schofield edugain Task Leader, GN3 Project & Project Development Officer, TERENA schofield@terena.org Innovation through participation

edugain status (in numbers)! 14 participant federations! 3 candidate federations! 2 existed in original pilot! 6 European federations not participating! 6 other federations not participating! 10 GN3 Partners without a federation Innovation through participation

Adoption Width vs Depth edugain-enabled Federation Federation Federation Federation Federation Federation Federation! Good federation adoption (Width)! Entity Adoptions (Depth) has yet to grow connect Innovation communicate through participation collaborate 9

Width and Depth in Numbers edugain participants Federation Federation Federation Federation Federation Federation Federation! 55% of European of national federations are edugain participants Or 40% of total 30 national federations worldwide Source is Refeds Wiki: https://refeds.terena.org/index.php/federations! About 2% entities opted-in so far! Out of about 2500 s and s that edugain members operate! Half of entities are s! Note: It is not reasonable for every and to interfederate! Federation connect Innovation communicate through participation collaborate 10

What makes up edugain?! edugain entities are a subset of a national federation (via opt in)! Profiles and policies to harmonize environment 7 connect Innovation communicate through participation collaborate 7

Upstream Federation Metadata Upstream Federation Metadata A 1 MDS Your Federation Goal Generate SAML 2 metadata document and sign it Metadata must contain only local federation entities that opted-in Format and elements must meet edugain Metadata Profile Publish metadata document online Send URL of document together with signing cert to OT connect Innovation communicate through participation collaborate 11

Upstream Federation Metadata MDS Your Federation 2 Downstream edugain Metadata Goal Download edugain metadata from MDS Verify signature using the edugain signing certificate Process metadata (adding/removing/modifying entity data) Sign metadata using a certificate known in your federation Publish new metadata document to opt-in subset of your federation 3 connect Innovation communicate through participation collaborate 15

Phonebook publishing tools Question SWITCH RR Fed Reg AAF JANUS-S In-House Which Federation? SWITCHaai, Haka, NIIF, Edugate AAF, Tuakiri (NZ), CAFe WAYF, SURFconext Customisation Lots None Lots Belnet, ACOnet-aai, RENATER, AAI@EduHR, SURFfederatie Language Java, PHP Groovy PHP XSLT, Perl, PHP Missing Features Dependent on generation of software. *Process available but requires documentation. edugain optin, MDUI, MD Aggregation *edugain optin, MD Aggregation Self-Service, edugain optin, MDUI, MD Aggregate NB:- Signing of metadata outside the scope of these tools solutions exist. Innovation through participation

TODO and Current Activities! Federation Infrastructure training! simplesamlphp & Shibboleth! JANUS-S for Metadata Management! Istanbul mid 2011 and Amsterdam late 2011! How to write a federation policy training! SWAMID Policy (technology independent) + explain it! REFEDS research on Federation Policies! Template Policy as the basis for new federations (eduroam + IdFed)! Federation-as-a-Service! Code of Conduct for Personally Identifiable Data Transmission! Stop people being scared of data protection rules! Develop around a smaller set of MD Aggregators + MD Registries! Aggregators are the 1 st step Shibboleth MA1 Innovation through participation

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information