1 / 11

Federated Identity and the International Research Community

Federated Identity and the International Research Community. Dr Ken Klingenstein Director, Internet2 Middleware and Security. Topics. The Needs of researchers Meeting those needs International Issues and Implications. IdM Needs of Researchers. Access to collaboration tools

barbara-blackwell
Télécharger la présentation

Federated Identity and the International Research Community

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Federated Identity and the International Research Community Dr Ken Klingenstein Director, Internet2 Middleware and Security

  2. Topics The Needs of researchers Meeting those needs International Issues and Implications

  3. IdM Needs of Researchers Access to collaboration tools No modifications to existing domain science apps Command line tools International capabilities Multiple levels of assurance Roles, schema and attributes

  4. Meeting those needs • Bridging Federated Identity to Domain Apps • Gridshib – federated id in, X.509 PKI certificate out • Oauth – federated id in, delegation token out • SAML Extended Client Profile (ECP) for non-web apps • Boarding process a one-time task • Connecting federated identity to existing app identity

  5. Multiple levels of assurance • LOA 1 for wikis, outreach, etc • LOA 2 for grant administration • LOA 3/4 for sensitive data and apps • Step-up processes to integrate user experience

  6. Roles, schema and attributes Research communities have their own cultures, vocabularies, needs Building community-wide consistency on roles, privileges, groups provides tremendous leverage for collaborations Keeping it simple is critical and difficult

  7. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications and user communities Virtual organizations represent critical communities of researchers sharing domain resources and applications as well as general collaboration tools. Providing a unified identity management platform for collaboration is essential in a multi-domain, multi-tool world. Lots of activities in domesticating applications to work in a federated world, moving from tool-based identity to collaboration-centric identity.

  8. Domestication of applications The work of re-factoring applications to use the emergent identity services infrastructure Begins with federated identity and authentication, use of directories; gains a lot from group management for access control, etc Needs a fine grain set of authorization tools down the road Domesticated apps can receive IdM attributes via LDAP, SAML, X.509, SQL, Kerberos PAC, and maybe all of the above

  9. COmanage can provide authentication and basic authorization services (group membership, privilege management, etc) to domesticated apps • “Domesticated” applications currently include Mediawiki, Confluence, Jira, Subversion, Sympa, Listserv, Drupal, Nagios, Wordpress, Git. Plan to add audioconferencing, IM and chat rooms, EC2, Fedora, web-based file share, etc. • Not “collaboration in a box”. More collaboration in an open-standard, integrated box. The “stand-alone” can be readily replumbed to be completely integrated into enterprise, federated or other attribute ecosystems as they develop • Implemented as a service or as a VM, perhaps in a cloud

  10. International issues • Interoperability among federations • Technical issues straightforward • Policy alignment roughly okay • Formalizing however will be hard • Semantic differences in attributes

  11. International privacy issues • Privacy policies quite different • Differences among national policies • Differences between national and EU policies • Differences between policies and courts • PII differences • Consent and necessity differences

More Related