A presentation for the Shared Services for Post-Secondaries session at the 2014 Cyber Summit by Wendy Petersen, Program Manager, Canadian Access Federation, at CANARIE.
Injustice - Developers Among Us (SciFiDevCon 2024)
Shared IT Solutions: The Secret Sauce for Research Collaboration
1. Shared IT Solutions: The Secret
Sauce for Research Collaboration
CYBERSUMMIT
SEPTEMBER 24, 2014
WENDY PETERSEN
PROGRAM MANAGER,
CANADIAN ACCESS FEDERATION (CAF)
2.
3. Research Collaborations at Scale
BigBrain
340 Researchers
20 Teams
8000 Citizen scientists
180 Countries
17 Countries
LIGO
50 Institutions
1000 Researchers
4. Collaboration Challenges
• Need secure, scalable authentication and authorization solution
• Data accuracy
• Users want SSO
7. Making CAF Work for Your Researchers
7
1. Get ready for CAF
2. Join CAF
3. Create an IdP server, connect it to internal IDM
system
4. Release user attributes
8. Personal Data in Exchange for Online Services
Personal data: contains information relating to an
identified or identifiable natural person (e.g. name, email,
affiliation)
— Used to grant or deny access to an online service
— “Who you are” is not as important as “what you are entitled
to”
— “Attribute” is a piece of personal data (e.g. first name)
9. Why Release User Attributes?
Line at which releasing
more attributes no longer
increases service value!
Attributes released
10. Preparing for CAF
ü Executive sponsorship
ü Reliable IDM interface
ü Privacy policy
ü User attribute release
policy and approval
process
ü Resources available
12. Set-up an IdP Server
Your IDM
Environment
CAF
IdP Server
• Install and configure Shibboleth IdP software
(Use IdP Installer tool from CANARIE)
13. IdP Installer Tool
Features
— Choose to connect to eduroam, Federated SSO or
both
— Questionnaire at the beginning of the installation
— Create new configuration or import existing
configuration
Benefits
• Faster IdP server setup
• Hides technical complexity
14. Challenge for Research Collaboration Teams
ü User authenticated
X No attributes sent
X No attributes = no access
Now what?? Who do I call?
Result: add user directly to research platform
15. Making CAF Work for Researchers
— Release user attributes
¡ Pre-approve a minimum attribute set for all services
¡ Attribute release policy per service category
¡ Attribute release approval process
¡ Communicate to researchers