Brook Schofield, TERENA TICAL th May Europe'La*n'America' Collabora*ve'e Infrastructure' for'research'ac*vi*es' ' TICAL2014'' '
|
|
- Alban Dennis
- 6 years ago
- Views:
Transcription
1 Brook Schofield, TERENA TICAL th May 2014 Europe'La*n'America' Collabora*ve'e Infrastructure' for'research'ac*vi*es' ' TICAL2014'' '
2 ' About'me ' Brook%Schofield% skype://brookschofield tel: linkedin.com/in/brookschofield I work at TERENA. edugain Task Leader in the GN3plus Project. eduroam Global Governance Secretary. ELCIRA Project participant.
3 The'Situa*on'on'Campus:' Lots'of'Applica*ons' More%applica1ons%for%students%and%researchers% Applica1ons%require%authen1ca1on%and%authoriza1on%
4 Lots'of'Applica*ons'!'Lots'of'Passwords' One%password%for%each%applica1on%does%not%scale% Tons%of%passwords%to%manage%for%users%and%service%operators% Varying%degree%of%password%security% Increased%helpdesk/user%work%due%to%password%resets% Collabora1ve%usage%of%applica1ons%is%difficult%
5 The'Solu*on:' Iden*ty'Management' Create%an%(iden1ty)%federa1on:% Mul1ple%organisa1ons/services%agree%on%% common%technical%and%legal%standards' Deploy%Iden1ty%and%Service%Providers% Mutually%trust%each%other's%asser1ons% Collaborate,%e.g.%common%eOlearning% One%login%name%and%password%for%users% Password%entered%only%at%home%login%page%% Many%countries%have%na1onal%academic%iden1ty%% federa1ons%today!% First%Academic%Iden1ty%Federa1ons%started%in%midO2000s%
6 Authen*ca*on'services'you' already'use '
7 Hub&Spoke'Federa*on'with' Central'Login' ~5%'of%all%Federa1ons% Organisation FEIDE% Also%used%by% Facebook% DB DB IdP DB TwiWer% Google+% Requires% trust %in%% the%operator% DB User Directory Service Provider Hub with Central Login SAML Assertion Flow Connection to User Directory
8 Hub&Spoke'Federa*on'with' Distributed'Login' ~15%'of%Federa1ons% SURFconext% WAYF%(Denmark)% SIR% Organisation DB IdP TAAT% Confia% Operator%can%see%the%% content %of%auth%% messages% Service Provider User Directory DB IdP Identity Provider DS Hub IdP Central Discovery Service IdP DB IdP DB % SAML Assertion Flow Connection to User Directory
9 ' Full'Mesh'Federa*on' ~80%'of%Federa1ons% COFRe% CAFe% InCommon% UKAMF% SWAMID% HAKA% AAF% Organisation DB DB IdP (Local) Discovery Service IdP DS DS IdP DS DB DS Central Discovery Service DS IdP DB SWITCHaai%...% User Directory Identity Provider Service Provider SAML Assertion Flow Connection to User Directory
10 Iden*ty'Federa*ons' World'Wide' Last update May Production Federations 17 Pilot Federations
11 Iden*ty'Federa*ons'Are' Tradi*onally'Na*onal' All'Federa*ons:' " Support%SAML2% " educa1on%&%research% " Use%same/similar%% user%awributes%
12 eduroam' 'roam'across'borders' eduroam Pilot :-( 12%
13 eduroam'in'la*n'america' %8%produc1on%deployments% Argen1na,%Brazil,%Chile,% Colombia,%Costa%Rica,% Ecuador,%Mexico,%Peru! %4%pilot%deployments% El%Salvador,%Nicaragua,% Uruguay,%Venezuela% %>%9%Missing% Bolivia,%%Guatemala,% Honduras,%Panama,%Paraguay,% Guyana% Caribbean% Belize,%French%Guiana,% Suriname% ' eduroam Pilot :-(
14 Global'Authen*ca*on' INfrastructure'
15 Who,'What,'Where,'When,' Why'and'How'of'eduGAIN' Provide'legal'and'technical'frameworks'to'make'Iden*ty' Federa*ons'interoperate'=='interfederate'
16 ' Who'is'Behind'eduGAIN?' Key'Personnel' Opera1onal%Team%(Tomasz%Wolniewicz,%UMK,%PL)% Policy%&%Code%of%Conduct%(Mikael%Linden,%CSC,%FI)% Emerging%Federa1ons%(Brook%Schofield/Nadia%Sluer,% TERENA,%NL)% FaaS%(Marina%Vermezovic,%AMRES,%RS/Valter%Nordh,% SWAMID,%SE)% Engaging%User%Communi1es%(Lukas%Hämmerle/Ann% Harding,%SWITCH,%CH)% %
17 ' and'how'is'it'governed?' Governing'Structure' edugain'steering'group'(esg)' Each%member%federa1on%has%one%representa1ve.% Votes%on%which%new%federa1ons%are%accepted%or% policy%changes.%% edugain'execu*ve'commi]ee'(eec)' Approves%changes%to%the%cons1tu1on%and%has%veto% right.%nominated%by%geant%execu1ve%commiwee.% %
18 Interfedera*on'with' edugain' Global%Authen1ca1on%INfrastructure%for%educa1on% An%interfedera1on%service%primarily%for%Research%&% Educa1on% Connects%exis1ng%SAMLObased%academic%iden1ty% federa*ons% Developed%and%funded%by%European%GÉANT%projects% ( federa1ons% Web site: %
19 What'Is'it?' and'how'does'it'work?' % edugain Declaration edugain Constitution Web SSO Profile Metadata Profile Attribute Profile Code of Conduct MDS%fetches,%aggregates%and%republishes%metadata%% edugain%provides%policy%framework%and%standards%to%build% trust%
20 More'"Realis*c"' Architecture'
21 ' Phonebook 'Tools Ques*on' SWITCH'RR' Fed'Reg'AAF' JAGGERcRR' pyff' JANUScS' IncHouse' Which% Federa1on?% SWITCHaai,% Haka,%NIIF,% Edugate% AAF,%Tuakiri% (NZ),%CAFe% Edugate,% RCTSaai,% IDEM,%CAF,% iamres,% FaaS % SWAMID,% ACOnet% WAYF,% SURFconext% Belnet,% RENATER,% AAI@EduHR% Customisa1on% Lots% Limited% Community% Community% Lots% Language% PHP% Java%(v1)% Groovy%(v2)% Scala% Missing% Features% Dependent% on%version% of%soqware.% optoin/out,% MDUI,%MD% Aggrega1on% PHP% Python% PHP% XSLT,%Perl,% PHP% UI,%UX,% Signing,% Real1me% Aggrega1on% SelfOService% * optoin/ out,%md% Aggrega1on% SelfOService,% op1n/out,% MDUI,% MD% Aggregate% *Process%available%but%requires%documenta1on.% % NB:O%Signing%of%metadata%outside%the%scope%of%these%tools% %solu1ons%exist.%
22 edugain:' Legal'Trust'and'Profiles' edugain%declara1on%(3%pages)% Signed%by%each%Member%Federa1on% Contains%13%rules%that%federa1ons% promise%to%obey% edugain%cons1tu1on%(10%pages)% Profiles%for%SAML,%Metadata,% AWributes,%...% GEANT%Data%Protec1on%Code%of% Conduct%% Declara1on%of%Service%Providers%to% "behave%well"%with%user%data% Applicable%in%EU/EEA%or%similar%
23 ' h]p://edugain.org/policy'
24 ' GÉANT'Code'of'Conduct' 25 EEA Data Protection 5 EEA Compatible DP 1 Safe Harbor (USA) 17 Federation outside GÉANT CoC (5 in or joining)
25 GÉANT'Data'Protec*on' Code'of'Conduct' Only%Argen1na%in%La1n%America%is%covered% Significant%piece%of%work%with%huge%impact% Poten'ally%covers%a%large%por1on%of%the%community% 30%of%the%47%Federa1ons%(31%of%48%countries)% Adop1on%+%use%s1ll%required.% Technology%works%with%Shibboleth%IdP.% In%Development%for%simpleSAMLphp%+%Federa1on%Metadata%Registry% Tools.% Scalable%solu1on%for%the%other%17/18%Federa1ons/ Countries?% Export%out%of%Europe%is%the%problem%to%be%solved!%
26 History'of'eduGAIN' 2006% %Research%project%within%GN2% Trailed%various%architectures,%technologies%+% protocols% 2009% %Promoted%to%a%service%in%GN3% Path%forward%was%Mesh%&%SAML2% 2011% %Launched%to%the%federa1on%community% 2013% %Renewed%as%a%service%in%GN3+% 2014% %All%produc1on%federa1ons%have%joined%
27 ' edugain'&'federa*ons' 1 April edugain Members 2 Joining edugain 9 Candidate Federation!
28 ' edugain'&'federa*ons' 1 April edugain Members 6 Joining edugain 1 Candidate Federation!
29 ' edugain'&'federa*ons' 15 April edugain Members 7 Joining edugain 0 Candidate Federation
30 ' edugain'&'federa*ons' 15 April edugain Members 7 Joining edugain 0 Candidate Federation
31 ' edugain'&'federa*ons' 15 April edugain Members 7 Joining edugain 0 Candidate Federation! 17 Other Federations
32 edugain:' Some'Sta*s*cs' April'2011:'Official%start%of%eduGAIN' Nov'2013:'21'Federa*ons%are%members%(50%)% Apr'2014:'24'Federa*ons%are%members%(51%)' En**es:'253'IdPs,'117's'(369'in'total)' One%IdP%can%represent%for%dozens%of%organisa1ons%and%services% depending%on%federa1on%architecture%=>%actual%numbers%are%higher' Whole'(academic)'SAML'landscape:' 47'Federa*ons,'2539'IdPs,'5280's' Not%all%of%them%need%to%be%interfederated,%e.g.% many%internal%s% Numbers%from%May%2014%
33 Iden*ty'Federa*ons'' and'la*n'america' edugain%par1cipant% Brazil%(CAFe)% Chile%(COFRe)% edugain%candidate% Colombia%(COLFIRE)% Emerging%Federa1ons% Argen1na,%Costa%Rica,% Ecuador,%El%Salvador,%% Mexico,%Peru% % edugain Member Joining edugain Candidate Federation! Pilot Federation MoU Signed with ELCIRA
34 Why'do'eduGAIN?'
35 ' Interfedera*on'Use'Cases' Researchers' Oqen%work%together%in%interna1onal%research%projects,%which%operate%many% webobased%services%that%need%authen1ca1on.%services%are%in%different% countries/federa1ons.%thanks%to%interfedera1on%researchers%can%use%their% ins1tu1on's%account.% % % Lecturers' Can%start%eOlearning%collabora1ons%across%country%borders.%Create%(costly)%eO learning%content%collabora1vely%or%easier%"sell"%it%to%other%universi1es%abroad.% % % Content'Publishers' Companies%like%Elsevier/Thomson%Reuters/etc.%already%joined%mul1ple%iden1ty% federa1ons.%cumbersome%for%them%and%for%federa1on%operators.%% Thanks%to%Interfedera1on:%Join%one,%be%connected%to%many!%
36 Lots'of'Federa*ons' Slide 36
37 Which'federa*on'do'I'join' first?' Large%federa1ons%are% more%interes1ng%for% commercial%suppliers% How%to%focus%on%customers% %not%size?% why%not%focus%on%customers%and%size!% edugain%is%not%a%federa1on % but%if%it%was%it%would%be%the%6 th %largest%
38 hwp://memegenerator.net/ instance/ %
39 How'do'I'eduGAIN?'
40 Federa*on'Development' Campus% Username/Password%Store%for%AuthN% IdP% Expose%Campus%IdM%via%SAML/RADIUS% Federa1on% Aggregates%IdPs%&%s;%Builds%Trust% edugain% Aggregates%Federa1ons%
41 Federa*on'Development' Criteria' Pilot% Name,%Webpage,%Metadata%Feed% Produc1on% Policy%for%IdPs%&%s% Candidate% Metadata%Registra1on%Prac1ce%Statement% edugain% Declara1on%Signed,%Metadata%Feed%Validated%
42 *'''INCA'(Peru)' INCA%run%by%RAAP% Iden1dad%Nacional%para%el%Conocimiento%y% auten1cación%(inca)%% Iden1ty%for%Na1onal%Knowledge%and%Authen1ca1on% (INKA)%% Started%opera1on%in%lateO2013%midO2014% Joined%eduGAIN%in%lateO2013%earlyO2015%;O)% *This%is%NOT%their%logo!!%
43 *'''MATE'(Argen*na)' MATE%run%by%INNOVA RED% Marco%para%el%Acceso%a%la%Tecnología%y%la% Educación%(MATE)% Model%for%Access%to%Technology%and%Educa1on% (MATE)% Started%opera1on%in%late%2013%2014% Joined%eduGAIN%in%earlyO2014%lateO2014%;O)% % *This%is%NOT%their%logo%(nor%their%name)!!%
44 Federa*on'Development' Technology% % % % % %%% % % % %%%Policy%
45 Federa*on'Development' Technology% ==%Pilot% % % % %%% % % % %%%Policy% % % % %%%==Produc1on%
46 Federa*on'Development' Technology% =>Campus% % % % %%% % % % %%%Policy% % % % %%% % % % %=>NREN%
47 Technology'=='Pilot' Federa1on%Core%Services% Rou1ng % Discovery% Federa1on% En11es %(IdPs/s)% Shibboleth% simplesamlphp% PySAML% ADFS%
48 Technology'=='Pilot' NREN%as%Federa1on%Operator% Rou1ng % Discovery% Campus,%Content%Providers,%Research%Infrastructures% Shibboleth% simplesamlphp% PySAML% ADFS%
49 ' Federa*on'Architectures'
50 Rou*ng '&'Discovery' Full%Mesh% Hub&Spoke%with % Centralised%Login% Distributed%Login% Can%be%a%combina1on%
51 Rou*ng 'Tools Ques*on' SWITCH'RR' Fed'Reg'AAF' JAGGERcRR' pyff' JANUScS' IncHouse' Which% Federa1on?% SWITCHaai,% Haka,%NIIF,% Edugate% AAF,%Tuakiri% (NZ),%CAFe% Edugate,% RCTSaai,% IDEM,%CAF,% iamres,% FaaS % SWAMID,% ACOnet% WAYF,% SURFconext% Belnet,% RENATER,% AAI@EduHR% Customisa1on% Lots% Limited% Community% Community% Lots% Language% PHP% Java%(v1)% Groovy%(v2)% Scala% Missing% Features% Dependent% on%version% of%soqware.% optoin/out,% MDUI,%MD% Aggrega1on% PHP% Python% PHP% XSLT,%Perl,% PHP% UI,%UX,% Signing,% Real1me% Aggrega1on% SelfOService% * optoin/ out,%md% Aggrega1on% SelfOService,% op1n/out,% MDUI,% MD% Aggregate% *Process%available%but%requires%documenta1on.% % NB:O%Signing%of%metadata%outside%the%scope%of%these%tools% %solu1ons%exist.%
52 More'that'one'choice'is' simplesamlphp% PHP% good ' Mul1Olingual%support% Shibboleth% IdP%is%Java,%%is%C/mod_shib% Runs%within%Apache%Tomcat% PySAML2%% Python% Many%plugOins%or%modules%available%for%common%tools.% Benefits%are%greater%than%using%LDAP.%
53 NRENs'Role' </pilot>! % % % % %%% % % % %%%Policy% % % % %%%==Produc1on%
54 Policy' Don t%write%your%own % That s%not%what%we%meant%to%do % You ll%make%mistakes% %even%edugain%made%mistakes% GÉANT% Policy%Template %useful%for%federa1ons% Policy%is%in%English% %but%this%isn t%a%problem% Analysed%15%policy%documents% Found%the% best%of %and%provided%example%text% See%EuroCAMP%November%2012%for%more %
55 Iden*ty'Federa*on'Policy' document'suite' Technology Profile eduroam Technology Profile Web single sign-on Level of Assurance Profiles Identity Federation Policy (main) Data Protection Profile Federation Operational Practices Appendix Governance Appendix Fees Appendices Identity Federation Policy document
56 Metadata'Registra*on' Prac*ce'Statement' This%is%a%requirement%for%eduGAIN% All%statements%published%on%eduGAIN% website% hwp://edugain.org/technical/status.php% Inconsistent%format%between%federa1on% REFEDS%FOP%to%the%rescue%
57 Federa*on'Operator' Prac*ce'document'suite' Metadata Registration Practice Statement Key Management Practice Statement Federation Operator Practice Monitoring Practice Statement Assurance Practice Statement Appendix x Appendix y Appendices Federation Operator Identity Practice Federation Statement Policy document
58 What'to'NOT'focus'on?' Wai1ng%un1l% % NRENx%has%their%federa1on%in% produc1on.% NRENy%is%a%member%of%eduGAIN.% A% killer%app %is%found.% Other %or%future%federa1on%technologies% OpenID%Connect%+%OAuth%are%being%explored.% Hub&Spoke%gateways%already%exist.% Connec1ng%to% other %federa1ons% Let%eduGAIN%do%that%for%you.% Bilateral%peerings%only%solves%THEIR%problem.%
59 ' What'to'focus'on?' Federa1ng%your%campus%systems% Talk%to%your%researchers,%staff%&%students% Inves1gate%key%services% Intranet%and%Website% Webmail% Google%Apps%for%Educa1on,%Microsoq%365% eolearning% %Moodle,%Desire2Learn% Talk%to%your%librarian%about%Journal%Access% Find%your%own% killer%app.%
60 Next'steps ' Deploy%eduroam%!%Use%it%at%TICAL2015% Pick%a%campus%federa1on%architecture:% Hub&Spoke%or%Mesh% Deploy%an%IdP% PySAML2,%simpleSAMLphp,%Shibboleth% Connect%with%your%NRENs%pilot%Federa1on% Connect%with%the%community% Country,%La1n%America%and%Globally% Federate%your%services%
61 A'family'of'services'
62 Join'eduGAIN'and'solve' problems ' ' ' ' ' ' ' ' ' ' Solving'problems'is'a'partnership.'
63 </end>' Brook%Schofield%
GÉANT project update. eduteams - AAI as a Service for Collaborative organisations. InAcademia Simple affiliation validation as a Service
GÉANT project update eduteams - AAI as a Service for Collaborative organisations Introduction Status Pilots New Features input requested InAcademia Simple affiliation validation as a Service Introduction
More informationWorking Groups Report: Making Federa5on Easier
Working Groups Report: Making Federa5on Easier IAM Online February 11, 2015 Steve Carmody, Brown University Janemarie Duh, LafayeNe College Eric Goodman, University of California, Office of the President
More informationInAcademia Simple Validation Service
InAcademia Simple Validation Service Niels van Dijk InAcademia lead, GN4 1 SA5 Technical Product Manager, SURFnet niels.vandijk@surfnet.nl Groningen Declaration Network meeting May 18, 2016 Capetown About
More informationInAcademia Simple Validation Service
InAcademia Simple Validation Service Niels van Dijk InAcademia lead, GN4-1 SA5 Technical Product Manager, SURFnet TF-MSP, Espoo, Finland 10-09-2015 Academic Affiliation and Federations Many Services (want
More informationGÉANT SA5 Collabora9on européenne
GÉANT SA5 Collabora9on européenne Thomas Bärecke SA5 T5 team member @ GÉANT project SoKware Engineer @ SWITCH Journée Fédéra9on, Paris 03/07/2015 Federated Iden9ty Management for Research 30+ Research
More informationINCOMMON TRUST FEDERATION
INCOMMON TRUST FEDERATION The Basics Kevin M. Morooney Vice President, Trust and Identity Internet2 Caveats 2 Some terminology and connections 3 Some terminology and connections There are identity providers
More informationTransparent access and coordination of einfrastructures in the Nordics
Transparent access and coordination of einfrastructures in the Nordics Michael Gronager, PhD NDGF Director Open e-irg Workshop Uppsala, October 14-15 th, 2009 Activity Outline Vision: A Nordic resource
More informationInAcademia. Simple Validation Service
InAcademia Simple Validation Service Niels van Dijk InAcademia lead niels.vandijk@surfnet.nl Mark Bevers InAcademia business development Mark.bevers@surfmarket.nl edugain Town Hall Feb 21, 2017 Vienna
More informationEnhancing SWITCHaai with Micropayment Functionality for Swiss Universities White Paper
Enhancing SWITCHaai with Micropayment Functionality for Swiss Universities White Paper 2006 SWITCH Document management Version/status: 1.0.1 / final Date: 26 October 2006 Author(s): Patrik Schnellmann
More informationEduKEEP Towards a User-Centric Identity Management Model
EduKEEP Towards a User-Centric Identity Management Model Maarten Kremers Task Leader Trust and Identity Technology Development, GN4-2 Project Technical Product Manager, SURFnet, The Netherlands TNC 2016,
More informationDASISH 5.1 A Trust Federa3on for the SSH?
DASISH 5.1 A Trust Federa3on for the SSH? DASISH Origin FP7 Capaci3es Work Programme: Infrastructures INFRA- 2011-2.3.1: Implementa5on of common solu5ons for a cluster of ESFRI infrastructures in the field
More informationMinutes of the 17th TF-EMC2 Meeting
Page 1/10 TITLE / REFERENCE 17 th TF-EMC 2 Meeting - Monday, 14 th & Tuesday, 15 th February 2011 Lyon, France. The meeting was hosted by the University of Lyon and CRU. Table of Contents 1. Welcome and
More informationSURFconext. Collaboration Without Limits. Harold Teunissen et al. SURFnet
SURFconext Collaboration Without Limits Harold Teunissen et al. SURFnet TeraGrid2011 July 2011 Changing Behaviors Hierarchical Secrecy Loose Alliance Sluggish Novelty Tunnel Vision Self Organizing Transparency
More informationBaseline Expectations for Trust in Federation: Increasing Trust and Interoperability in InCommon
Baseline Expectations for Trust in Federation: Increasing Trust and Interoperability in InCommon January 10, 2018 Document Repository ID: TI.95.1 DOI: 10.26869/TI.95.1 Persistent URL: http://doi.org/10.26869/ti.95.1
More informationThe I-Trust Federation: Federating the University of Illinois
K e i t h We s s e l I d e n t i t y M a n a g e m e n t S e r v i c e M a n a g e r U n i v e r s i t y o f I l l i n o i s a t U r b a n a - C h a m p a i g n The I-Trust Federation: Federating the University
More informationACOnet Identity Federation Policy Experiences
ACOnet Identity Federation Policy Experiences Peter Schober ACOnet TERENA EuroCAMP @ 4 th GN3 Symposium 15-16 October 2012 Agenda 1. The Politics behind Federation Policies 2. Tales from a Federation Operator:
More informationSupported by the Australian Government through the Department of Innovation, Industry, Science and Research
Supported by the Australian Government through the Department of Innovation, Industry, Science and Research The Australian Access Federation is open for business The Participant pack Covering letter AAF
More informationShibboleth Consortium Update and Development Roadmap
Shibboleth Consortium Update and Development Roadmap IAM Online Wednesday, April 10, 2019 Kevin Morooney, Internet2 Justin Knight, Jisc Scott Cantor, Ohio State Shibboleth Consortium Justin Knight, Jisc
More informationInCommon Update. Ann West InCommon/Internet2
InCommon Update Ann West InCommon/Internet2 GLOBAL PORTABLE DIGITAL IDENTITY Access to Education Asmaa AbuMezied Research Fellow 2016 Internet2 Context Fragile contexts: There are 1.5 billion people living
More informationInCommon and edugain: Joining the International Federation Community
InCommon and edugain: Joining the International Federation Community Executive Summary Researchers, faculty, staff, graduate students and others involved in research, scholarship and education increasingly
More informationHOW TO CONFIGURE SINGLE SIGN-ON (SSO) FOR SAP CLOUD FOR CUSTOMER USING SAP CLOUD IDENTITY SERVICE
HOW TO CONFIGURE SINGLE SIGN-ON (SSO) FOR SAP CLOUD FOR CUSTOMER USING SAP CLOUD IDENTITY SERVICE HOW TO GUIDE TABLE OF CONTENTS Overview... 3 Chapter 1: Configure SAP Cloud Identity service... 5 Creating
More informationSustainability Models for Guest IdPs
Sustainability Models for Guest IdPs Actual Date: 2016-04-26 Grant Agreement No.: 653965 Work Package: NA3 Authors: Wolfgang Pempe, DFN GÉANT on behalf of the AARC project. The research leading to these
More informationEUDAT How manage Data into the Collaborative Data Infrastructure: a general overview of EUDAT services
EUDAT How manage Data into the Collaborative Data Infrastructure: a general overview of EUDAT services Giovanni Morelli www.eudat.eu EUDAT receives funding from the European Union's Horizon 2020 programme
More informationAbout augmented (attribute) reality
About augmented (attribute) reality A VO concept using SAML 2 and attribute aggregation Lukas Hämmerle lukas.haemmerle@switch.ch Budapest, 17. November 2009 Your favorite a -words we will focus on augment
More informationBest practices for managing authorisation
Best practices for managing authorisation Published Date: 13-06-2017 Revision: 1.0 Work Package: Document Code: Document URL: JRA1 AARC-JRA1.4E https://aarc-project.eu/wp-content/uploads/2017/03/aarc-jra1.4e.pdf
More informationIdentity Federation Policy template document
Identity Federation Policy template document Authors Marina Vermezovic, Mikael Linden, Natalija Radosevic, Peter Schober, Brook Schofield Last Modified 12-10-2012 Version 0.3 This work is licensed under
More informationNetworks Services People 1
1 NREN collaboration on clouds Cloud opportunities GN4 SGA1 SA7 Mary Grammatikou & Andres Steijaert November 2, 2015 Agenda Why collaborate on clouds? Progress in our collaboration Opportunities for NRENs,
More informationInternet identity: Forward in All Directions. Dr Ken Klingenstein, Director, Middleware, Internet2
Internet identity: Forward in All Directions Dr Ken Klingenstein, Director, Middleware, Internet2 What s Happening Exponential growth in Federated Identity Exponential growth in Social Identity Integration
More informationIdentity Management in Higher Education - A View of the Landscape
Identity Management in Higher Education - A View of the Landscape Identity Management in Higher Education: A View of the Landscape - June 17, 2013 Executive Summary Identity in Higher Education 3. The
More informationMinute of REFEDS Meeting, 15 th May 2011
DOC VERSION: 0.3 DATE 30 MAY 2011 PAGE 1/8 title / reference: Draft REFEDS20110515- minutes Minute of REFEDS Meeting, 15 th May 2011 Licia Florio and Nicole Harris Abstract: Minutes of the REFEDS meeting
More informationIAM Online Thursday, April 8, 2010
IAM Online Thursday, April 8, 2010 Making Federation Happen Joel Cooper, Director of Information Technology Services, Carleton College John O Keefe, Director of Academic Technology & Network Services,
More informationSWITCH VO Platform About the SWITCH Virtual Organization Platform and Pilot. SWITCHaai
SWITCH VO Platform About the SWITCH Virtual Organization Platform and Pilot SWITCHaai aai@switch.ch Mannheim, 8. March 2011 Overview 1. Architecture 2. Experience so far 2 The Origin June 2009, Chad la
More informationIMPACT RESEARCH INVESTMENT DISCOVERY OPPORTUNITIES STRENGTHS ACCESS RESOURCES EFFICIENCIES COLLABORATION
University of Chicago University of Illinois Indiana University University of Iowa University of Maryland University of Michigan Michigan State University University of Minnesota University of Nebraska-Lincoln
More informationAbout augmented (attribute) reality
About augmented (attribute) reality VO management with Shibboleth 2 Lukas Hämmerle lukas.haemmerle@switch.ch Rome, 22. October 2009 Your favorite a -words we will focus on augment verb [ trans. ] make
More informationShibboleth-features and challenges in PowerFolder Sync & Share 11 FEB 2014
Storage task force Shibboleth-features and challenges in PowerFolder Sync & Share 11 FEB 2014 Roadmap for today Introduction Use cases / Installations The challenges of Sync & Share Federated AAI Large
More informationYet Another Virtual Organization Manager. Mihály Héder Gyula Szabó MTA Sztaki
Yet Another Virtual Organization Manager Mihály Héder Gyula Szabó MTA Sztaki Motivations The place of YAVOM in the big picture The YAVOM's architecture The application Screenshot Thoughts Motivations The
More informationFIM4R Version 2. David Kelsey AARC2 Community Engagement/Policy and Best Practice Harmonisation. Federated Identity Requirements for Research
Authentication and Authorisation for Research and Collaboration FIM4R Version 2 Federated Identity Requirements for Research David Kelsey AARC2 Community Engagement/Policy and Best Practice Harmonisation
More informationMichael Palladino October 8, 2012
Michael Palladino October 8, 2012 Security Enhancements: SafeDNS Enterprise Social Networking (ESN) InCommon Certificate Service 2 Josh Beeman 5 Virtual Machines, suitable for up to 17,000 users Migration
More informationISA Action Pilot DEMO session. Date: Authors: Britt Joosten, Guillermo Enero, Ignasi González
ISA Action 1.18 Pilot DEMO session Date: 04-12-2014 Authors: Britt Joosten, Guillermo Enero, Ignasi González Agenda 1. Objectives 2. Context 3. Scope of the Pilot 4. Components 5. Environments 6. Use cases
More informationAARNET - SCIENCE ENGAGEMENT
AARNET - SCIENCE ENGAGEMENT David Wilde, CTO - david.wilde@aarnet.edu.au Internet2 Tech Exchange 18 October 2017 How we engage What has worked Lessons learnt AARNet Pty Ltd 2 E-RESEARCH ENGAGEMENT TO BEGIN
More informationIden'ty and Access Management Governance
Iden'ty and Access Management Governance Real world prac'ces that work in Higher Educa'on Roopa Chowbey Manager, Iden'ty management 1 Agenda Background Iden'ty and Access Management (IAM) program at George
More informationInternet2 COmanage Project. CoCoA Virtual Working Group
Internet2 COmanage Project CoCoA Virtual Working Group COmanage: Person Atribute Management for Virtual Organizations and Collaborations What is? An identity management system system specifcally designed
More informationBuilding Online Portals for Your Customers & Partners with Okta. An Architectural Overview OKTA WHITE PAPER
OKTA WHITE PAPER Building Online Portals for Your Customers & Partners with Okta An Architectural Overview Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107 info@okta.com 1-888-722-7871 wp-portalarch-012913
More informationINTEROPERABILITY BETWEEN CENTRAL AND LOCAL GOVERNMENT IDENTITY ASSURANCE SCHEMES
INTEROPERABILITY BETWEEN CENTRAL AND LOCAL GOVERNMENT IDENTITY ASSURANCE SCHEMES Can they coexist? Is it compelling? White Paper IDENTITY STEERING GROUP By Rob Laurence and Ian Litton Executive Summary
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationFrom edupert to GN4SA3T3 P1
From edupert to GN4SA3T3 P1 Kurt Baumann, SWITCH GN3plus, SA4T3 TL UCISA Workshop 13 th of January 2015 From edupert to GN4SA3T3 P1 Outline edupert - What it is Communication and Workflow Highlights GN3+
More informationBuilding an IAM Program at Portland State University. Polling URL:...
Building an IAM Program at Portland State University Polling URL:... PRESENTED BY: 2018 Internet2 Ryan Bass, Associate CIO, Portland State University Jessica Coltrin, Associate Director, Portland State
More informationGovernance Model Working Group Report
Governance Model Working Group Report Report of the Swiss edu-id working group Governance Model Name Surname Job Title Christoph Graf, Petra Kauer-Ott Swiss edu-id Document Type: Report Version: V1.0 Created:
More informationEnabling Cross-University Collaboration with Harvard IAM: TIER, InCommon, and Grouper. IT Summit 2015 June 4, 2015 Thursday 1:10-2:00 p.m.
Enabling Cross-University Collaboration with Harvard IAM: TIER, InCommon, and Grouper IT Summit 2015 June 4, 2015 Thursday 1:10-2:00 p.m. Agenda What is Identity & Access Management at Harvard? IAM in
More informationEGI-Engage: The AAI Strategy for the EGI Infrastructure
EGI-Engage: The AAI Strategy for the EGI Infrastructure Christos Kanellopoulos - GRNET www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number
More informationAccounting for the Authentication and Authorization Infrastructure (AAI) Pilot Study
Accounting for the Authentication and Authorization Infrastructure (AAI) Pilot Study 2006 SWITCH Document management Version/status: 1.0 / final Date: 05-01-2006 Author(s): Patrik Schnellmann SWITCH André
More informationSAML 2 VO Platform Enable collaboration beyond institutional boundaries
SAML 2 VO Platform Enable collaboration beyond institutional boundaries Bern, 16. September 2009 Thomas Lenggenhager Lukas Hämmerle aai@switch.ch The VO Problem Support for Virtual Organizations across
More informationGEANT Strategy on Campus Identity Provider
GEANT Strategy on Campus Identity Provider Campus IdP session with Internet2 at TechEx 2018 Mario Reale (GARR) - Michael Schmidt (DFN/LRZ) On behalf of the GEANT Campus IdP task team TechEx 2018 - Orlando
More informationHEXAA e-science gateways with external attribute authority
HEXAA e-science gateways with external attribute authority István Tétényi, MTA SZTAKI 21-May-2014 Co-Authors: Mr. Héder, Mihály (MTA SZTAKI); Mr. BAJNOK, Kristóf (NIIF); Dr. FARKAS, Zoltán (MTA SZTAKI);
More informationIAM Task Force Update. April 3, 2015
IAM Task Force Update April 3, 2015 April 3, 2015 For Today The Group The Charge IAM at CSU Recommendations Discussion 2IAC Presentation April 3, 2015 Task Force Members Human Resources Tracy Hutton College
More informationLEAP Platform Architecture Overview
LEAP Platform Architecture Overview Leo Janze, Sr. Director Of Engineering Muneer Ahmed, Architect Copyright 2016 Dell.. All rights reserved. 1 Safe Harbor Disclaimer This presentation contains forward-looking
More informationQuestionnaire. Identity Management Maturity Scan for SWITCHaai. Thomas Lenggenhager, SWITCH Thomas Siegenthaler & Daniela Roesti, CSI Consulting AG
Questionnaire Identity Management Maturity Scan for SWITCHaai Thomas Lenggenhager, SWITCH Thomas Siegenthaler & Daniela Roesti, CSI Consulting AG Version: V2.1 Created: 19. Aug. 2011 Last change: 13. Nov.
More informationREFEDs Meeting 31 October 2010 Atlanta, USA Author: Nicole Harris. Table of Contents
Page 1/8 TITLE / REFERENCE: REFEDS MEETING OCT 2010 REFEDs Meeting 31 October 2010 Atlanta, USA Author: Nicole Harris Table of Contents 1. Welcome and Apologies... 1 2. Approval of Agenda... 2 3. Minutes
More informationGÉANT IaaS Framework Cookbook
27-03-2017 Supporting Documentation Grant Agreement No.: 731122 Work Package/Activity: 10/JRA4 Task Item: Task 3 Lead Partner: GEANT Limited Document ID: GN42-16-114E4 Authors: Mary Grammatikou (GRNET),
More informationTIER Release One A Community Milestone, Why It's Important and What's Next
TIER Release One A Community Milestone, Why It's Important and What's Next Monday, April 25, 2016 Speakers John O Keefe (Lafayette College), Moderator and Member of the TIER Community Investor Council
More informationSolving Identity Fragmentation with Oracle Unified Directory
Solving with Peter Abrahamsson Technology Sales Consultant InfoSec Oracle Sales Consulting Centers 17 November, 2016 Silos Solving stores seen as Silos Solving Apps Databases Enterprise Apps Servers Mobile
More informationHEXAA Attribute Authorities beyond Access Control. Kristof Bajnok, NIIF TF-EMC2, Zürich
HEXAA Attribute Authorities beyond Access Control Kristof Bajnok, NIIF TF-EMC2, Zürich 11.02.2014. Vision: We Want More Than Entitlements Today we have VO management software for managing groups Attribute
More informationOASIS Service Provisioning Markup Language (SPML) v2 Federated Provisioning
OASIS Service Provisioning Markup Language (SPML) v2 Federated Provisioning Draft 0.6 2006 March 06 Document identifier: pstc-spml2-fed-prov-use-cases-06 Location: http://www.oasis-open.org/committees/provision/docs/
More informationStandard Terms and Conditions for Integrations
Standard Terms and Conditions for Integrations Converted to PDF on May, 17 th 2016 This PDF can be downloaded from: www.itslearning.nl/voorwaarden Original source: www.itslearning.eu/integration Pagina
More informationRecipes for Success in Creating Customer Identity. An API Approach To Building the Identity, and Identity Data, Ecosystem
Recipes for Success in Creating Customer Identity An API Approach To Building the Identity, and Identity Data, Ecosystem Creating identity platforms and products from a single API CONTENTS 4 Introduction
More informationHigher Ed. Identity Management Collaboration : Position Paper - Making Identity Federation Work for Canadian Universities
Higher Ed. Identity Management Collaboration : Position Paper - Making Identity Federation Work for Canadian Universities This page last changed on Oct 19, 2006 by alleyj@mcmaster.ca. Background Introduction
More informationUNIVERSAL IDENTITY ENFORCEMENT
Introducing UNIVERSAL IDENTITY ENFORCEMENT for the Borderless Enterprise Cloud Mobile Network As a Level 1 PCI-compliant service provider, we needed a solution that not only met the stringent standards
More informationEmory University Case Study I2 Day Camp
Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall About Emory Facts & Figures Private university in suburban Atlanta ~ 13,000 undergrads, 7,000 grads Professional schools,
More informationCommon Challenges in HE
Common Challenges in HE Introducing Identity Management An integrated IDM solution can help address these HE challenges Users Roles Services Identity Management Journey in UCD 1) Approach Who I Interviewed
More informationdemand their familiar environment, services and privileges available whenever they move from one site to another.
5 Services Many s are involved in providing a number of important services to their customers, in addition to providing the connectivity. This section provides information about work in four service areas:
More informationSA1 Update, approach & discussion on pilots
Authentication and Authorisation for Research and Collaboration SA1 Update, approach & discussion on pilots http://tinyurl.com/net39et High level Goals and Approach for SA1/Pilots Demonstrate that the
More informationAppendix 1: Principal requirements specification
Appendix 1: Principal requirements specification 0 General 0.1 General information about the Customer s list of requirements This document describes requirements for a national service for digital assessment.
More informationWorking Groups. Swiss edu-id a joint effort. Petra Kauer-Ott
Working Groups Swiss edu-id a joint effort Petra Kauer-Ott petra.kauer@switch.ch Berne, August 13 2014 Goals Record the community s needs as to user-centrism specific IdM processes interoperability implementation
More informationIdentity Brandeis University. #NERCOMPIdM bit.ly/nercomp_identitymgmt
Identity Management @ Brandeis University #NERCOMPIdM bit.ly/nercomp_identitymgmt Who am I? Ian Rifkin irifkin@brandeis.edu Director of Data and Systems Integration Brandeis University - Web and Middleware
More informationConfiguring Single Sign-On for Oracle Enterprise Performance Management Cloud. Configuring Single Sign-On Between EPM Cloud and NetSuite
Oracle Cloud Configuring Single Sign-On for Oracle Enterprise Performance Management Cloud In this Document Overview Configuring Single Sign-On Between EPM Cloud and Oracle Fusion Cloud Configuring Single
More informationDAM Requirements Checklist
DAM Requirements Checklist Insert Vendor Names DAM Requirements for: Prepared by: Date: High-Level Functional Requirements Webdam Access Features Easy & secure anytime, anywhere access Native mobile app
More informationShibboleth Access Management Federations as an Organisational Model for SDI
Shibboleth Access Management Federations as an Organisational Model for SDI C.I.Higgins, M.Koutroumpas, A.Seales, EDINA National Datacentre, Scotland A.Matheus, University of the Bundeswehr, Germany INIRE
More informationJob Position In Japan Enriching Welfare System
Mercari RecruitingEngineer Job Position In Japan Enriching Welfare System About the Company Mercari s mission is to create value in a global marketplace where anyone can buy & sell. Today, we proudly count
More informationEnterprise Identity and Single Sign-On ENTERPRISE-GRADE IDENTITY & SSO SOLUTIONS
sales@9starinc.com www.9starinc.com ENTERPRISE-GRADE IDENTITY & SSO SOLUTIONS Overview 9STAR is a rapidly growing and recognized market leader in providing nextgeneration enterprise-grade secure identity
More informationThe following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material,
More informationCommonwealth Digital Transformation Agency (DTA) Initial Privacy Impact Assessment (PIA) for the Trusted Digital Identity Framework (TDIF) Alpha
Commonwealth Digital Transformation Agency (DTA) Initial Privacy Impact Assessment (PIA) for the Trusted Digital Identity Framework (TDIF) Alpha FINAL 5 December 2016 (GC460) Contact: Galexia Ph: +61 2
More informationEllucian CRM: platform overview
Ellucian CRM: platform overview Enterprise-class, higher education-specific Built for higher education Ellucian CRM is designed for colleges and universities and provides higher education-specific business
More informationMASAI PROVIDING SEAMLESS INTEGRATION OF MOBILITY AND TOURISM TO ESTABLISHED STAKEHOLDERS AND START-UPS
MASAI PROVIDING SEAMLESS INTEGRATION OF MOBILITY AND TOURISM TO ESTABLISHED STAKEHOLDERS AND START-UPS MOBILITY BASED ON AGGREGATION OF SERVICES AND APPLICATIONS INTERCONNECTION PROBLEM: TRAVEL TODAY UNCONNECTED
More informationCSP Forum 2014, Athens, May
CSP Forum 2014, Athens, May STORK 2.0 in motion! Identity as a Service and the emerging Attribute Economics
More informationIdentity Management: What it is, isn t and what it can do for you. Tom Golson, TAMU IT
Identity Management: What it is, isn t and what it can do for you Tom Golson, TAMU IT Agenda Identity management, from a high level TAMU IT s history in Identity Management Brief overview of Dell ONE Identity
More informationUtilizing Oracle Standard Functionality and other Oracle tools to comply with Sarbanes- Oxley By Olga Johnson City of Detroit
Utilizing Oracle Standard Functionality and other Oracle tools to comply with Sarbanes- Oxley By Olga Johnson City of Detroit Information on Speaker Olga Johnson Title is Business System Support Specialist
More informationBusiness Process Management (BPM) system SimBASE 4 Introduction June 2015
4 [ r ] e v o l u t i o n Business Process Management (BPM) system SimBASE 4 Introduction June 2015 Contents Part 1: What is SimBASE 4 Part 2: Architecture and technologies Part 3: User interfaces Part
More informationSDMX Roadmap In this Roadmap 2020, the SDMX sponsors outline a series of strategic objectives:
SDMX Roadmap 2020 SDMX is the leading standard for exchanging and sharing data and metadata in official statistics. SDMX is sponsored by seven International Organisations and is recognised by many international
More informationPlanning and Implementing Enterprise Identity Management: Why we did it, what we did, and how we did it
Planning and Implementing Enterprise Identity Management: Why we did it, what we did, and how we did it Information Technology Services Neil Thelander, Director, Information Technology Services Division
More informationCUSTOMER ENGAGEMENT STARTS WITH SINGLE SIGN-ON
E-BOOK CUSTOMER ENGAGEMENT STARTS WITH SINGLE SIGN-ON (BUT IT DOESN T END THERE) 03 ANSWERING HIGH EXPECTATIONS WITH CUSTOMER SSO 05 EXCEED EXPECTATIONS WITH CUSTOMER SSO 07 SSO IS WINNING THE CUSTOMER
More informationINTEGRATING PING IDENTITY SOLUTIONS WITH GOOGLE IDENTITY SERVICES
INTEGRATING PING IDENTITY SOLUTIONS WITH GOOGLE IDENTITY SERVICES How two technologies work together to add more value to your enterprise TABLE OF CONTENTS 03 04 05 06 07 08 08 08 EXECUTIVE SUMMARY INTEGRATION
More informationITSMA Release Release Readiness for Customers
ITSMA ITSMA 2017.07 Release Release Readiness for Customers Session 3 of 3 August 16, 2017 ITSMA 2017.07 Release Readiness Webinars Set of webinars to facilitate customer readiness for the upcoming release
More informationEnabling the Autonomic Management of Federated Identity Providers
Enabling the Autonomic Management of Federated Identity Providers Christopher Bailey, David W. Chadwick, Rogério de Lemos, and Kristy W.S. Siu School of Computing, University of Kent, UK {c.bailey,d.w.chadwick,r.delemos,k.w.s.siu}@kent.ac.uk
More informationThe future is web-scale
IFLA 2010 The future is web-scale Norbert Weinberger Managing Director OCLC Germany Why Web-scale / Cloud Computing? Libraries are doing more than ever Silos, costs, time requirements, inefficiency are
More informationIAM Online InCommon Technical Advisory Committee 2017 Work Plan
IAM Online InCommon Technical Advisory Committee 2017 Work Plan March 22, 2017 Mark Scheible, MCNC, TAC Chair Janemarie Duh, Lafayette College Mike Grady, Unicon Nick Roy, Internet2 Keith Wessel, University
More informationEconomic and Social Council
United Nations Economic and Social Council Distr.: General 19 December 2018 Original: English Statistical Commission Fiftieth session 5 8 March 2019 Item 4 (g) of the provisional agenda* Items for information:
More informationEconomic and Social Council
United Nations Economic and Social Council Distr.: General 19 December 2018 Original: English Statistical Commission Fiftieth session 5-8 March 2019 Item 4(g) of the provisional agenda* Items for information:
More informationRFID supply chain standards. Brussels, 24 October 2007 Henri Barthel, GS1 Global Office
RFID supply chain standards Brussels, 24 October 2007 Henri Barthel, GS1 Global Office GS1 in a nutshell GS1 is a not-for-profit organisation that develops global standards for the identification of goods
More informationCOLD STORAGE SOLUTIONS
COLD STORAGE SOLUTIONS +2 C TO +20 C / -40 C TO -80 C FOR THE PHARMACEUTICAL, BIOTECHNICAL INDUSTRY, HEALTH CARE ORGANISATIONS AND NGO S Arctiko engineering PROJECT ENGINEERING OF COLD STORAGE ROOMS FOR
More informationProposal for restructuring TF-CSIRT and the Trusted Introducer Service
Title: TF-CSIRT/TI Restructuring Proposal Version: 4.0 Date: 19 December 2011 Author: Kevin Meynell Contributors: Serge Droz, Lionel Ferette, Baiba Kaskina, Toomas Lepik, Don Stikvoort & Wilfried Woeber
More information