Transcript Slide 1
Connect. Communicate. Collaborate Identity confederations Klaas Wierenga [email protected] Cambridge, 14 June 2006 Agenda • • • • • • Authentication & Authorisation Federations Drivers for (identity) federations Key developments Challenges Summary Connect. Communicate. Collaborate Authentication Connect. Communicate. Collaborate No Dutch passport => no Worldcup for Holland for Salomon Kalou Authorisation Connect. Communicate. Collaborate • Authentication is (unfortunately) not enough... Federations Connect. Communicate. Collaborate Trust Organisation A Organisation B Identity Provider Resource Provider User Resource Federations are about sharing resources across organisational borders Drivers for (identity) federations Connect. Communicate. Collaborate Organisational • Users are becoming increasingly mobile – Bologna process, ECTS – E-learning for everyone • Research is getting to “large” to do alone – Collaboration is common, projects cross organisational borders – Grids • Self serving interfaces, changes in workflow inside university – Employees and students get tasks from administration – Cutting cost Technical • Higher need for security without stopping people from studying or doing resarch • Two-sided communication gets replaced by multidimensional web services, SOA • Centralising applications in order to individualise services – Personalisation gets more important Political and societal • Government AAI (and commercial IdPs) – Interconnections Federations are happening • Connect. Communicate. Collaborate Applications outsourcing their users – To the home institution of the user – To a single place at the home institution • HAKA Academic identity federations are operational – Real services used everyday by large amount of users – Research and educational applications are federated • • Federation software available in the marketplace Infocard – Making "identity" tangible to users • Convergence is there DK-AAI – With SAML as lingua franca JISC federation Organisational Challenges Connect. Communicate. Collaborate • Local identity management • Provisioning – must be understood both on campus and in applications • Managing roles and attributes • Scalability problems (many sources of authority) Technical Challenges (1) Connect. Communicate. Collaborate • Horizontal integration – Government federations – Commercial federations (Liberty Alliance, WS-* based) – Across national boundaries (confederations) • Vertical integration – Web SSO, eduroam, grids – Lightpath provisioning (GLIF), measurement and monitoring (PerfSonar) – E-mail, IM, SIP, SSH Technical Challenges (2) Connect. Communicate. Collaborate • External IdP’s – Different levels of authentication – Different levels of authorisation • From authentication to authorisation – Do those enterprise directories really contain authoritative authorisation information? • Security constraints – Policy and technology • N-tier problems – Where are the attributes? Connect. Communicate. Collaborate Political and Societal challenges • Privacy – Locally – Within federations – Across Europe – World-wide • Interconnection policies – building federations – bridging federations • Integration of enterprise and federated identity with personal identity • Agreement on consistent approaches to authentication Summary • Educational federations are happening • Convergence to (small number of) standards – SAML • Federations are moving up into the stack • But campus issues remain a concern • International confederations are emerging – eduroam – Grids – Géant2 AAI (eduGAIN) Connect. Communicate. Collaborate Thanks to: • • • • • • Ken Klingenstein (Internet2) Diego Lopez (RedIRIS) Ingrid Melve (UNINETT) Bob RL Morgan (Internet2) Milan Sova (CESNET) Torbjorn Wiberg (Umea University) Connect. Communicate. Collaborate