SlideShare a Scribd company logo

Federations on the rise

Harold Teunissen
Harold Teunissen

Readout and update on Identity Management effort from Europe for the MAGIC team at SuperComputing2014 in New Orleans.

Education
1 of 15
Download to read offline
Federations on the rise… © WALLNOY Licia Florio (GÉANT) & Harold Teunissen (SURFnet) MAGIC Workshop SC14 New Orleans, November 2014
Serving Dutch research & education MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 2
SURF as umbrella • All ICT activities for Higher Education and Research in the Netherlands are under the SURF umbrella MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 3 Scientific Computing & Big Data Commercial ICT Products & Services National Research & Education Network eScience Collaboration and Tools
Where are these Id. Federations? Source: REFEFDS map pilot production MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 4
Federation essentials • We need a working inter-federation framework • Collaboration does not have boundaries MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 5
Federations work but… CHALLENGES STILL AHEAD MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 6 ATTRIBUTE AGGREGATION CREDENTIAL TRANSLATION LEVELS OF ASSURANCE BRIDGING COMMUNITIES USER FRIENDLINESS ATTRIBUTE RELEASE HOMELESS USERS NON-WEB-BROWSER
Developments in EU and beyond • EU work on two tiers: - National basis, led by the NRENs - EU scale as part of the GEANT project, mostly the identity and Trust research work and services • Global scale: - REFEDS MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 7
GEANT InAcademia • To create a simple service to validate the affiliation of a user (i.e. is this a student?) • Use-cases for this: - Web shops discounts - “Free” access to some cloud services (i.e. Office 365, Apple, etc) - Validate affiliation on relevant social platforms • Pilot service expected by end of 2014, early 2015 MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 8
InAcademia Rationale eduPersonAffiliationattribute • The attribute within a federated login can be used to validate membership of the academic community, however: - Joining a federation is a problem (policies and contracts) - Implementing SAML and doing federation is though - Inter-federation is even harder - Up front cost, but no customers • So, a lot of work, while the service only needs the Affiliation — pretty low risk in the privacy spectrum MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 9
InAcademia — Workflow • Service gets attributes directly from user (self asserted or social) • Service queries a single “centralised” service — InAcademia Simple Validation Service to confirm affiliation • A well understood protocol can be used to query InAcademia • Policy barrier for using InAcademia is low • The user “proves” his affiliation at InAcademia which is under control of the existing federations and NRENs • InAcademia is connected to eduGAIN • Authentication at home Identity Provider delivers requested affiliation • InAcademia interprets the affiliation and answers the requesting service, but never directly delivers attribute values! • User gets discount and service pays a small transaction fee MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 10
InAcademia - Benefits • For Identity Providers - SAML based, connected via eduGAIN - Two profiles that have minimal ‘low risk’ attribute requirements - No personal data stored at central service - One connection with many services that are of high value to users, but low effort for IdPs • For Services - OpenID Connect interface towards service, no SAML required - No need to deal with (inter) federation - Simplified policy, compatible with eduGAIN CoCo - Little upfront cost, only pay small amount when transaction is made - One connection with many trusted Identity Providers MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 11
REFEDS • REFEDS = Research and Education FEDERATIONS - To that articulates the mutual needs of research and education identity federations worldwide - To offer best practices for R&E federations to ease inter-federation - Supported by GEANT Association (formerly Terena) - Open to anybody with an interest in using federated credentials MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 12 https://refeds.org
REFEDS — Entity Categories • Aim: to group federation entities that share common criteria - To ease the attribute release problems - IdPs would release the same set of attributes to all SPs that are in a category instead than negotiating with each of them individually • Two categories approved: - Hide from Discovery - Research and Scholarship MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 13 https://wiki.refeds.org/display/ENT/Entity-Categories+Home
REFEDS — SIRTFI • A Security Incident Response Trust Framework for Federated Identity — SIR-T-FI • To define a process for expressing security incident handling requirements as an assurance profile for federations. • Not strictly a REFEDS work, yet… • A lot of interest in this area MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 14 https://wiki.refeds.org/display/GROUPS/SIRTFI
harold.teunissen@surfnet.nl haroldteunissen

Recommended

Open access and beyond
Open access and beyondOpen access and beyond
Open access and beyondHarold Teunissen
 
Open Access and Beyond: An update from the field
Open Access and Beyond: An update from the fieldOpen Access and Beyond: An update from the field
Open Access and Beyond: An update from the fieldCybera Inc.
 
Using sdn to secure the campus - Networkshop44
Using sdn to secure the campus - Networkshop44Using sdn to secure the campus - Networkshop44
Using sdn to secure the campus - Networkshop44Jisc
 
DAPSI - Open Call #2 - Webinar #1
DAPSI - Open Call #2 - Webinar #1DAPSI - Open Call #2 - Webinar #1
DAPSI - Open Call #2 - Webinar #1Data Portability and Services Incubator
 
Connected Healthcare
Connected HealthcareConnected Healthcare
Connected HealthcareAlcatel-Lucent Enterprise
 
Jef Verelst - Smals Open to a shift - Infosecurity.be
Jef Verelst - Smals Open to a shift - Infosecurity.beJef Verelst - Smals Open to a shift - Infosecurity.be
Jef Verelst - Smals Open to a shift - Infosecurity.beSmals
 
Extreme networks - Better Connections. Better Experiences. For Everyone.
Extreme networks - Better Connections. Better Experiences. For Everyone.Extreme networks - Better Connections. Better Experiences. For Everyone.
Extreme networks - Better Connections. Better Experiences. For Everyone.Aruj Thirawat
 
Extreme Networks IdentiFi
Extreme Networks IdentiFiExtreme Networks IdentiFi
Extreme Networks IdentiFiEnterpriseSystemsGroup
 

Recommended

Open access and beyond
Open access and beyondOpen access and beyond
Open access and beyondHarold Teunissen
 
Open Access and Beyond: An update from the field
Open Access and Beyond: An update from the fieldOpen Access and Beyond: An update from the field
Open Access and Beyond: An update from the fieldCybera Inc.
 
Using sdn to secure the campus - Networkshop44
Using sdn to secure the campus - Networkshop44Using sdn to secure the campus - Networkshop44
Using sdn to secure the campus - Networkshop44Jisc
 
DAPSI - Open Call #2 - Webinar #1
DAPSI - Open Call #2 - Webinar #1DAPSI - Open Call #2 - Webinar #1
DAPSI - Open Call #2 - Webinar #1Data Portability and Services Incubator
 
Connected Healthcare
Connected HealthcareConnected Healthcare
Connected HealthcareAlcatel-Lucent Enterprise
 
Jef Verelst - Smals Open to a shift - Infosecurity.be
Jef Verelst - Smals Open to a shift - Infosecurity.beJef Verelst - Smals Open to a shift - Infosecurity.be
Jef Verelst - Smals Open to a shift - Infosecurity.beSmals
 
Extreme networks - Better Connections. Better Experiences. For Everyone.
Extreme networks - Better Connections. Better Experiences. For Everyone.Extreme networks - Better Connections. Better Experiences. For Everyone.
Extreme networks - Better Connections. Better Experiences. For Everyone.Aruj Thirawat
 
Extreme Networks IdentiFi
Extreme Networks IdentiFiExtreme Networks IdentiFi
Extreme Networks IdentiFiEnterpriseSystemsGroup
 
The WebRTC Continuum - The Next Wave
The WebRTC Continuum - The Next WaveThe WebRTC Continuum - The Next Wave
The WebRTC Continuum - The Next WaveWebRTCConferenceJapan
 
Going Global with Itoc and AWS
Going Global with Itoc and AWS Going Global with Itoc and AWS
Going Global with Itoc and AWS Mark Promnitz
 
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...Lucas Jellema
 
Software defined networking - huawei - Networkshop44
Software defined networking - huawei - Networkshop44Software defined networking - huawei - Networkshop44
Software defined networking - huawei - Networkshop44Jisc
 
Final Presentation E Busines
Final Presentation E BusinesFinal Presentation E Busines
Final Presentation E BusinesDavid van der Loo
 
Optimizing the DITA Authoring Experience
Optimizing the DITA Authoring ExperienceOptimizing the DITA Authoring Experience
Optimizing the DITA Authoring Experiencedclsocialmedia
 
Anticipating Lightweight DITA
Anticipating Lightweight DITAAnticipating Lightweight DITA
Anticipating Lightweight DITAdclsocialmedia
 
Unified Access from Application Chaos to Application Fluency
Unified Access from Application Chaos to Application FluencyUnified Access from Application Chaos to Application Fluency
Unified Access from Application Chaos to Application FluencyAlcatel-Lucent Enterprise
 
The State of SDN, SDDC & Cloud
The State of SDN, SDDC & CloudThe State of SDN, SDDC & Cloud
The State of SDN, SDDC & CloudTufin
 
Exhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiExhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiJisc
 
Extreme Networks SDN Innovation Challenge
Extreme Networks SDN Innovation ChallengeExtreme Networks SDN Innovation Challenge
Extreme Networks SDN Innovation ChallengeUS-Ignite
 
NISO-STM RA21 Project Update
NISO-STM RA21 Project UpdateNISO-STM RA21 Project Update
NISO-STM RA21 Project UpdateTACNISO
 
eduTEAMS
eduTEAMSeduTEAMS
eduTEAMSJisc
 
Grand Challenges Learning Analytics
Grand Challenges Learning AnalyticsGrand Challenges Learning Analytics
Grand Challenges Learning Analyticsamberg
 
xAPI Live - The State of Standardization
xAPI Live - The State of StandardizationxAPI Live - The State of Standardization
xAPI Live - The State of StandardizationRISC Inc
 
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...Jari Salo
 
CloudExpo NY 2014: Moving Mission Critical Applications to the Cloud
CloudExpo NY 2014: Moving Mission Critical Applications to the CloudCloudExpo NY 2014: Moving Mission Critical Applications to the Cloud
CloudExpo NY 2014: Moving Mission Critical Applications to the CloudKacy Clarke
 
Reifier
ReifierReifier
ReifierSonal Goyal
 
Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...Velrada
 
Acode innovation leadership
Acode innovation leadershipAcode innovation leadership
Acode innovation leadershipJames Sankar
 
Fluxology Alliance
Fluxology AllianceFluxology Alliance
Fluxology AlliancePaul Peters
 
Building Successful API Programs in Higher Education
Building Successful API Programs in Higher EducationBuilding Successful API Programs in Higher Education
Building Successful API Programs in Higher Education3scale
 

More Related Content

What's hot

The WebRTC Continuum - The Next Wave
The WebRTC Continuum - The Next WaveThe WebRTC Continuum - The Next Wave
The WebRTC Continuum - The Next WaveWebRTCConferenceJapan
 
Going Global with Itoc and AWS
Going Global with Itoc and AWS Going Global with Itoc and AWS
Going Global with Itoc and AWS Mark Promnitz
 
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...Lucas Jellema
 
Software defined networking - huawei - Networkshop44
Software defined networking - huawei - Networkshop44Software defined networking - huawei - Networkshop44
Software defined networking - huawei - Networkshop44Jisc
 
Final Presentation E Busines
Final Presentation E BusinesFinal Presentation E Busines
Final Presentation E BusinesDavid van der Loo
 
Optimizing the DITA Authoring Experience
Optimizing the DITA Authoring ExperienceOptimizing the DITA Authoring Experience
Optimizing the DITA Authoring Experiencedclsocialmedia
 
Anticipating Lightweight DITA
Anticipating Lightweight DITAAnticipating Lightweight DITA
Anticipating Lightweight DITAdclsocialmedia
 
Unified Access from Application Chaos to Application Fluency
Unified Access from Application Chaos to Application FluencyUnified Access from Application Chaos to Application Fluency
Unified Access from Application Chaos to Application FluencyAlcatel-Lucent Enterprise
 
The State of SDN, SDDC & Cloud
The State of SDN, SDDC & CloudThe State of SDN, SDDC & Cloud
The State of SDN, SDDC & CloudTufin
 
Exhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiExhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiJisc
 
Extreme Networks SDN Innovation Challenge
Extreme Networks SDN Innovation ChallengeExtreme Networks SDN Innovation Challenge
Extreme Networks SDN Innovation ChallengeUS-Ignite
 

What's hot (11)

The WebRTC Continuum - The Next Wave
The WebRTC Continuum - The Next WaveThe WebRTC Continuum - The Next Wave
The WebRTC Continuum - The Next Wave
 
Going Global with Itoc and AWS
Going Global with Itoc and AWS Going Global with Itoc and AWS
Going Global with Itoc and AWS
 
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...
 
Software defined networking - huawei - Networkshop44
Software defined networking - huawei - Networkshop44Software defined networking - huawei - Networkshop44
Software defined networking - huawei - Networkshop44
 
Final Presentation E Busines
Final Presentation E BusinesFinal Presentation E Busines
Final Presentation E Busines
 
Optimizing the DITA Authoring Experience
Optimizing the DITA Authoring ExperienceOptimizing the DITA Authoring Experience
Optimizing the DITA Authoring Experience
 
Anticipating Lightweight DITA
Anticipating Lightweight DITAAnticipating Lightweight DITA
Anticipating Lightweight DITA
 
Unified Access from Application Chaos to Application Fluency
Unified Access from Application Chaos to Application FluencyUnified Access from Application Chaos to Application Fluency
Unified Access from Application Chaos to Application Fluency
 
The State of SDN, SDDC & Cloud
The State of SDN, SDDC & CloudThe State of SDN, SDDC & Cloud
The State of SDN, SDDC & Cloud
 
Exhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiExhibitor session: Cisco Meraki
Exhibitor session: Cisco Meraki
 
Extreme Networks SDN Innovation Challenge
Extreme Networks SDN Innovation ChallengeExtreme Networks SDN Innovation Challenge
Extreme Networks SDN Innovation Challenge
 

Similar to Federations on the rise

NISO-STM RA21 Project Update
NISO-STM RA21 Project UpdateNISO-STM RA21 Project Update
NISO-STM RA21 Project UpdateTACNISO
 
eduTEAMS
eduTEAMSeduTEAMS
eduTEAMSJisc
 
Grand Challenges Learning Analytics
Grand Challenges Learning AnalyticsGrand Challenges Learning Analytics
Grand Challenges Learning Analyticsamberg
 
xAPI Live - The State of Standardization
xAPI Live - The State of StandardizationxAPI Live - The State of Standardization
xAPI Live - The State of StandardizationRISC Inc
 
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...Jari Salo
 
CloudExpo NY 2014: Moving Mission Critical Applications to the Cloud
CloudExpo NY 2014: Moving Mission Critical Applications to the CloudCloudExpo NY 2014: Moving Mission Critical Applications to the Cloud
CloudExpo NY 2014: Moving Mission Critical Applications to the CloudKacy Clarke
 
Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...Velrada
 
Acode innovation leadership
Acode innovation leadershipAcode innovation leadership
Acode innovation leadershipJames Sankar
 
Fluxology Alliance
Fluxology AllianceFluxology Alliance
Fluxology AlliancePaul Peters
 
Building Successful API Programs in Higher Education
Building Successful API Programs in Higher EducationBuilding Successful API Programs in Higher Education
Building Successful API Programs in Higher Education3scale
 
DevOps Requirement practises - the shift to agile
DevOps Requirement practises - the shift to agileDevOps Requirement practises - the shift to agile
DevOps Requirement practises - the shift to agileArthur de Snaijer :)
 
Ariba, SAP Procurement and Business Network Roadmap [New York City]
Ariba, SAP Procurement and Business Network Roadmap [New York City]Ariba, SAP Procurement and Business Network Roadmap [New York City]
Ariba, SAP Procurement and Business Network Roadmap [New York City]SAP Ariba
 
CAF Workshop BCNet2014
CAF Workshop BCNet2014CAF Workshop BCNet2014
CAF Workshop BCNet2014Chris Phillips
 
E-TAIL QA: Approach to E-commerce testing in an Agile environment
E-TAIL QA: Approach to E-commerce testing in an Agile environmentE-TAIL QA: Approach to E-commerce testing in an Agile environment
E-TAIL QA: Approach to E-commerce testing in an Agile environmentNurun
 
Introducing the Infotention Network
Introducing the Infotention NetworkIntroducing the Infotention Network
Introducing the Infotention NetworkInfotention
 
Modernize Sponsored Research with End-to-End Cloud Tools
Modernize Sponsored Research with End-to-End Cloud ToolsModernize Sponsored Research with End-to-End Cloud Tools
Modernize Sponsored Research with End-to-End Cloud ToolsWellspring
 
LavaCon 2017 - How to Bridge Silos Through Search Results
LavaCon 2017 - How to Bridge Silos Through Search ResultsLavaCon 2017 - How to Bridge Silos Through Search Results
LavaCon 2017 - How to Bridge Silos Through Search ResultsJack Molisani
 

Similar to Federations on the rise (20)

NISO-STM RA21 Project Update
NISO-STM RA21 Project UpdateNISO-STM RA21 Project Update
NISO-STM RA21 Project Update
 
eduTEAMS
eduTEAMSeduTEAMS
eduTEAMS
 
Grand Challenges Learning Analytics
Grand Challenges Learning AnalyticsGrand Challenges Learning Analytics
Grand Challenges Learning Analytics
 
xAPI Live - The State of Standardization
xAPI Live - The State of StandardizationxAPI Live - The State of Standardization
xAPI Live - The State of Standardization
 
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...
 
CloudExpo NY 2014: Moving Mission Critical Applications to the Cloud
CloudExpo NY 2014: Moving Mission Critical Applications to the CloudCloudExpo NY 2014: Moving Mission Critical Applications to the Cloud
CloudExpo NY 2014: Moving Mission Critical Applications to the Cloud
 
Reifier
ReifierReifier
Reifier
 
Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...
 
Acode innovation leadership
Acode innovation leadershipAcode innovation leadership
Acode innovation leadership
 
Fluxology Alliance
Fluxology AllianceFluxology Alliance
Fluxology Alliance
 
Building Successful API Programs in Higher Education
Building Successful API Programs in Higher EducationBuilding Successful API Programs in Higher Education
Building Successful API Programs in Higher Education
 
DevOps Requirement practises - the shift to agile
DevOps Requirement practises - the shift to agileDevOps Requirement practises - the shift to agile
DevOps Requirement practises - the shift to agile
 
Ariba, SAP Procurement and Business Network Roadmap [New York City]
Ariba, SAP Procurement and Business Network Roadmap [New York City]Ariba, SAP Procurement and Business Network Roadmap [New York City]
Ariba, SAP Procurement and Business Network Roadmap [New York City]
 
Techfour company profile
Techfour company profileTechfour company profile
Techfour company profile
 
Agile Fundamentals
Agile FundamentalsAgile Fundamentals
Agile Fundamentals
 
CAF Workshop BCNet2014
CAF Workshop BCNet2014CAF Workshop BCNet2014
CAF Workshop BCNet2014
 
E-TAIL QA: Approach to E-commerce testing in an Agile environment
E-TAIL QA: Approach to E-commerce testing in an Agile environmentE-TAIL QA: Approach to E-commerce testing in an Agile environment
E-TAIL QA: Approach to E-commerce testing in an Agile environment
 
Introducing the Infotention Network
Introducing the Infotention NetworkIntroducing the Infotention Network
Introducing the Infotention Network
 
Modernize Sponsored Research with End-to-End Cloud Tools
Modernize Sponsored Research with End-to-End Cloud ToolsModernize Sponsored Research with End-to-End Cloud Tools
Modernize Sponsored Research with End-to-End Cloud Tools
 
LavaCon 2017 - How to Bridge Silos Through Search Results
LavaCon 2017 - How to Bridge Silos Through Search ResultsLavaCon 2017 - How to Bridge Silos Through Search Results
LavaCon 2017 - How to Bridge Silos Through Search Results
 

More from Harold Teunissen

Transformation in Higher Education using ICT
Transformation in Higher Education using ICTTransformation in Higher Education using ICT
Transformation in Higher Education using ICTHarold Teunissen
 
In de wolken - dat mag wat kosten?
In de wolken - dat mag wat kosten?In de wolken - dat mag wat kosten?
In de wolken - dat mag wat kosten?Harold Teunissen
 
From Cubes to Spheres — The transition of higher education towards the cloud.
From Cubes to Spheres — The transition of higher education towards the cloud.From Cubes to Spheres — The transition of higher education towards the cloud.
From Cubes to Spheres — The transition of higher education towards the cloud.Harold Teunissen
 
DDOS – a Nuisance or Threat?
DDOS – a Nuisance or Threat?DDOS – a Nuisance or Threat?
DDOS – a Nuisance or Threat?Harold Teunissen
 
The chasm of cyberinfrastructures
The chasm of cyberinfrastructuresThe chasm of cyberinfrastructures
The chasm of cyberinfrastructuresHarold Teunissen
 
Collaboration is Happening
Collaboration is HappeningCollaboration is Happening
Collaboration is HappeningHarold Teunissen
 
Quantum Leap in Open Source Collaboration
Quantum Leap in Open Source CollaborationQuantum Leap in Open Source Collaboration
Quantum Leap in Open Source CollaborationHarold Teunissen
 
Fusion of bandwidth on demand and virtual organizations
Fusion of bandwidth on demand and virtual organizationsFusion of bandwidth on demand and virtual organizations
Fusion of bandwidth on demand and virtual organizationsHarold Teunissen
 
Enabling Dynamic Services with SURFconext
Enabling Dynamic Services with SURFconextEnabling Dynamic Services with SURFconext
Enabling Dynamic Services with SURFconextHarold Teunissen
 
SURFconext - Collaboration without limit
SURFconext - Collaboration without limitSURFconext - Collaboration without limit
SURFconext - Collaboration without limitHarold Teunissen
 
Community Clouds - Shared Infrastructure as a Service
Community Clouds - Shared Infrastructure as a ServiceCommunity Clouds - Shared Infrastructure as a Service
Community Clouds - Shared Infrastructure as a ServiceHarold Teunissen
 
Cloud computing for dummies
Cloud computing for dummiesCloud computing for dummies
Cloud computing for dummiesHarold Teunissen
 
From Fiber to Wireless (and back) - Enablers for Collaboration
From Fiber to Wireless (and back) - Enablers for CollaborationFrom Fiber to Wireless (and back) - Enablers for Collaboration
From Fiber to Wireless (and back) - Enablers for CollaborationHarold Teunissen
 
Anywhere, anytime, any place - embrace the Martini Principle
Anywhere, anytime, any place - embrace the Martini PrincipleAnywhere, anytime, any place - embrace the Martini Principle
Anywhere, anytime, any place - embrace the Martini PrincipleHarold Teunissen
 

More from Harold Teunissen (20)

Surfing the data wave
Surfing the data waveSurfing the data wave
Surfing the data wave
 
Transformation in Higher Education using ICT
Transformation in Higher Education using ICTTransformation in Higher Education using ICT
Transformation in Higher Education using ICT
 
In de wolken - dat mag wat kosten?
In de wolken - dat mag wat kosten?In de wolken - dat mag wat kosten?
In de wolken - dat mag wat kosten?
 
Ontsourcing -
Ontsourcing -Ontsourcing -
Ontsourcing -
 
From Cubes to Spheres — The transition of higher education towards the cloud.
From Cubes to Spheres — The transition of higher education towards the cloud.From Cubes to Spheres — The transition of higher education towards the cloud.
From Cubes to Spheres — The transition of higher education towards the cloud.
 
DDOS – a Nuisance or Threat?
DDOS – a Nuisance or Threat?DDOS – a Nuisance or Threat?
DDOS – a Nuisance or Threat?
 
The chasm of cyberinfrastructures
The chasm of cyberinfrastructuresThe chasm of cyberinfrastructures
The chasm of cyberinfrastructures
 
Dutch Cyberinfrastructure
Dutch CyberinfrastructureDutch Cyberinfrastructure
Dutch Cyberinfrastructure
 
Collaborations Unleashed
Collaborations UnleashedCollaborations Unleashed
Collaborations Unleashed
 
Collaboration is Happening
Collaboration is HappeningCollaboration is Happening
Collaboration is Happening
 
Quantum Leap in Open Source Collaboration
Quantum Leap in Open Source CollaborationQuantum Leap in Open Source Collaboration
Quantum Leap in Open Source Collaboration
 
Fusion of bandwidth on demand and virtual organizations
Fusion of bandwidth on demand and virtual organizationsFusion of bandwidth on demand and virtual organizations
Fusion of bandwidth on demand and virtual organizations
 
Enabling Dynamic Services with SURFconext
Enabling Dynamic Services with SURFconextEnabling Dynamic Services with SURFconext
Enabling Dynamic Services with SURFconext
 
SURFconext - Collaboration without limit
SURFconext - Collaboration without limitSURFconext - Collaboration without limit
SURFconext - Collaboration without limit
 
Community Clouds - Shared Infrastructure as a Service
Community Clouds - Shared Infrastructure as a ServiceCommunity Clouds - Shared Infrastructure as a Service
Community Clouds - Shared Infrastructure as a Service
 
Federaties in de praktijk
Federaties in de praktijkFederaties in de praktijk
Federaties in de praktijk
 
Federaties in de praktijk
Federaties in de praktijkFederaties in de praktijk
Federaties in de praktijk
 
Cloud computing for dummies
Cloud computing for dummiesCloud computing for dummies
Cloud computing for dummies
 
From Fiber to Wireless (and back) - Enablers for Collaboration
From Fiber to Wireless (and back) - Enablers for CollaborationFrom Fiber to Wireless (and back) - Enablers for Collaboration
From Fiber to Wireless (and back) - Enablers for Collaboration
 
Anywhere, anytime, any place - embrace the Martini Principle
Anywhere, anytime, any place - embrace the Martini PrincipleAnywhere, anytime, any place - embrace the Martini Principle
Anywhere, anytime, any place - embrace the Martini Principle
 

Recently uploaded

Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxThird Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxAmita Gupta
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxdhanalakshmis0310
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 

Recently uploaded (20)

Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxThird Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 

Federations on the rise

  • 1. Federations on the rise… © WALLNOY Licia Florio (GÉANT) & Harold Teunissen (SURFnet) MAGIC Workshop SC14 New Orleans, November 2014
  • 2. Serving Dutch research & education MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 2
  • 3. SURF as umbrella • All ICT activities for Higher Education and Research in the Netherlands are under the SURF umbrella MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 3 Scientific Computing & Big Data Commercial ICT Products & Services National Research & Education Network eScience Collaboration and Tools
  • 4. Where are these Id. Federations? Source: REFEFDS map pilot production MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 4
  • 5. Federation essentials • We need a working inter-federation framework • Collaboration does not have boundaries MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 5
  • 6. Federations work but… CHALLENGES STILL AHEAD MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 6 ATTRIBUTE AGGREGATION CREDENTIAL TRANSLATION LEVELS OF ASSURANCE BRIDGING COMMUNITIES USER FRIENDLINESS ATTRIBUTE RELEASE HOMELESS USERS NON-WEB-BROWSER
  • 7. Developments in EU and beyond • EU work on two tiers: - National basis, led by the NRENs - EU scale as part of the GEANT project, mostly the identity and Trust research work and services • Global scale: - REFEDS MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 7
  • 8. GEANT InAcademia • To create a simple service to validate the affiliation of a user (i.e. is this a student?) • Use-cases for this: - Web shops discounts - “Free” access to some cloud services (i.e. Office 365, Apple, etc) - Validate affiliation on relevant social platforms • Pilot service expected by end of 2014, early 2015 MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 8
  • 9. InAcademia Rationale eduPersonAffiliationattribute • The attribute within a federated login can be used to validate membership of the academic community, however: - Joining a federation is a problem (policies and contracts) - Implementing SAML and doing federation is though - Inter-federation is even harder - Up front cost, but no customers • So, a lot of work, while the service only needs the Affiliation — pretty low risk in the privacy spectrum MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 9
  • 10. InAcademia — Workflow • Service gets attributes directly from user (self asserted or social) • Service queries a single “centralised” service — InAcademia Simple Validation Service to confirm affiliation • A well understood protocol can be used to query InAcademia • Policy barrier for using InAcademia is low • The user “proves” his affiliation at InAcademia which is under control of the existing federations and NRENs • InAcademia is connected to eduGAIN • Authentication at home Identity Provider delivers requested affiliation • InAcademia interprets the affiliation and answers the requesting service, but never directly delivers attribute values! • User gets discount and service pays a small transaction fee MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 10
  • 11. InAcademia - Benefits • For Identity Providers - SAML based, connected via eduGAIN - Two profiles that have minimal ‘low risk’ attribute requirements - No personal data stored at central service - One connection with many services that are of high value to users, but low effort for IdPs • For Services - OpenID Connect interface towards service, no SAML required - No need to deal with (inter) federation - Simplified policy, compatible with eduGAIN CoCo - Little upfront cost, only pay small amount when transaction is made - One connection with many trusted Identity Providers MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 11
  • 12. REFEDS • REFEDS = Research and Education FEDERATIONS - To that articulates the mutual needs of research and education identity federations worldwide - To offer best practices for R&E federations to ease inter-federation - Supported by GEANT Association (formerly Terena) - Open to anybody with an interest in using federated credentials MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 12 https://refeds.org
  • 13. REFEDS — Entity Categories • Aim: to group federation entities that share common criteria - To ease the attribute release problems - IdPs would release the same set of attributes to all SPs that are in a category instead than negotiating with each of them individually • Two categories approved: - Hide from Discovery - Research and Scholarship MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 13 https://wiki.refeds.org/display/ENT/Entity-Categories+Home
  • 14. REFEDS — SIRTFI • A Security Incident Response Trust Framework for Federated Identity — SIR-T-FI • To define a process for expressing security incident handling requirements as an assurance profile for federations. • Not strictly a REFEDS work, yet… • A lot of interest in this area MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 14 https://wiki.refeds.org/display/GROUPS/SIRTFI