1 / 13

Federation as a Service

Federation as a Service. Marina Vermezovi ć , AMRES Federated Identity Technology Workshop Sofia, Bulgaria, 20 . Jun 201 4. Federation as a Service. Lower the technology barrier for NRENs and other interested groups in order to build their Identity federation and use eduGAIN.

rpfeffer
Télécharger la présentation

Federation as a Service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Federation as a Service Marina Vermezović, AMRES Federated Identity Technology Workshop Sofia, Bulgaria, 20. Jun2014.

  2. Federation as a Service • Lower the technology barrier for NRENs and other interested groups in order to build their Identity federation and use eduGAIN. • Number facts, when we started: • 43 partners in GN3plus • almost all GN3plus partners in eduroam, 18 federations in eduGAIN 21 GN3plus partners don’t have WebSSO Identity federation source: www.eduroam.org source: www.edugain.org

  3. Federation as a service • Half of the GN3plus partners do not operate and WebSSO Federation • As the consequence, they are not able to use othe GN3plus services such as: • eduGAIN • Cloud services supported by SA7 activity: • Collaboration suites • File storage and synchronization services • Realtime communication, webconferencing services • ​​​Infrastructure as a Service

  4. FaaS Market Analysis • First, we needed to understand what are the issues hindering development of Identity federations in NRENs • April - September 2013 FaaS was conducting Market Analysis talking to NRENs • 6 NRENs responded and were interviewed • Based on the results, we wrote Market Analysis and Pilot Service Definition document

  5. FaaSSurvey – Identifying Issues priority funding server infrastructure knowledge manpower policy no SPs interest manpower knowledge server infrastructure • interest • manpower • knowledge • server infrastructure • management of user identites

  6. FaaSSurvey – Identifying Issues priority funding server infrastructure knowledge manpower policy no SPs interest manpower knowledge server infrastructure • interest • manpower • knowledge • server infrastructure • management of user identites

  7. FaaSSurvey – Identifying Issues priority funding server infrastructure knowledge manpower policy no SPs interest manpower knowledge server infrastructure • interest • manpower • knowledge • server infrastructure • management of user identites

  8. Federation and Interfederationtrustmodel Identity Federation Aggregation Signing Federationmetadata local federation Interfederationmetadata local federation opt-ed Registration + eduGAIN metadata Options for exposing the entities to eduGAIN: opt-IN or opt-OUT IdP metadata SP

  9. Federation metadata management • Task list: • Registration of IdP and SP entites metadata • Validate metadata • Enrich entites metadata – e.g. geolocation, logo • Aggregate metadata • Sign metadata • Republishing interfederation metadata in local federation • Publish local federation entites that want to interfederate • Important • Gets too cumbersome to do this manually, use tools for automatization! • Important to perform securely and trustworthy

  10. FaaS in GN3plus • Goal: Lower the technology barrier for deployment of Identity federation for NRENs and other groups • Provide the tools to efficently manage Identity federation and connect to eduGAIN • Each FaaS customer gets its own FaaS instance with hosted tools: • Resource Registry – register IdPs and SPs and their metadata • Metadata Aggregation • Metadata signing using HSM • Central Backup Discovery service

  11. FaaS workflow • IdP/SP administerively register in federation outband from the RR • In this procedure IdP/SP administrators are appointed • IdP/SP admin can register the entity in RR via simple registration form • Federation operator needs to approve registration • IdP/SP admincan enrich entity metadata through rich and user friendly form • IdP/SP admin can request for entity to be published in the local federation and interfederation • Federation operator needs to approve such request

  12. FaaS timeline • Entered the pilot in May 2014 • Currently piloting with 2 NRENs - ACOnet and AMRES • Preparing for FaaS workshop in October 2014 for all interested NREN • Workshop will focus on Federation operator practices and hands-on for FaaS tools ! • If you are interested to participate in the workshop please contact us! marina@amres.ac.rs, valter@sunet.se

  13. Thank you!

More Related