MAKING FEDERATIONS WORK EFFECTIVELY TOGETHERA SHORT HISTORY OF REFEDSNicole Harris, REFEDS Coordinator number 2FAM12, 6th ...
IN THE BEGINNING…                    2
IN THE BEGINNING…                    3
FEDERATION LANDSCAPE5498 entities registered within 34 federations                                                        ...
HOW WOULD I SUMMARISE OUR EXPERIENCE?                                        5
OTHER PROBLEMS?                  6
HOW WE LEARNED TO STOP (TALKING) AND           LOVE THE BOMB                                       7
REFEDS EPIPHANY, 2010• If we want stuff to happen, we need:    • Money;    • Workpackages;    • Decision Makers;    • Mini...
IS IT REALLY WORKING?                        9
REFEDS AS A VO                 10
BEING AN SP ADMINISTRATORhttps://tnc2012.terena.org/core/presentation/106                                                 ...
TERENA AS A SERVICE PROVIDER                               12
SORRY        13
WHAT DOES REFEDS DO?REF1: Raising the Profile of REFEDS.REF2: Barriers to Effective Federation Use.REF3: Boundary Solution...
BARRIERS – FEDERATION POLICIES                                                                                            ...
Wouldn’t it be great if these were standardised and                    simplified?                                        ...
REFEDS POLICY REVIEW• Painstakingly taking apart every clause in every  federation policy.• Mapping these to generic conte...
DISCOVERY PROJECT                    18
DISCOVERY PROJECT                    19
PEER (1)Federations have a variety of roles relating to themanagement of metadata:• Metadata Registrar;• Metadata Aggregat...
UK FEDERATION METADATA AGGREGATIONhttp://iay.org.uk/blog/2012/08/uk-federation-metadata-aggregation                       ...
PEER (2)• A metadata registry – a bucket;• Can be used as a registry for an individual federation;• Can be used as a regis...
PEER (3)           23
PEER TO REEP• REEP will be a service instance of PEER run for research  and education federations and their entities.• Pil...
REEP or eduGAIN?• REEP is just a metadata registry – still relies on other  parties to publish the metadata.• Main benefit...
The Message? Don’t Sue Unicorns                                  26
Questions?http://access.jiscinvolve.org/wp/you-cant-sue-                    unicorns/                                     ...
Upcoming SlideShare
Loading in …5
×

Making federations work together more effectively - Nicole Harris, JISC Advance

647 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
647
On SlideShare
0
From Embeds
0
Number of Embeds
49
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Making federations work together more effectively - Nicole Harris, JISC Advance

  1. 1. MAKING FEDERATIONS WORK EFFECTIVELY TOGETHERA SHORT HISTORY OF REFEDSNicole Harris, REFEDS Coordinator number 2FAM12, 6th November 2012 1
  2. 2. IN THE BEGINNING… 2
  3. 3. IN THE BEGINNING… 3
  4. 4. FEDERATION LANDSCAPE5498 entities registered within 34 federations 4
  5. 5. HOW WOULD I SUMMARISE OUR EXPERIENCE? 5
  6. 6. OTHER PROBLEMS? 6
  7. 7. HOW WE LEARNED TO STOP (TALKING) AND LOVE THE BOMB 7
  8. 8. REFEDS EPIPHANY, 2010• If we want stuff to happen, we need: • Money; • Workpackages; • Decision Makers; • Minions; • Focus.• From 2010, REFEDS has been funded by several NRENS / FEDERATIONS to help carry work forward.• Has established a steering committee, plans, reporting.• Is helping to make change happen. 8
  9. 9. IS IT REALLY WORKING? 9
  10. 10. REFEDS AS A VO 10
  11. 11. BEING AN SP ADMINISTRATORhttps://tnc2012.terena.org/core/presentation/106 11
  12. 12. TERENA AS A SERVICE PROVIDER 12
  13. 13. SORRY 13
  14. 14. WHAT DOES REFEDS DO?REF1: Raising the Profile of REFEDS.REF2: Barriers to Effective Federation Use.REF3: Boundary Solutions.REF4: Federation Harmonisation.REF5: Interfederation.REF6: Identity Assurance. 14
  15. 15. BARRIERS – FEDERATION POLICIES F ED TERMO DE COMPROMISSO PARA ADESÃO À FEDERAÇÃO CAFe ERA T IO T he N RU L A Pelo presente, a organização identificada neste Termo, ora denominada PARTICIPANTE, fr am u st r al e ia t r u st w o r k an n A cc e ES adere a este documento e assume a responsabilidade pela utilização dos serviços e ss F w it h d el ect d su p p ed e r at disponibilizados pela Comunidade Acadêmica Federada, doravante denominada in an r on o in st d b ic co r t in fr as io n p r simplesmente CAFe, ciente da “Política de Uso da Federação CAFe: provedores de it u t t r u ct o vi d e io n s et w een m m u n sa serviço”, e da “Política de Uso da Federação CAFe: provedores de identidade”, in A u ic at u io n r e t o fa T h is u st r n iv er si conforme adiante descrito. d o cu al ia t ies s an d ci to b co ll li t at e e m m en t o an d o ve an d r ab ser vi et u t li r se as e se ar ch o r at io n PARTICIPANTE: [nome da instituição], com sede na [endereço], neste ato representada ce p b y p ar nes th . r o vi t ic ip por [nome completo], [função], doravante denominada [sigla da instituição] T h is d er at in e r u les d o cu s. g id an d Par en t ob it y t icip m en t su p an d li gat io an t s e r se ns 24 M d es t he O presente Termo considera que: ay 2 Fed 011 er at io n Ru le a) A Federação CAFe é composta por um conjunto de instituições que, sobre uma s fo r infraestrutura de autenticação e autorização multidomínios, estabelece uma rede de confiança que simplifica o acesso a serviços federados oferecidos; b) A RNP tem como atribuição o gerenciamento dos processos de disponibilidade, confiabilidade e melhoria continua do Serviço da CAFe, além de apoiar a homologação visando a adesão de novos Provedores de Identidade e Provedores de Serviço na federação CAFe, bem como o suporte a atualizações e melhorias contínuas; c) a RNP e a PARTICIPANTE têm interesse comum na manutenção e desenvolvimento da Federação CAFe com o objetivo de simplificar o processo de Autenticação e Autorização entres as instituições participantes; d) a PARTICIPANTE tem interesse em integrar a Federação CAFe como Provedor de [Identidade ou Serviço], para benefício da comunidade de educação, pesquisa e RedIRIS Identity Service Conditions of Use for Identity Providers cultura. Para tanto, a PARTICIPANTE dá ciência e se compromete ao que se segue: RedIRIS Identity Service ©A Conditions of Use for Identity Providers ustr alian Acces 1 - DO OBJETO Version 1.0 – 20080220 s Fe dera tion Inc. 1.1 – O presente Termo tem por objeto estabelecer as diretrizes de participação, a serem realizadas com o apoio recíproco, na CAFe; ___________________________________________________________________, as applicant for 1 the identity transfer services provided by the RedIRIS Identity Service (SIR), to be used by the identity provider identified by its URL, unique ID, and public key included at the end of this document (referred in the rest of this document as “the Applicant”) declares that: 1. Knows and accepts the rules, procedures and technical requirements for the connection of their identity management system with the RedIRIS Identity Service, as specified at http://www.rediris.es/sir/. Applicants accept the appropriate changes that may take place, and that shall be communicated with sufficient time through the service website, and directly to theUK Access Management Federation for RedIRIS Official Liaisons (“Personas de Enlace con RedIRIS”, referred as “PERs” in the rest of this document) of the corresponding affiliated institution. Education and Research 2. Knows that breaking these conditions can imply the discontinuation of the service. 3. Declares that data included in this document are accurate, apart error or omission in good faith. Rules of Membership 4. Commits to permanently update the information included in this document, informing the PERs of any change that takes place. 5. Assumes that RedIRIS, in all procedures related to service provision, will act according to the data provided in this document. 6. Knows and accepts that any falsity or error in the data included in this document can be 1st August 2011 cause of the discontinuation of the service. 7. Knows and accepts that once the service is active it can be revoked in case of violation of the requirements. 8. Knows and assumes that the service can be revoked in case of serious technical negligence. 9. Declares that, according to their best knowledge, the connection of the identity provider identified below with the RedIRIS Identity Service does not harm the rights of any third party. 10. Knows and accepts that the service is provided by RedIRIS in non-commercial terms for its users in the research and academic community, and that RedIRIS shall not be held liable for any damage caused, directly or indirectly, by the usage of the service. 11. Knows and assumes that RedIRIS will perform personal data processing according to Ley Orgánica 15/1999 on Personal Data Protection and the regulations developing it. 12. Knows and assumes that the rights to access and rectification can be exercised according to the above mentioned regulations. The rights to cancellation and opposition can only be exercised after the discontinuation of the service, since personal data processing by Red.es is required for the use of the RedIRIS Identity Service. Version 2.1 15 ST/AAI/UKF/DOC/001 1/2
  16. 16. Wouldn’t it be great if these were standardised and simplified? 16
  17. 17. REFEDS POLICY REVIEW• Painstakingly taking apart every clause in every federation policy.• Mapping these to generic content ‘blocks’ and ‘elements’ within each block.• Making recommendations about structure and unnecessary language.• NOT a legal review.• Working with GEANT on a lite version of a policy template. 17
  18. 18. DISCOVERY PROJECT 18
  19. 19. DISCOVERY PROJECT 19
  20. 20. PEER (1)Federations have a variety of roles relating to themanagement of metadata:• Metadata Registrar;• Metadata Aggregator;• Metadata Publisher.As well as fulfilling other roles:• Technical support;• Auditor / Vetting;• Infrastructure. Etc. 20
  21. 21. UK FEDERATION METADATA AGGREGATIONhttp://iay.org.uk/blog/2012/08/uk-federation-metadata-aggregation 21
  22. 22. PEER (2)• A metadata registry – a bucket;• Can be used as a registry for an individual federation;• Can be used as a registry for multiple federations;• Sps only have to register and maintain in 1 place;• Federations can still accept members, but fetch metadata from another place;• Federations can parse, enhance, mangle metadata as they wish once fetched. 22
  23. 23. PEER (3) 23
  24. 24. PEER TO REEP• REEP will be a service instance of PEER run for research and education federations and their entities.• Pilot for 2012 / 13.• Proof of concept to see if federations and entities can cope with this work flow.• Follow REFEDS or your federation for more information. 24
  25. 25. REEP or eduGAIN?• REEP is just a metadata registry – still relies on other parties to publish the metadata.• Main benefit for SPs in multiple federations at the moment.• Not full interfederation, but a lightweight improvement on current situation.• Doesn’t address policy. 25
  26. 26. The Message? Don’t Sue Unicorns 26
  27. 27. Questions?http://access.jiscinvolve.org/wp/you-cant-sue- unicorns/ 27

×