Next-Generation Identity Federations. Andreas Åkre Solberg

Similar documents
AARC Blueprint Architecture

Management der Virtuellen Organisation DARIAH im Rahmen von Shibboleth- basierten Föderationen. 58. DFN- Betriebstagung, Berlin, 12.3.

eidas cross-sector interoperability

Identity Harmonisation. Nicole Harris REFEDS Coordinator GÉANT.

SAML 2.0 Software comparison Andreas Åkre Solberg EuroCAMP, Athens,

Service withdrawal: Selected IBM ServicePac offerings

Deliverable D14.1 (DJ3.0.1) Report on the Achievements and Recommendations for any Future Work

DARIAH-AAI. DASISH AAI Meeting. Nijmegen, March 9th,

Attribute Release Update

Orange Liberty-enabled solution for 71 million subscribers. Aude Pichelin Orange Group Standardisation Manager

EUREKA European Network in international R&D Cooperation

The EGI AAI CheckIn Service

This document is a preview generated by EVS

Box 2: Voting Oct 2003 Belgium Bulgaria Croatia Cyprus Czech Republic Denmark Estonia Finland France Germany [2 folders]

Analysis of the Interoperability Possibilities of Implemented Governmental e-services EU15

The EUReID Observatory. Brussels 2009_09_29

Step 1: New Portal User User ID Created Using IdentityIQ (IIQ)

Preparing for High-Luminosity LHC. Bob Jones CERN Bob.Jones <at> cern.ch

Friedrich Smaxwil CEN President. CEN European Committee for Standardization

The AAF - Supporting Greener Collaboration

Euro-IX update. EIX WG Ripe 53 Amsterdam. Serge Radovcic. Euro-IX update. EIX WG RIPE53 Amsterdam. Oct 5th 2006

AARC. Christos Kanellopoulos AARC Architecture WP Leader GRNET. Authentication and Authorisation for Research and Collaboration

The challenges of (non-)openness:

Integrating Federations in the International Grid Trust Fabric

GEANT Cloud Framework Agreement

Introducing Shibboleth. Sebastian Rieger

European Standardization & Digital Transformation. Ashok GANESH Director Innovation ETICS Management Committee

Greek Research and Technology Network. Authentication & Authorization Infrastructure. Faidon Liambotis. grnet

ehaction Joint Action to Support the ehealth Network

EVA1 grip redesign allows greater production flexibility

AARC Overview. Licia Florio, David Groep. 21 Jan presented by David Groep, Nikhef.

GÉANT Community Programme

Liberty Alliance Project

EGI Check-in service. Secure and user-friendly federated authentication and authorisation

CLARIN s central infrastructure. Dieter Van Uytvanck CLARIN-PLUS Tools & Services Workshop 2 June 2016 Vienna

Unlimited UK mobile calls and unlimited UK texts Bolt On: Unlimited landlines Poland Bundle (400 minutes to mobiles & landlines) 3.

Need eduperson SCHAC. eduperson and SCHAC. sending attributes outside your organization. Victoriano Giralt

New trends in Identity Management

International Mobile Phone Top Up For Consumers & Merchants

The Future of Indoor Plumbing. Dr Ken Klingenstein Director, Internet2 Middleware and Security

EUDAT. Towards a pan-european Collaborative Data Infrastructure

Home Resources for Learning Scale, Fourth Grade

Authentication in Galaxy : let's use what is out there - (National) Identity Providers

GÉANT-TrustBroker project overview

END-OF-SALE AND END-OF-LIFE ANNOUNCEMENT FOR THE CISCO MEDIA CONVERGENCE SERVER 7845H-2400

VOICE/DATA SIMCARD USA UNLIMITED

The IECEE CB Scheme facilitates Global trade of Information Technology products.

1. Publishable Summary

Report on ISO/IEC/JTC1/SC27 Activities in Digital Identities

MANUAL VOICE/DATA SIMCARD CANADA

[ PARADIGM SCIENTIFIC SEARCH ] A POWERFUL SOLUTION for Enterprise-Wide Scientific Information Access

European Cybersecurity cppp and ECSO. org.eu

Options for Joining edugain. Lukas Hämmerle, SWITCH DARIAH Workshop, Köln 18 October 2013

EventBuilder.com. International Audio Conferencing Access Guide. This guide contains: :: International Toll-Free Access Dialing Instructions

Student Bullying Scale, Fourth Grade

CSIRT capacity building Andrea Dufkova CSIRT-relations, COD1 NLO meeting Athens June 8. European Union Agency for Network and Information Security

Collaborative Regulation in the APP Economy

MINUTES AND TEXTS CUSTOMER MOBILE BOLT-ON GUIDE JUNE 2018 BOLT-ON WILL KEEP YOU IN CONTROL OF YOUR COSTS. INTERNATIONAL NUMBERS FROM YOUR MOBILE, THIS

Trust and Identity Services an introduction

icims Browser & Version Support Policy

FeduShare Update. AuthNZ the SAML way for VOs

education federation CUC 2005, Dubrovnik High-quality Internet for higher education and research

European Nuclear Security Regulators Association

Results from the EARNEST Technical Study

Teacher Job Satisfaction Scale, Fourth Grade

Introduction of Identity & Access Management Federation. Motonori Nakamura, NII Japan

FEDERATED IDENTITY AT ARGONNE NATIONAL LABORATORY

CUSTOMER GUIDE Interoute One Bridge Outlook Plugin Meeting Invite Example Guide

Carrier Services. Intelligent telephony. for over COUNTRIES DID NUMBERS. All IP

Connect. Communicate. Collaborate. GN2 JRA5 update. Jürgen Rauschenbach (DFN), JRA5 team 04/02/08 Marseille. JRA5 Team

Canadian Access Federation: Trust Assertion Document (TAD)

Géant-TrustBroker: Dynamic, Scalable Management of SAML-Based Inter-federation Authentication and Authorization Infrastructures

edugain Policy Framework SAML Profile

Map Reconfiguration Dealer Guide

BlueJeans Administrator s Guide

Identity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014

International Roaming Critical Information Summaries JULY 2017

Convention Espace Partenaires , Ecole Militaire, Paris. ENX European Network Exchange Lennart Oly, Directeur, ENX Association

Map Reconfiguration User Guide

Extending Services with Federated Identity Management

BASIC PRICE LIST. The price of transportation is added toll in the amount of CZK 1,30 / kg and the current fuel surcharge.

ORCID UPDATE. JISC Workshop, 16 June 2017

IBM offers Software Maintenance for additional Licensed Program Products

This document is a preview generated by EVS

List of nationally authorised medicinal products

The Canadian Experience

Goal. TeraGrid. Challenges. Federated Login to TeraGrid

2010 Kerberos Conference

Michael Hübner. Co-Chair SET-Plan MS Working Group on SET-Plan Action 4- Energy Systems and Networks (SET-Plan Steering Group)

From Digital Divide to Digital Inclusion Are we REDI?

Cisco Jabber IM for iphone

GN3 PROJECT. Karel Vietsch, TERENA GN3/NA3/T4 Campuses Best Practice meeting, Trondheim, May connect communicate collaborate

Combating Pharmacrime AGENDA

ELIXIR Human Data Use Case

C-ITS Deployment in Austria & European Harmonisation Activities

Common European Submission Portal

This document is a preview generated by EVS

Cisco CallManager 4.0-PBX Interoperability: Lucent/Avaya Definity G3 MV1.3 PBX using 6608-T1 PRI NI2 with MGCP

PIRLS 2016 INTERNATIONAL RESULTS IN READING

OSCE-UNECE. Pkt 2. Pkt 3. Pkt 1. Bernhard Schrempf - KISC -

Transcription:

Next-Generation Identity Federations Andreas Åkre Solberg

Identity Federations GÉANT3 JRA3 Task 2 Solving current challenges, and exploring next generation Identity Management Systems.

3 Research Activity Research Activity Service Activity edugain Identity Federations edugain eduroam roaming eduroam

Identity Federations Participants Norway Denmark Croatia France Hungary Switzerland Sweden Finland Netherlands Chezch Republic Poland Spain Total effort: 16MY in 4 years

Today's Identity Federations Identity Provider Authorative user data Authentication and user attributes Web-based Service Provider Access control / authorization

User-Centric Identity Next generation Identity Systems puts the end user in control. How can educational Identity Federations meet this new Identity paradigm. Federation Harmonization Best-practices within several topics in Identity Federations. Increase interoperability. Beyond web-authentication Extending WebSSO to non-web clients and 'Service to Service' communcation. Federation Lab Provide a common fascility for service providers and identity providers to test interoperability and conformance, and test new ideas. Metadata distribution Virtual Org Collaborate across services, federations and countries. More distributed and independent architecture for Identity Federations Metadata.

Beyond web-authentication Extending WebSSO to non-web clients and 'Service to Service' communcation. Moonshot re-using roaming access for Web OAuth re-using websso for non-web use-cases.

Federation Lab Provide a common fascility for service providers and identity providers to test interoperability and conformance, and test new ideas. Automated saml2int Conformance test suite Checking structure of AuthNRequest Checking metadata content Checking Response Checking attribute contents No problems found Checking signature

Virtual Organizations Organization Y Organization X Collaboration project X Organization Z Today's Identity Federations perfectly supports authentication, but does not properly support the need for authorization and additional user data for Virtual Organizations.

Virtual Organizations Additional user data VO Platform Identity Provider Authorative user data Authentication and user attributes additional user attributes, VO information Service Provider Access control / authorization

Virtual Organizations Virtual Organizations Architecture WebUI Mngtmnt VO Storage SP-Centric Attribute Aggregation (server) Alternative data access APIs Information model SAML 2.0 AttributeQ + Affiliations SAML 2.0 AttributeQ frontchannel OAuth + AttributeQ LDAP VO Platform Data Access API VO Service (client)

Virtual Organizations Two proof of concept front-ends used within year 1 SWITCH GMT SimpleSAMLphp VO

GMT

GMT

Virtual Organizations Proof of concept User Interface Anyone can create a new Virtual Organization. Login and fill out the form above.

Registering new members of a Virtual Organization

Managing attributes for a user. By a VO manager. Combination of managed and prepopulated attributes.

Use-cases to be solved in 2010 CLARIN TERENA Wiki-s (REFEDS)...

Virtual Organizations WebUI Mngtmnt VO Storage Information model SP-Centric Attribute Aggregation SP-Centric Attribute Aggregation (server) Alternative data access APIs Solution to a generic problem. Re-use in multiple use-cases. SAML 2.0 AttributeQ + Affiliations SAML 2.0 AttributeQ frontchannel OAuth + AttributeQ LDAP Data Access API VO Service (client)

SP-Centric Attribute Aggregation Identity Provider Solution to a generic problem. Re-use in multiple use-cases. Service Provider Service Provider How can multiple Service Providers exchange information about a user in a privacy enhancing way?

Identity Federations GÉANT3 JRA3 Task 2 Solving current challenges, and exploring next generation Identity Management Systems. Andreas Åkre Solberg http://rnd.feide.no

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback