InCommon and edugain: Joining the International Federation Community

Similar documents
Baseline Expectations for Trust in Federation: Increasing Trust and Interoperability in InCommon

IAM Online InCommon Technical Advisory Committee 2017 Work Plan

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Working Groups Report: Making Federa5on Easier

TIER Release One A Community Milestone, Why It's Important and What's Next

InCommon Update. Ann West InCommon/Internet2

Internet identity: Forward in All Directions. Dr Ken Klingenstein, Director, Middleware, Internet2

Enabling Cross-University Collaboration with Harvard IAM: TIER, InCommon, and Grouper. IT Summit 2015 June 4, 2015 Thursday 1:10-2:00 p.m.

openmdm Working Group charter

Data Authorization and Access: Empowering Faculty and Research Units

ISO : ENVIRONMENTAL MANAGEMENT SYSTEM (EMS) - INTERNAL AUDITOR COURSE

Carequality Governance Charter

2013 STRATEGIC PLAN: INTRODUCTION

The Office of Academic Computing Services. A unit of the College of Behavioral and Social Sciences. University of Maryland College Park

Our Future, Part 2. Building a better organisation together

INCOMMON TRUST FEDERATION

FIM4R Version 2. David Kelsey AARC2 Community Engagement/Policy and Best Practice Harmonisation. Federated Identity Requirements for Research

WELCOME TO THE BOARD SCORECARD WORKSHOP

Strategic Planning Document. Est. 1975

MEMORANDUM 20 June Mr. Scott Honea Interim Associate Vice President for Intomation Technology and CIO Texas A&M Information Technology

Maynooth University Guidelines for Internal Quality Reviews of Academic Departments / Schools

Shibboleth Consortium Update and Development Roadmap

TERMS OF REFERENCE & PROFILE: Director of the Board DATE: January 2018

Vision: To be the preeminent professional society for healthcare executives dedicated to improving health.

MAXAR TECHNOLOGIES INC. CORPORATE GOVERNANCE GUIDELINES

Carequality for a Common HIE Framework

IAM Online Thursday, April 8, 2010

The I-Trust Federation: Federating the University of Illinois

AUTOZONE, INC. CORPORATE GOVERNANCE PRINCIPLES

5/24/2016. Washington State University Strategic Plan On web site at Strategic Plan web site

PHASE IV: IMPLEMENTATION OF THE POWER OF SUNY Draft: October 19, 2010

January 11, /6/2016. Washington State University Strategic Plan On web site at

JOB AND REQUIREMENT PROFILE FOR HEADS OF DEPARTMENT AT CBS 1. INTRODUCTION 2. CBS STRATEGY

Project Management Professional (PMP)

Audit committee performance evaluation

Huntington Bancshares Incorporated

KUMBA IRON ORE LIMITED (Registration number: 2005/015852/06) ( Kumba or the Company )

Project ASSIST. Software Development Framework

2017 to 2020 Strategic Plan. Approved by the CAA Board of Directors: March 1, 2017

Modernizing compliance: Moving from value protection to value creation

InAcademia Simple Validation Service

REFEDs Meeting 31 October 2010 Atlanta, USA Author: Nicole Harris. Table of Contents

IT Governance Proposal. Western Illinois University. September 2013

Establishing a Medical Licensing Assessment Programme Board

UW Colleges and UW-Extension Restructuring Steering Committee Weekly Update week of March 5, 2018

AMERICAN COUNCIL OF ENGINEERING COMPANIES OF SOUTH DAKOTA

CSA Security as a Service Working Group Charter

Are you ready for Industry 4.0? FY2017 Stakeholder engagement summary

The University of Texas at San Antonio. Internal Audit Annual Report For Fiscal Year As required by the Texas Internal Auditing Act

Implementing the Global Legal Entity Identifier (LEI) System A Charter for the Regulatory Oversight Committee and Report on Progress

REQUEST FOR COUNCIL ACTION

Proposed New Governance Structure Frequently Asked Questions (FAQ s)

Faster Payments Effectiveness Criteria - What s Next?

One Watershed, One Plan Operating Procedures

Designing and Implementing Mentoring Programs for Early Career Faculty

CHHS Master Data Management Strategy

FHWA Update AASHTO Subcommittee on Maintenance Annual Meeting Providence, RI. Connie Yew

40 Science Hall 550 N. Park Street Madison, WI wicci.wisc.edu

Campus. Impact. project to

Multi-Regional Clinical Trials Center FDLI Webinar, November 10, 2015

Keeping the FLAME alive

An Assessment of Parcel Data in the United States 2005 Survey Results

The City of Brooklyn Center, Minnesota SEEKS A CULTURALLY COMPETENT, PROGRESSIVE, AND INNOVATIVE COLLABORATOR TO BE ITS NEXT DEPUTY CITY MANAGER

Strategic Priorities Division of Continuing Studies Strategic Priorities

HR2020. Strategic Plan. Indiana University Human Resources

Board Governance Principles. March 15, 2018 TE CONNECTIVITY VISION AND VALUES

Richland Community College May 2009

The table below compares to the 2009 Essential Elements and the 2018 Enhanced Data Stewardship Elements

CISCO SYSTEMS, INC. CORPORATE GOVERNANCE POLICIES

A1: Authorizer Mission and A.2: Authorizer Vision and Organizational Goals:

HRS Road Map Policy Revision Suggestions Pay Calendar Consolidation DRAFT Background/Charter Document as of 10/7/2013

Ralph Johnson, Chair Task Force on Governance and Member Participation

CORPORATE GOVERNANCE GUIDELINES

InAcademia Simple Validation Service

National Policy Corporate Governance Principles. Table of Contents

Charter of the International Aerospace Quality Group (IAQG)

STANDARD MOTOR PRODUCTS, INC. CORPORATE GOVERNANCE GUIDELINES. (Amended as of January 30, 2018)

FSC Forest Management Group System Procedures

Transatlantic ehealth/health IT Cooperation Roadmap

Scheduling Policies Town Hall. June 6, 2018

GOLD FIELDS LIMITED. ( GFI or the Company ) BOARD CHARTER. (Approved by the Board of Directors on 16 August 2016)

Consortia Report on Governance Compliance of Rules and Procedures

IMS Technical Advisory Board Policies and Procedures Version 9.3 Draft for Comment

RUBRICS GOVERNING CALL AND PLACEMENT PROCEDURES. for MINISTERS OF RELIGION COMMISSIONED

ADMINISTRATION OF QUALITY ASSURANCE PROCESSES

SAMPLE Marketing Slides for Building a Compliance Program

PROJECT CHARTER STUDENT EMPLOYMENT PROCESS

Field Experience Handbook

Board of Directors Meeting Agenda Report

WG WEARNE LIMITED (Registration number: 1994/005983/07) ( the Company / Wearne )

Diversity, Equality, Equity, & Inclusion Policy

SKYCITY ENTERTAINMENT GROUP LIMITED CORPORATE SOCIAL RESPONSIBILITY COMMITTEE CHARTER LAST REVIEWED DECEMBER 2018

The Charge of the Office of Equity and Inclusion is to build a program that addresses 10 critical areas of work:

Number: DI-IPSC-81427B Approval Date:

REPORT 2015/128 INTERNAL AUDIT DIVISION. Audit of the Field Personnel Specialist Support Service in the Department of Field Support

PMI Scheduling Professional (PMI-SP)

2013 NASCIO Recognition Award Nomination. State of Michigan. Nomination Category: Cross-Boundary Collaboration and Partnerships

Number: DI-IPSC-81427B Approval Date:

THE GAP, INC. CORPORATE GOVERNANCE GUIDELINES (As of May 17, 2016)

A.T. Still University Department of Diversity Strategic Plan EXECUTIVE SUMMARY

Transcription:

InCommon and edugain: Joining the International Federation Community Executive Summary Researchers, faculty, staff, graduate students and others involved in research, scholarship and education increasingly interact with international colleagues. Many projects and virtual organizations prefer to use federated identity management, allowing individuals to use their home credentials to gain access to collaboration tools. However, identity and access management federations align with national boundaries, creating barriers to international collaboration, with each country and federation maintaining their own policies, practices and legal constraints. To aid with federation across national boundaries, InCommon will use edugain, an international service run by GÉANT in the European Union. edugain now includes 40 national research and education federations worldwide and can enable collaboration among 31 million individuals, 8 million of which are supported by InCommon. InCommon will send connection information - otherwise known as metadata - about InCommon Identity Providers and Service Providers to edugain for inclusion in their global service. (Metadata is the information exchanged among participants to make federation happen.) InCommon will make the necessary adjustments to its policy documents to align with edugain policies and provide a review period for community comment. InCommon will strongly encourage Identity Providers and qualifying Service Providers to participate in the global R&S program to streamline access to services. The balance of this document provides information about the changes needed for edugain adoption -- both for the InCommon Federation and for InCommon participants. In addition, InCommon will provide a comprehensive series of communications about the implications of interfederation and about planning for deployment. 1

InCommon and edugain: Joining the International Federation Community Background - Strategic Direction Many countries have established a national identity research and education federation similar to InCommon. This enables seamless access to services within each country, but not between countries. Interfederation takes place when a user from one federation accesses a service that is registered in another federation. This is important as research, teaching and learning increasingly cross international boundaries. The vision, like physical networking (and the creation of the Internet itself), is to interconnect federations so that a user in one country can seamlessly access a service in another country using his or her home credentials. The international research and education trust and identity community have chosen to use the European-based global edugain service, which provides a lightweight technical and policy infrastructure to enable interfederation. 1 edugain now includes 40 national research and education federations worldwide and can enable collaboration among 31 million individuals, 8 million of which are supported by InCommon. In 2013, the InCommon Technical Advisory Committee (TAC) appointed two working groups to explore the requirements for interfederation. 2 Based on these working group reports, and recommendations from the InCommon Steering Committee and the InCommon TAC, Internet2 joined edugain in April 2014 to facilitate interfederation and enable international collaboration. InCommon has conducted a pilot to develop a proposed technical implementation process. The edugain Policy and Community Working Group (PCWG), commissioned by the InCommon Steering Committee, has recommended legal and policy changes to accommodate this new functionality. 3 The New Entities Working Group, charged by the InCommon Technical Advisory Committee, has recommended policies and practices related to interfederation, specifically accommodating entities from other federations appearing in InCommon metadata. 4 The PCWG explored InCommon s interfederation participation using these guiding principles: International interfederation is a cornerstone of InCommon s support for U.S. research and education, and global collaboration. Individual participant organizations will retain control over whether they interact with international organizations. 1 http://services.geant.net/edugain/about_edugain/pages/home.aspx 2 See https://spaces.internet2.edu/display/incinterfed/interfederation+tac+subgroup and https://spaces.internet2.edu/display/incinterfed/final+report+to+tac 3 A summary of the working group s charge and a list of members is at the end of this paper. 4 The New Entities Working Group has published its recommendations at https://spaces.internet2.edu/display/newentities/home 2

International Interfederation Service: edugain Operated by GÉANT, an organization that interconnects Europe s national research and education networks, edugain now serves 40 national identity federations around the world, providing a common lightweight technical and policy infrastructure. Members of all of these federations have the potential to interact with one another. This ultimately allows a researcher to use credentials from his or her home organization and enjoy single sign-on convenience to resources offered through other national federations. Those InCommon Participants offering services via the federation (like a sponsored partner) can, if they choose, offer SSO convenience to international customers and colleagues. edugain enables the trustworthy exchange of identity information between federations. To join the service, each national federation must sign an unilateral declaration, be reviewed by its federation peers, and export all or part of its metadata information to edugain (see the illustration below). 5 The edugain service combines these files and republishes a signed aggregate file (following its technical and security procedures). An edugain member-federation imports the global metadata file, does any processing based on its policies and procedures, and publishes that metadata for the use of its members. 6 The trust model of edugain is simple: operators of IdPs or SPs must follow the policies, rules and legal structure of their home federations. Federations post their practices, in the form of a Metadata Registration Practice Statement, that others can review to determine eligibility, registration practices and other relevant details. It is important to note that not all edugain member federations register participant metadata in the same way as InCommon. 5 A video overview of edugain is also available: https://www.youtube.com/watch?v=x1yhufpxmz8 6 edugain member federation registration practices: see: https://technical.edugain.org/status.php 3

InCommon in the Context of Interfederation Interfederation will require changes for the InCommon Federation and may require changes for individual InCommon Participants. This section identifies and describes these changes and offers advice where appropriate. Governance: InCommon has appointed a delegate and deputy to the edugain Steering Group (esg), which provides oversight and governance for the service. As part of the esg, InCommon participates in discussions and adheres to decisions made on policy and technical matters, such as changes to the documents governing service capabilities, eligibility, technical requirements and dispute resolution. The service is stewarded by the edugain Executive Committee (eec), a group currently appointed by GÉANT. 7 1. InCommon will report any relevant edugain service changes to the InCommon Steering Committee, the Technical Advisory Committee and the Assurance Advisory Committee. 2. InCommon will also provide updates on interfederation to the community as necessary. Transparency: Transparency is the basis for trust in edugain, just as it is within the InCommon Federation. edugain requires that federations post how they manage their metadata. InCommon publishes its Metadata Registration Practices Statement (MRPS) on its wiki and edugain maintains a list of member federations and their respective MRPSs on its website. 8 Policy Structure: InCommon Participants have signed the InCommon Participation Agreement and are bound by that document and its rules and practices (and the laws of the United States). Identity Providers and Service Providers from other countries are bound by the rules and practices of their home federations and laws of their countries. 3. InCommon will publish a list of questions that organizations should consider when making decisions relating to interfederating with international partners. 9 4. Per the edugain PCWG recommendation, InCommon will publish a policy outlining the data it collects about organizations participating in the federation and related identity provider and service provider contacts. 5. Interfederation with international partners required InCommon to revise the InCommon Participation Agreement. Participants should review these changes prior to February 11, 2016, when they take effect. Dispute Resolution: If organizations from different federations have a dispute that they can t resolve, edugain requires that the sites engage their national federations to manage the interactions. In this global dispute resolution process, InCommon will use best efforts to work with its participants, edugain and other federations. 7 The edugain constitution is here: http://services.geant.net/edugain/resources/pages/home.aspx 8 InCommon s MRPS is at https://spaces.internet2.edu/x/nwvkag. The list of edugain federations and their MRPS are available at https://technical.edugain.org/status.php. 9 https://www.incommon.org/edugain 4

6. An InCommon Participant that has a dispute with an organization in another federation will follow the published InCommon dispute resolution process, outlined in the Federation Operating Policies and Practices (FOPP). 10 Metadata Sharing: InCommon has always published its metadata aggregate publicly, as have many other research and education federations. 11 This metadata includes information required for interoperability, security, privacy and troubleshooting, such as identity and service provider URLs, organizational contacts, and public keys. Joining edugain does not change this; it merely provides a common international clearinghouse and sharing mechanism for this information. 12 InCommon will conform to the edugain Metadata Profile, which defines rules for submitting metadata to the edugain Metadata Service. 13 7. InCommon will communicate how it will import and export metadata to and from edugain. 8. Just as with current policy, organizations retain the ability to decide whether or not they will interact with partners. 9. InCommon strongly recommends that all identity providers and global service providers participate in international federation service. However, organizations can request not to do so. 10. InCommon will publish guidelines for implementing these local decisions. Attribute Schema: The edugain Attribute Profile recommends the user information to be included in attribute exchange. 14 11. Like InCommon, edugain uses the eduperson schema. No further attribute schemas need to be supported. Research and Scholarship Service Category: The Research and Scholarship (R&S) Service Category 15 includes Service Providers that support research and scholarship collaboration. Identity Providers can release a small set of attributes to the entire category of services. As additional services meet the qualifications of the category, researchers from campuses 10 The InCommon dispute resolution process is described in section 8 of the FOPP (Federation Operating Policies and Practices), as referenced in section 5 of the InCommon Bylaws. Links to both documents, as well as the candidate drafts are at http://www.incommon.org/policies.html. 11 https://www.incommon.org/federation/metadata.html 12 To view the global services and identity providers that will be added to the InCommon metadata once interfederation is in production, see https://incommon.org/federation/info/all-entities-mdq-beta.html 13 http://services.geant.net/edugain/resources/pages/home.aspx 14 http://services.geant.net/edugain/resources/pages/home.aspx 15 http://refeds.org/category/research-and-scholarship 5

supporting R&S can automatically access these new services. Through edugain, InCommon Participants will have this same convenience of interaction with international R&S services. 16 12. InCommon strongly encourages Identity Providers and qualifying Service Providers to participate in the global R&S program to streamline access to services. 17 Other Categories and Services: InCommon will collaborate with other international federations in the creation of categories and services that benefit InCommon Participants and the global research and education community. 13. Any proposed new international categories or federation-level services will be reviewed by the InCommon community before implementation. Implementation Approach and Timeline Given the strategic nature of interfederation, the PCWG recommends that InCommon support the following approach: 14. By default, all InCommon Identity Providers will be included in the metadata exported to edugain. Identity Provider operators will have the opportunity, through the Federation Manager, to choose *not* to include their metadata in the export. 15. By default, all InCommon Service Providers will *not* be included in the metadata exported to edugain. Service Provider operators will have the opportunity, through the Federation Manager, to choose to include their metadata in the export. Organizations still determine with whom they federate, and those that wish to restrict their federation partners to InCommon Participants can do so in their local configuration. General Timeline and Transition Period InCommon plans to complete the transition to full interfederation in the spring of 2016. InCommon will provide a series of communications and training sessions for both managers and implementers about the ramifications of interfederation and about planning for deployment. Once approved by InCommon Steering, InCommon will release the revised InCommon Participation Agreement and Federation Operator Policies and Practices, both of which go into effect 90 days after Steering approval. InCommon will conduct an extensive community outreach effort around the changes, answer questions, and take feedback. 16 An overview of the InCommon R&S category is at https://spaces.internet2.edu/x/tydwag. For more detail, see https://spaces.internet2.edu/x/qivhbq 17 To find out which InCommon Participants support global R&S, see https://incommon.org/federation/info/all-entity-categories.htm 6

Conclusion The InCommon Federation was established to support scholarship, teaching and learning, and research. As these activities have evolved to transcend national boundaries, InCommon will become the national springboard to international partners to support these functions and to ease the friction of access for users. While federation and interfederation delivery will evolve over time, the first step towards this vision is to become full participating partners in edugain. Using this service places a number of requirements on InCommon and InCommon Participants. InCommon Steering and Technical Advisory Committees commissioned two community groups, the edugain Policy and Community Working Group and the New Entities Working Group, to determine the policy and technical ramifications of this change. These two groups developed a set of recommendations that support this international vision while still enabling InCommon Participants to choose with whom to federate. To help the community understand the impact on their organizations, InCommon will host calls, webinars and training sessions to help participants understand what they need to do to best support their organization and make a decision about interfederation. 7

Appendix A InCommon Working Groups and edugain Several working groups contributed to the recommendations in this draft, including two interfederation working groups led by Jim Basney (National Center for Supercomputing Applications) and Warren Anderson (LIGO). Many thanks for their time and attention. edugain Policy and Community Working Group The InCommon Steering Committee chartered the edugain Policy and Community Working Group (PCWG) to recommend a direction for InCommon s edugain deployment and to review InCommon s key policy documents and identify changes needed to align with edugain structure. The PCWG met during the first quarter of 2015 to discuss the trust model and key policy documents underlying the InCommon policy and technical infrastructure (the InCommon Participation Agreement and the Federation Operating Practices and Principles). The PCWG met during the first quarter of 2015 to discuss the trust model and key policy documents underlying the InCommon policy and technical infrastructure (the InCommon Participation Agreement and the Federation Operating Practices and Principles). Working Group members: Warren Anderson, LIGO Donald Beck, Davidson County Community College Susan Blair, University of Florida Steven Carmody, Brown University and InCommon Technical Advisory Committee Chris Holmes, Baylor University and InCommon Steering Craig Jackson, Indiana University John Krienke, Internet2 Tracy Mitrano, Cornell University Theresa Semmens, Chair, North Dakota State University Von Welch, Center for Applied Security Research Ann West, Internet2 Bill Yock, University of Washington and InCommon Steering New Entities Working Group Up until now, the InCommon metadata file contains only Identity Providers and Service Providers (entities) owned and managed by, either directly or indirectly, an InCommon participant. The InCommon Technical Advisory Committee chartered the New Entities Working Group to review how the Federation should include international metadata and other identity and service providers with unusual requirements. The appearance of these new types of entities within the InCommon metadata file will create new risk scenarios for current InCommon members. The mission of this Working Group was to identify what an IdP or SP operator would need to know about policies or practices associated with such entities. The Working Group met during late 2014 and the first part of 2015 to complete its work. 8

Working Group members: Jim Jokl, Chair, University of Virginia Warren Anderson, LIGO Steve Carmody, Brown University and InCommon TAC Steve Devoti, University of Wisconsin-Madison Tom Golson, Texas A&M University Eric Goodman, University of California Office of the President Ken Gray, University of Michigan Michael Hodges, University of Hawaii Scott Koranda, LIGO Steve Olshansky, The Internet Society Tom Scavo, Internet2 Mark Scheible, MCNC David Walker, Internet2 Keith Wessel, University of Illinois 9

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback