The challenges of (non-)openness:

Similar documents
GÉANT Community Programme

Sustainability in Federated Identity Services - Global and Local

AARC. Christos Kanellopoulos AARC Architecture WP Leader GRNET. Authentication and Authorisation for Research and Collaboration

EGI Check-in service. Secure and user-friendly federated authentication and authorisation

GÉANT Services Supporting International Networking and Collaboration

WP3: Policy and Best Practice Harmonisation

AARC Overview. Licia Florio, David Groep. 21 Jan presented by David Groep, Nikhef.

WP JRA1: Architectures for an integrated and interoperable AAI

Advancing European R&E through collaboration

AARC Blueprint Architecture

GÉANT Mission and Services

GN3plus External Advisory Committee. White Paper on the Structure of GÉANT Research & Development

Can R&E federations trust Research Infrastructures? - The Snctfi Trust Framework

Identity Harmonisation. Nicole Harris REFEDS Coordinator GÉANT.

Scalable Negotiator for a Community Trust Framework in Federated Infrastructures (Snctfi)

TRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model

EUDAT and Cloud Services

e-infrastructure for Research and Education in Georgia

Federated Authentication for E-Infrastructures

Pilots to support guest users solutions

User Community Driven Development in Trust and Identity Services

Federated Identities and Services: the CHAIN-REDS vision

Does Research ICT KALRO? Transforming education using ICT

Deliverable DJRA1.1. Use-Cases for Interoperable Cross- Infrastructure AAI

AAI in EGI Current status

Trust and Identity Services an introduction

2. HDF AAI Meeting -- Demo Slides

Striving for efficiency

eidas cross-sector interoperability

RCauth.eu / MasterPortal update

education federation CUC 2005, Dubrovnik High-quality Internet for higher education and research

Deliverable D3.5 Harmonised e-authentication architecture in collaboration with STORK platform (M40) ATTPS. Achieving The Trust Paradigm Shift

Greek e-infrastructures Short report

Options for Joining edugain. Lukas Hämmerle, SWITCH DARIAH Workshop, Köln 18 October 2013

Sirtfi for Security Incidents in a Federated Context. Tom Barton, UChicago & Internet2

Open Science Commons: A Participatory Model for the Open Science Cloud

e-infrastructures in FP7 INFO DAY - Paris

GÉANT: Supporting R&E Collaboration

Policy and Best Practice Harmonisation ( NA3 ) from the present to the future

The EUDAT Collaborative Data Infrastructure

Federated authentication for e-infrastructures

The EGI AAI CheckIn Service

EUDAT. Towards a pan-european Collaborative Data Infrastructure

EU Liaison Update. General Assembly. Matthew Scott & Edit Herczog. Reference : GA(18)021. Trondheim. 14 June 2018

ilight/gigapop eduroam Discussion Campus Network Engineering

DARIAH Update. 9th FIM4R Workshop. Vienna, Novemer 30, Peter Gietz, DAASI International GmbH.

SLCS and VASH Service Interoperability of Shibboleth and glite

Enabling BigData Workflows in Earth Observation Science

Scottish Wide Area Network (SWAN) update & Partnership Connectivity

IaaS Framework Agreements Pan-European Cloud Services ready for adoption

EUDAT - Open Data Services for Research

Trusted National Identity Schemes. Coralie MESNARD

GARR services for the biomedical community a NETWORK AND SERVICES FOR THE BIOMEDICAL COMMUNITY

Deliverable D9.3 Best Practice for User-Centric Federated Identity

Developing a social science data platform. Ron Dekker Director CESSDA

ASTRONOMY & PARTICLE PHYSICS CLUSTER

The EUReID Observatory. Brussels 2009_09_29

Sri Lanka THE JOURNEY OF TOWARDS A CREATIVE KNOWLEDGE BASED ECONOMY

DARIAH-AAI. DASISH AAI Meeting. Nijmegen, March 9th,

Extending Services with Federated Identity Management

Research Infrastructures for All You could be Next! e-infrastructures - WP

Guidelines on non-browser access

The National Research and Education Network. Problems and Solutions

EUMEDCONNECT3 and European R&E Developments

Progress towards the EOSC

Recommendations on the grouping of entities and their deployment mechanisms in scalable policy negotiation

Intro to Federated Iden2ty with eduroam and edugain

GN2 JRA5: Roaming and Authorisation

JSC THE JUSTICE & SAFETY CENTER. Snapshot 2014

Oman Research & Education Network (OMREN)

OneUConn IT Service Delivery Vision

Federated Services and Data Management in PRACE

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

Helix Nebula The Science Cloud

CompTIA CASP (Advanced Security Practitioner)

EUDAT- Towards a Global Collaborative Data Infrastructure

JRA5: Roaming and Authorisation

GÉANT and other projects Update

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014

Deliverable DSA1.4: Pilots to improve access to R&E-relevant resources

The SEEREN Initiative

Big Data Value cppp Big Data Value Association Big Data Value ecosystem

Towards an integrated regulation platform in Luxembourg. Information Security Education Day th of april

Accelerating Cloud Adoption

Prof. Christos Xenakis

Prof. Christos Xenakis

EUDAT & SeaDataCloud

Introduction to eduroam

GÉANT Network Evolution

globus online Globus Nexus Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory

Interconnected NRENs in Europe & GÉANT: Mission & Governance Issues

IT Town Hall Meeting

Géant-TrustBroker Dynamic inter-federation identity management

TERENA, the NRENs, GÉANT & promoting Campus Best Practice

Federated Identity Management for Research Collaborations. Bob Jones IT dept CERN 29 October 2013

Network Disaggregation

e-infrastructure: objectives and strategy in FP7

eduroam Managed IdP Product Presentation

Project Title: INFRASTRUCTURE AND INTEGRATED TOOLS FOR PERSONALIZED LEARNING OF READING SKILL

EGI federated e-infrastructure, a building block for the Open Science Commons

Transcription:

The challenges of (non-)openness: Trust and Identity in Research and Education. DEI 2018, Zagreb, April 2018 Ann Harding, SWITCH/GEANT @hardingar

Who am I? Why am I here? Medieval History, Computer Science Sociology Activity Leader, Trust & Identity Development GÉANT Ann Harding, SWITCH @hardingar

About GÉANT GÉANT Association supports and represents over 40 NRENs across Europe. Together they support over 10,000 institutions and 50 million academic users.

Trust, Identity & Security Supporting users and enabling secure access to services eduroam - secure global roaming access service 250+ million authentications per month in 89 territories edugain - interconnects identity federations around the world, simplifying access to content, services and resources ~ 3500 identity providers accessing services AARC project collaborating with e-infrastructures, research collaborations, libraries & federations to share policies, architectures, training materials & pilots that avoid re-inventing the authentication & authorisation wheel REFEDs supporting identity federations worldwide Trusted Introducer services for security and incident response teams Certificate Service delivering cost-effective digital certificates. In partnership with

Enlightened self interest

AAI as seen from Realising the European Open Science Cloud Build on existing capacity and expertise where possible. The major technical challenge is the complexity of the data and analytics procedures across disciplines rather than the size of the data per se. Generic protocols ICT standards of e-infrastructure communities. Combine single sign-on issues with the connection of social and professional people oriented web applications resulting in a federated identity and credentials for all people in the EOSC

edugain - existing capacity for EOSC Enabling secure Single Sign On services to global research and educational resources Federated identities enable users to access a wide range of services using a single account sign-on managed by their 'home' institution Improves access Improves security Reduces management overhead and costs. April 2018: 50 Federations active 5 Federations with voting rights in process of joining 4572 entities

edugain building on existing capacity 8

edugain - an open ecosystem of existing resources Federations, both national and community Home organisations ranging from schools to specialist research organisations and even some public/private initiatives Service providers ranging from for-profit journals, open source e-learning platforms, parking & expenses management systems, commercial clouds, research community services Common link to serve research and education

Open does not mean the same for everyone Yet everyone has to care about data access policies Social Sciences, Arts and Humanities Life Sciences High-Energy Physics and Astronomy Earth Sciences and Observations How do we build an infrastructure open for everyone s needs?

Openness leads to Complexity More Machines (Moore s Law) e-infrastructure HTC Big Compute Big Data Technology Crowd Intelligence Digital Research Big Data Acquisition Crowd Sourcing Crowd Funding, open Innovation Collaborative Design Society Conventional Computing Social Networks Science 2.0 More People (Scholars, citizens)

Complexity of requirements generic infrastructure 600 edugain Services 2016 and Services 2018 500 400 300 200 Services 2016 Services 2018 100 0 Campus Infrastructure Library & Journals Teaching & Learning Cloud Service Collaboration Platform Research Service Other Uncategorised Complexity

Complexity - Science DMZ vs Campus Enterprise Network Design Pattern Design pattern 1: Protect your elephant flows Design pattern 2: Unclog your data taps Design pattern 3: Build a well tuned end to end infrastructure Trust and Identity Design Pattern Design pattern 1: Enable your collaboration flows Design pattern 2: Unclog your policy taps Design pattern 3: Build a well trusted end to end infrastructure (Network Design Pattern - https://reannz.co.nz/news/inder-monga-eresearch-nz-established-and-emerging-design-patterns/)

Science DMZ, the Trust and Identity View Design pattern 1: Enable your collaboration flows Export IdPs to edugain Export eresearch SPs to edugain Make sure you can provide human support Design pattern 2: Unclog your policy taps For hub and spoke do you need the same policies for all your users? Can you be more flexible? For full mesh do you need to leave everything to the edges? Can you use your resource registry/central tools to apply policy for e- Research more scalably? Design pattern 3: Build a well trusted end to end infrastructure Use Research and Scholarship and GÉANT Code of Conduct Entity Categories to make trust scale beyond your federation Adopt SIRTFI incident response framework to build trust

Openness Learning to speak each other s language

AARC and edugain responding to complexity edugain has helped many collaboration communities to interconnect and access / share resources. Policies, best practices and support have all been enhanced in the last 5 years. To go above the baseline of edugain, AARC is creating a common AAI framework for research and collaboration communities that should work for everyone: One blueprint architecture One set of policies One set of training resources Working with research collaborations to pilot and improve technical and policy aspects Relationship between the AARC blueprint architecture, edugain and the GÉANT network.

Generic Protocols & Standards: AARC Blueprint Architecture for Interoperability of AAIs User Identity Social egov IdP IdP IdP User Attribute Services Reputat ion Identity Access Management Proxy Token Translation Authorisation Roles End ToU Services SP SP SP SP https://aarc-project.eu/blueprint-architecture/

Infrastructure to support research - eduteams Collaboration platform to enable use of federated identity in research communities Supports AARC architecture Neutral partner for any e-infra or Research Infra inc. long tail, informal groups

The Lego Approach User Identity: eduteams Identity Hub One persistent (SAML) IdP for many Guest Identity Providers Provides Account recovery if users change main a/c Available and accessible through edugain Supports Research and Scholarship Entity Category User Attributes: eduteams Membership Management service VO specific workflows for onboarding members Accessible through edugain End Services: Discovery Service

When Privacy Meets Openness

InAcademia: Connecting outside our community InAcademia is a service being developed that simply validates to other services that the user is a student or staff member of the academic community. Helps service providers offer academic discounts online and in real time. A lightweight federated identity process with minimal attribute release (essentially a simple yes/no). Easy for Service Providers to implement. Removes need for scans of ID cards or primitive e-mail address-based 'authentication'.

Openness in Summary Open Services Open Architectures Open Policies Open to New Technologies Open to New Use Cases Open to Service Models Open to Flexibility Open to Privacy Open for Science

Thank you GEANT Limited on behalf of thegn4 Phase 2 project (GN4-2). The research leading to these results has received funding from the European Union s Horizon 2020 research and innovation programme under Grant Agreement No. 731122 (GN4-2).

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback