110 likes | 125 Vues
InCommon is a growing federation with over 80 members, providing access to academic and popular content, services, and resources. It enables real-time delivery of identity and attributes, supports role-based access controls, and integrates with collaboration management platforms.
E N D
InCommon • Approximately 80 members and growing steadily • More than two million “users” • Most of the major research institutions (MIT joining soon) • New types of members • Non usual suspects – Lafayette, NITLE, Univ of Mary Washington, etc. • National Institute of Health • Student service providers • Energy Labs • MS, Apple • Steering Committee chaired by Clair Goldsmith of Univ of Texas; Technical Committee chaired by Renee Shuey of Penn State
Uses • Access controlled wikis • Access to academic content, such as Elsevier • Access to popular content, such as Cdigix • Access to Microsoft • Access to services, such as student travel agencies, testing services, • Access to Grid computational resources, portal providers, recruitment services, etc • (Trust base for dynamic circuit authorization/accounting) • (Google Apps for Education)
InCommon • Impacts of federation are real • Dreamspark - Microsoft delivery of developer kits, source code, etc to students https://downloads.channel8.msdn.com/; over 50% of all download traffic from Microsoft was federation-enabled one week after announcement. • {Federation + persistent, opaque identifier + attributes with consent} addresses international privacy requirements. • InCommon Silver, a new profile is now being deployed to serve higher assurance applications • Federated Sharepoint, federated wikis are proving to be killer apps…. • www.incommonfederation.org
Federation Soup • Workshop to held early June • Bringing together all manners of federation to figure out federation relationships • InCommon, JISC, state federations, library federations, university system federations, grid federations, etc. • Topics include alignment of policies, technologies, attributes, metadata, etc. • Approaches include peering, nested, leveraged, and a whole lot of ad hoc • Outputs may include best practices, multi-homing, etc.
Capabilities of federated identity • Real-time delivery of identity and attributes • Supports role-based access controls • Providing privacy and enhanced security • Integrates with collaboration management platforms that are being adopted by virtual organizations
Real time access controls • Delivery of attributes to control points • Initially via web browsers and now via web services and a variety of native api’s • Rich controls at policy control points • ISOC “Identity, Trust and the Internet” will apply identity and trust to a growing suite of Internet RFC’s.
Collaboration and Federated Identity • Two powerful forces being leveraged • the rise of federated identity • the bloom in collaboration tools, most particularly in the Web 2.0 space but including file shares, email list procs, etc • Collaboration management platforms provide identity services to “well-behaved collaboration applications” • Results in user and collaboration centric identity, not tool-based identity
Comanage • A collaboration management platform, supported in part by a NSF OCI grant, being developed by the Internet2 community, with Stanford as a lead institution • Open source, open protocol • Uses Shibboleth, Grouper, and Signet • Parallels activities in the UK and Australia
Comanageable applications • Already done • Sympa, Federated wikis, Asterisk (open-source IP audioconferencing), Dim-Dim (open-source web meeting), Bedeworks (federated open-source calendar) • Immediate targets • Rich access controlled wikis • Web-based file shares, IM, Google Apps for Education • Domain science resources • Instruments • Grids
Domain ScienceInstrument Domain ScienceGrid C o Laboratory X Collaboration Management Platform (CMP)and the Attribute Ecosystem File Sharing Calendar Email List Manager Phone/VideoConference FederatedWiki CollaborationTools/ Resources ApplicationAttributes manage CollaborationManagementPlatform Authorization –Group Info Authorization –Privilege Info Authentication PeoplePicker OtherFunctions Attribute/Resource Info Data Store AttributeEcosystemFlows Home Org & Id Providers/Sources ofAuthority Sources of Authority University A University B
Possibilities and next steps • Virtual organizations adopting federated identity and collaboration management platforms • LIGO – www.ligo.org (and GEO and VIRGO) • Ocean Observing Initiative -(http://www.joiscience.org/ocean_observing) • Providing audit and security in a federated environment • Cutovers are more difficult than new VO • Integrating domain science tools • Cyberinfrastructure, e.g. Teragrid, OSG, integrating, providing collaboration management platform service centers • Integrating research administration into the mix