1 / 40

Stuff

Stuff. Ken Klingenstein. Four pieces of stuff. Federation soup Cormack slides on EU (and US) privacy NIH-InCommon International federation & Liberty Alliance ISOC and Identity and trust. Federation Soup: An Assembly of Ingredients. Welcome to the kitchen. A bit of context

truman
Télécharger la présentation

Stuff

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Stuff Ken Klingenstein

  2. Four pieces of stuff • Federation soup • Cormack slides on EU (and US) privacy • NIH-InCommon • International federation & Liberty Alliance • ISOC and Identity and trust

  3. Federation Soup:An Assembly of Ingredients

  4. Welcome to the kitchen • A bit of context • Goals and outcomes • Overview of agenda • Some other agendas ------------------- • Who we are in the room – some stories ------------------- • Reference terminology

  5. A bit of context • A very brief history of federating software • An even briefer history of federations • Interfederation interactions • of peering and soup • of technology and policy • of identity providers and service providers • outside our sector…

  6. Federating software • Shibboleth project formation - Feb 2000 • OASIS starts SAML work; linkages with Shib established Dec 2000 • Architecture and protocol completion - Aug 2001 • Release dates: Shib alpha1 April 2002, OpenSAML July, 2002, Shib v1.0 April 2003 • SAML TC evolved a fusion of Liberty, Shib and SAML into SAML 2.0 Nov 2005 • Microsoft-led business consortium develops WS-*, including WS-Fed, 2002-2008

  7. A brief history of federations • Federations at national levels in several countries, beginning with a variety of protocols and converging on SAML • Federations form along natural relationships – state university systems, state educational agencies, regional optical networks,… • Federations in the business context begin as 1-1 (outsourced services, like accounting) and sometimes grow into hub and spoke (e.g. automobile industry) • Other types of identity federations exist in pockets (e.g. federated PKI roots for IGTF)

  8. Why we are here:Interfederation Interactions • Peering and soup • Service providers often belong to multiple federations; some identity providers are being asked to join several federations • Federal government interactions happening, but not as first anticipated • Virtual organizations are now presenting real use cases that require international federation interactions • Other sectors keenly watching us

  9. Workshop Goals and Outcomes • Inform specific efforts • fostering of local federations • blending of local federations with national ones • minimizing challenges down the road through some up-front consensus and coordination (ala federation best practices) • international peering/soup • Exchange governance and organizational approaches • Understand businesses and business models • Establish ongoing mechanisms for communication and coordination • Grow community

  10. Overview of Workshop Agenda • Monday • Identifying the ingredients • Talking soup • BoF’s • Tuesday • Making soup • Affinity groups • Wednesday • Tasting the soup • Next steps

  11. Some other agendas • Getting to know each other • And finding affinity groups • Maximal discussions • Minimal powerpoint

  12. Some soup dimensions • Alignments – LOA, attributes, user experience • Legal models – Dispute Resolution, Indemnification, etc • Business models – Operator, Source of funds, Services offered, Communities served • Privacy management and international issues

  13. Alignments • Level of assurance – for strength of authentication • Attributes – for conveying authorization information, preserving privacy, etc • User experience – large multiplier…

  14. Possible business opportunities • Trust • For identity management • For ?? • Content distribution, ala BBC • Operate collaboration management platforms • Circulate related metadata • VO stuff (Schema, arps) • ? • Training

  15. Some stories • International tales – • Edupass.ca, UK Federation, Swami • InCommon • State and system activities • UCOP, UNC, Clair • Spices and salt • DOEgrids, Great Plains, Farmfed

  16. Who we are in the room – some stories • Communities served • Purpose of federation • Organizational and business approaches • One thing that has been surprising…

  17. Reference terminology • Terms vary in meaning by country and context • Shelf life of terms, especially policy and business ones, may be short • It’s ratholes all the way down…

  18. Thanks • To the Shibboleth crew • To the federation workers • To all of you • For the time you’ve taken • For tolerating an overdone metaphor • For the consequence we may have

  19. Federation Soup:Out of the Kitchen…

  20. Topics • Use cases • Federations.org • SAML-rama • Peering frameworks • Next steps

  21. Motivation • St. Mary’s of the Plains wanting access to StudentUniverse • Does a commercial SP have to join every federation? • Overlapping US federations, with different membership criteria • Where/how do we reach agreement on: • Attribute mapping • Identity Assurance mapping • Common approaches, in order to avoid mapping... • Do other communities need standardized attributes? How do they do that? Can we help?

  22. More questions • How do VOs fit into the federation picture? • How do US sites handle international partners, respecting privacy laws, etc. • What can the national level federations do to simplify this process (signed agreements, policy alignment, etc.) • Logging and audit in a federated space • What types of businesses are proper work for federations • Home for the homeless, alumni and OpenIds • Migrations from other technologies

  23. More use cases • LIGO and OOI • WUN • MUSE • NIH and NSF • Spaces wiki

  24. Federations.org • Interfederation of national R&E federations • More peering than soup • Possible activities • Reference point for new national federations • Aggregation of common materials • Triage for SP’s that want to learn how to deal with multiple federations • Assist in taking the federation template doc to RFC status • IDABC and EU Article 29 coordination • Successor to Refeds (http://www.terena.org/activities/refeds/)

  25. International Activities • http://www.terena.org/activities/refeds/ • A summary of discussions among R&E networks, including a survey of national efforts • http://www.jisclegal.ac.uk/access/ • Excellent policy analytics, especially around international issues of privacy, peering, and attributes • http://ec.europa.eu/idabc/ • TransEuropean activities in IdM for use among citizens, governments, and businesses

  26. IDABC, EU Article 29, Concordia Issues • IDABC • The pluses and minuses of gateways between SAML federations • EU Article 29 • Liberty attributes and PII • EPTID • Concordia • End-end use cases in federated identity intended to highlight gaps in protocols, schema, etc

  27. SAML-rama • The meeting right after this… • Developing a spec for a metadata profile • Addresses some of the critical technical issues in interfederation

  28. Peering Parameters • Parameters: • LOA • Attribute mapping • Legal structures • Liability • Adjudication • Metadata • VO Support • Economics • Privacy

  29. Peering frameworks • JISC Member-Federated Operator analysis • Feasability of cross-federation • EAuth-InCommon peering corpse • Kalmar Union • JISC template for inter-federation

  30. UK Bilateral Interfederation Template • Purpose, scope and limits of agreement • Entity assurance • Member-operator behavior • Problem resolution • Member-member behavior • Interfederation infrastructure

  31. Major Sections • Introduction (parties, nature of agreement, …) • Background (context, terminology, …) • Scope of the Agreement • Rights and Obligations of the Parties (see next) • Dispute Resolution • Financial Considerations • Limitation of Liability • Special Considerations (communications, implementation, technical issues) • Suspension or Termination

  32. Responsibilities of Parties 1. Ensure proper operation of federation operator according to documentation 2. Evaluate ISPs for conformance with defined identity assurance standards 3. Provide the other Party information about new federation members 4. Provide the other Party accurate metadata for federation members 5. Make federation metadata available to the other Party 6. Notify the other Party of changes to federation member requirements 7. Notify the other Party of federation inability to comply with its obligations 8. Coordinate with the other Party with respect to federation changes 9. Require transaction logs be kept by federation members for at least 6 months 10. Coordinate problem resolution with the other Party 11. Work with the other Party to resolve technical or operational problems 12. Respond to requests from the other Party for information about the federation 13. Notify the other Party in case of non-compliance with this agreement

  33. Kalmar Union • Common terminology • Rules • Privacy and Security • Technology • Change control • User Interface

  34. Terminology & Rules • Who? • What? • Who does what to whom?

  35. Privacy and Security • PII baseline • Explicit tie-in with EU PI directive • Delegate responsibility for 95/46/EC

  36. Technology & Standards • Gory details in appendix (RSN)‏ • Establish ”do now lower loa”-principle

  37. Change control • Regulate change to KALMAR including new members.

  38. User Interface • Make the user aware that she is crossing a national border (!)‏

  39. Next Steps • International • Federations.org • Peering between edupass.ca and InCommon, UK and InCommon, Kalmar Union • Federation roadmap • Soup

  40. Next soup steps • Affinity group in system federations • State feds – not yet • PII normalization • Ask NACUA • Coping with EU privacy compliance • Interfederation template agreement • InCommon as a focus point for interfederation in the US

More Related