SlideShare a Scribd company logo

Federations on the rise

Harold Teunissen
Harold Teunissen

Readout and update on Identity Management effort from Europe for the MAGIC team at SuperComputing2014 in New Orleans.

1 of 15
Download to read offline
Federations on the rise… © WALLNOY Licia Florio (GÉANT) & Harold Teunissen (SURFnet) MAGIC Workshop SC14 New Orleans, November 2014
Serving Dutch research & education MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 2
SURF as umbrella • All ICT activities for Higher Education and Research in the Netherlands are under the SURF umbrella MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 3 Scientific Computing & Big Data Commercial ICT Products & Services National Research & Education Network eScience Collaboration and Tools
Where are these Id. Federations? Source: REFEFDS map pilot production MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 4
Federation essentials • We need a working inter-federation framework • Collaboration does not have boundaries MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 5
Federations work but… CHALLENGES STILL AHEAD MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 6 ATTRIBUTE AGGREGATION CREDENTIAL TRANSLATION LEVELS OF ASSURANCE BRIDGING COMMUNITIES USER FRIENDLINESS ATTRIBUTE RELEASE HOMELESS USERS NON-WEB-BROWSER
Developments in EU and beyond • EU work on two tiers: - National basis, led by the NRENs - EU scale as part of the GEANT project, mostly the identity and Trust research work and services • Global scale: - REFEDS MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 7
GEANT InAcademia • To create a simple service to validate the affiliation of a user (i.e. is this a student?) • Use-cases for this: - Web shops discounts - “Free” access to some cloud services (i.e. Office 365, Apple, etc) - Validate affiliation on relevant social platforms • Pilot service expected by end of 2014, early 2015 MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 8
InAcademia Rationale eduPersonAffiliationattribute • The attribute within a federated login can be used to validate membership of the academic community, however: - Joining a federation is a problem (policies and contracts) - Implementing SAML and doing federation is though - Inter-federation is even harder - Up front cost, but no customers • So, a lot of work, while the service only needs the Affiliation — pretty low risk in the privacy spectrum MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 9
InAcademia — Workflow • Service gets attributes directly from user (self asserted or social) • Service queries a single “centralised” service — InAcademia Simple Validation Service to confirm affiliation • A well understood protocol can be used to query InAcademia • Policy barrier for using InAcademia is low • The user “proves” his affiliation at InAcademia which is under control of the existing federations and NRENs • InAcademia is connected to eduGAIN • Authentication at home Identity Provider delivers requested affiliation • InAcademia interprets the affiliation and answers the requesting service, but never directly delivers attribute values! • User gets discount and service pays a small transaction fee MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 10
InAcademia - Benefits • For Identity Providers - SAML based, connected via eduGAIN - Two profiles that have minimal ‘low risk’ attribute requirements - No personal data stored at central service - One connection with many services that are of high value to users, but low effort for IdPs • For Services - OpenID Connect interface towards service, no SAML required - No need to deal with (inter) federation - Simplified policy, compatible with eduGAIN CoCo - Little upfront cost, only pay small amount when transaction is made - One connection with many trusted Identity Providers MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 11
REFEDS • REFEDS = Research and Education FEDERATIONS - To that articulates the mutual needs of research and education identity federations worldwide - To offer best practices for R&E federations to ease inter-federation - Supported by GEANT Association (formerly Terena) - Open to anybody with an interest in using federated credentials MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 12 https://refeds.org
REFEDS — Entity Categories • Aim: to group federation entities that share common criteria - To ease the attribute release problems - IdPs would release the same set of attributes to all SPs that are in a category instead than negotiating with each of them individually • Two categories approved: - Hide from Discovery - Research and Scholarship MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 13 https://wiki.refeds.org/display/ENT/Entity-Categories+Home
REFEDS — SIRTFI • A Security Incident Response Trust Framework for Federated Identity — SIR-T-FI • To define a process for expressing security incident handling requirements as an assurance profile for federations. • Not strictly a REFEDS work, yet… • A lot of interest in this area MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 14 https://wiki.refeds.org/display/GROUPS/SIRTFI
harold.teunissen@surfnet.nl haroldteunissen

Recommended

Open access and beyond
Open access and beyondOpen access and beyond
Open access and beyond
Harold Teunissen
 
Open Access and Beyond: An update from the field
Open Access and Beyond: An update from the fieldOpen Access and Beyond: An update from the field
Open Access and Beyond: An update from the field
Cybera Inc.
 
Using sdn to secure the campus - Networkshop44
Using sdn to secure the campus - Networkshop44Using sdn to secure the campus - Networkshop44
Using sdn to secure the campus - Networkshop44
Jisc
 
DAPSI - Open Call #2 - Webinar #1
DAPSI - Open Call #2 - Webinar #1DAPSI - Open Call #2 - Webinar #1
DAPSI - Open Call #2 - Webinar #1
Data Portability and Services Incubator
 
Connected Healthcare
Connected HealthcareConnected Healthcare
Connected Healthcare
Alcatel-Lucent Enterprise
 
Jef Verelst - Smals Open to a shift - Infosecurity.be
Jef Verelst - Smals Open to a shift - Infosecurity.beJef Verelst - Smals Open to a shift - Infosecurity.be
Jef Verelst - Smals Open to a shift - Infosecurity.be
Smals
 
Extreme networks - Better Connections. Better Experiences. For Everyone.
Extreme networks - Better Connections. Better Experiences. For Everyone.Extreme networks - Better Connections. Better Experiences. For Everyone.
Extreme networks - Better Connections. Better Experiences. For Everyone.
Aruj Thirawat
 
Extreme Networks IdentiFi
Extreme Networks IdentiFiExtreme Networks IdentiFi
Extreme Networks IdentiFi
EnterpriseSystemsGroup
 

Recommended

Open access and beyond
Open access and beyondOpen access and beyond
Open access and beyond
Harold Teunissen
 
Open Access and Beyond: An update from the field
Open Access and Beyond: An update from the fieldOpen Access and Beyond: An update from the field
Open Access and Beyond: An update from the field
Cybera Inc.
 
Using sdn to secure the campus - Networkshop44
Using sdn to secure the campus - Networkshop44Using sdn to secure the campus - Networkshop44
Using sdn to secure the campus - Networkshop44
Jisc
 
DAPSI - Open Call #2 - Webinar #1
DAPSI - Open Call #2 - Webinar #1DAPSI - Open Call #2 - Webinar #1
DAPSI - Open Call #2 - Webinar #1
Data Portability and Services Incubator
 
Connected Healthcare
Connected HealthcareConnected Healthcare
Connected Healthcare
Alcatel-Lucent Enterprise
 
Jef Verelst - Smals Open to a shift - Infosecurity.be
Jef Verelst - Smals Open to a shift - Infosecurity.beJef Verelst - Smals Open to a shift - Infosecurity.be
Jef Verelst - Smals Open to a shift - Infosecurity.be
Smals
 
Extreme networks - Better Connections. Better Experiences. For Everyone.
Extreme networks - Better Connections. Better Experiences. For Everyone.Extreme networks - Better Connections. Better Experiences. For Everyone.
Extreme networks - Better Connections. Better Experiences. For Everyone.
Aruj Thirawat
 
Extreme Networks IdentiFi
Extreme Networks IdentiFiExtreme Networks IdentiFi
Extreme Networks IdentiFi
EnterpriseSystemsGroup
 
The WebRTC Continuum - The Next Wave
The WebRTC Continuum - The Next WaveThe WebRTC Continuum - The Next Wave
The WebRTC Continuum - The Next Wave
WebRTCConferenceJapan
 
Going Global with Itoc and AWS
Going Global with Itoc and AWS Going Global with Itoc and AWS
Going Global with Itoc and AWS
Mark Promnitz
 
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...
Lucas Jellema
 
Software defined networking - huawei - Networkshop44
Software defined networking - huawei - Networkshop44Software defined networking - huawei - Networkshop44
Software defined networking - huawei - Networkshop44
Jisc
 
Final Presentation E Busines
Final Presentation E BusinesFinal Presentation E Busines
Final Presentation E Busines
David van der Loo
 
Optimizing the DITA Authoring Experience
Optimizing the DITA Authoring ExperienceOptimizing the DITA Authoring Experience
Optimizing the DITA Authoring Experience
dclsocialmedia
 
Anticipating Lightweight DITA
Anticipating Lightweight DITAAnticipating Lightweight DITA
Anticipating Lightweight DITA
dclsocialmedia
 
Unified Access from Application Chaos to Application Fluency
Unified Access from Application Chaos to Application FluencyUnified Access from Application Chaos to Application Fluency
Unified Access from Application Chaos to Application Fluency
Alcatel-Lucent Enterprise
 
The State of SDN, SDDC & Cloud
The State of SDN, SDDC & CloudThe State of SDN, SDDC & Cloud
The State of SDN, SDDC & Cloud
Tufin
 
Exhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiExhibitor session: Cisco Meraki
Exhibitor session: Cisco Meraki
Jisc
 
Extreme Networks SDN Innovation Challenge
Extreme Networks SDN Innovation ChallengeExtreme Networks SDN Innovation Challenge
Extreme Networks SDN Innovation ChallengeUS-Ignite
 
NISO-STM RA21 Project Update
NISO-STM RA21 Project UpdateNISO-STM RA21 Project Update
NISO-STM RA21 Project Update
TACNISO
 
eduTEAMS
eduTEAMSeduTEAMS
eduTEAMS
Jisc
 
Grand Challenges Learning Analytics
Grand Challenges Learning AnalyticsGrand Challenges Learning Analytics
Grand Challenges Learning Analytics
amberg
 
xAPI Live - The State of Standardization
xAPI Live - The State of StandardizationxAPI Live - The State of Standardization
xAPI Live - The State of Standardization
RISC Inc
 
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...
Jari Salo
 
CloudExpo NY 2014: Moving Mission Critical Applications to the Cloud
CloudExpo NY 2014: Moving Mission Critical Applications to the CloudCloudExpo NY 2014: Moving Mission Critical Applications to the Cloud
CloudExpo NY 2014: Moving Mission Critical Applications to the Cloud
Kacy Clarke
 
Reifier
ReifierReifier
Reifier
Sonal Goyal
 
Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...
Velrada
 
Acode innovation leadership
Acode innovation leadershipAcode innovation leadership
Acode innovation leadership
James Sankar
 
Fluxology Alliance
Fluxology AllianceFluxology Alliance
Fluxology Alliance
Paul Peters
 
Building Successful API Programs in Higher Education
Building Successful API Programs in Higher EducationBuilding Successful API Programs in Higher Education
Building Successful API Programs in Higher Education
3scale
 

More Related Content

What's hot

The WebRTC Continuum - The Next Wave
The WebRTC Continuum - The Next WaveThe WebRTC Continuum - The Next Wave
The WebRTC Continuum - The Next Wave
WebRTCConferenceJapan
 
Going Global with Itoc and AWS
Going Global with Itoc and AWS Going Global with Itoc and AWS
Going Global with Itoc and AWS
Mark Promnitz
 
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...
Lucas Jellema
 
Software defined networking - huawei - Networkshop44
Software defined networking - huawei - Networkshop44Software defined networking - huawei - Networkshop44
Software defined networking - huawei - Networkshop44
Jisc
 
Final Presentation E Busines
Final Presentation E BusinesFinal Presentation E Busines
Final Presentation E Busines
David van der Loo
 
Optimizing the DITA Authoring Experience
Optimizing the DITA Authoring ExperienceOptimizing the DITA Authoring Experience
Optimizing the DITA Authoring Experience
dclsocialmedia
 
Anticipating Lightweight DITA
Anticipating Lightweight DITAAnticipating Lightweight DITA
Anticipating Lightweight DITA
dclsocialmedia
 
Unified Access from Application Chaos to Application Fluency
Unified Access from Application Chaos to Application FluencyUnified Access from Application Chaos to Application Fluency
Unified Access from Application Chaos to Application Fluency
Alcatel-Lucent Enterprise
 
The State of SDN, SDDC & Cloud
The State of SDN, SDDC & CloudThe State of SDN, SDDC & Cloud
The State of SDN, SDDC & Cloud
Tufin
 
Exhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiExhibitor session: Cisco Meraki
Exhibitor session: Cisco Meraki
Jisc
 
Extreme Networks SDN Innovation Challenge
Extreme Networks SDN Innovation ChallengeExtreme Networks SDN Innovation Challenge
Extreme Networks SDN Innovation ChallengeUS-Ignite
 

What's hot (11)

The WebRTC Continuum - The Next Wave
The WebRTC Continuum - The Next WaveThe WebRTC Continuum - The Next Wave
The WebRTC Continuum - The Next Wave
 
Going Global with Itoc and AWS
Going Global with Itoc and AWS Going Global with Itoc and AWS
Going Global with Itoc and AWS
 
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...
Who Wants to Become an IT Architect? A Look at the Bigger Picture (Oracle Gro...
 
Software defined networking - huawei - Networkshop44
Software defined networking - huawei - Networkshop44Software defined networking - huawei - Networkshop44
Software defined networking - huawei - Networkshop44
 
Final Presentation E Busines
Final Presentation E BusinesFinal Presentation E Busines
Final Presentation E Busines
 
Optimizing the DITA Authoring Experience
Optimizing the DITA Authoring ExperienceOptimizing the DITA Authoring Experience
Optimizing the DITA Authoring Experience
 
Anticipating Lightweight DITA
Anticipating Lightweight DITAAnticipating Lightweight DITA
Anticipating Lightweight DITA
 
Unified Access from Application Chaos to Application Fluency
Unified Access from Application Chaos to Application FluencyUnified Access from Application Chaos to Application Fluency
Unified Access from Application Chaos to Application Fluency
 
The State of SDN, SDDC & Cloud
The State of SDN, SDDC & CloudThe State of SDN, SDDC & Cloud
The State of SDN, SDDC & Cloud
 
Exhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiExhibitor session: Cisco Meraki
Exhibitor session: Cisco Meraki
 
Extreme Networks SDN Innovation Challenge
Extreme Networks SDN Innovation ChallengeExtreme Networks SDN Innovation Challenge
Extreme Networks SDN Innovation Challenge
 

Similar to Federations on the rise

NISO-STM RA21 Project Update
NISO-STM RA21 Project UpdateNISO-STM RA21 Project Update
NISO-STM RA21 Project Update
TACNISO
 
eduTEAMS
eduTEAMSeduTEAMS
eduTEAMS
Jisc
 
Grand Challenges Learning Analytics
Grand Challenges Learning AnalyticsGrand Challenges Learning Analytics
Grand Challenges Learning Analytics
amberg
 
xAPI Live - The State of Standardization
xAPI Live - The State of StandardizationxAPI Live - The State of Standardization
xAPI Live - The State of Standardization
RISC Inc
 
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...
Jari Salo
 
CloudExpo NY 2014: Moving Mission Critical Applications to the Cloud
CloudExpo NY 2014: Moving Mission Critical Applications to the CloudCloudExpo NY 2014: Moving Mission Critical Applications to the Cloud
CloudExpo NY 2014: Moving Mission Critical Applications to the Cloud
Kacy Clarke
 
Reifier
ReifierReifier
Reifier
Sonal Goyal
 
Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...
Velrada
 
Acode innovation leadership
Acode innovation leadershipAcode innovation leadership
Acode innovation leadership
James Sankar
 
Fluxology Alliance
Fluxology AllianceFluxology Alliance
Fluxology Alliance
Paul Peters
 
Building Successful API Programs in Higher Education
Building Successful API Programs in Higher EducationBuilding Successful API Programs in Higher Education
Building Successful API Programs in Higher Education
3scale
 
DevOps Requirement practises - the shift to agile
DevOps Requirement practises - the shift to agileDevOps Requirement practises - the shift to agile
DevOps Requirement practises - the shift to agile
Arthur de Snaijer :)
 
Ariba, SAP Procurement and Business Network Roadmap [New York City]
Ariba, SAP Procurement and Business Network Roadmap [New York City]Ariba, SAP Procurement and Business Network Roadmap [New York City]
Ariba, SAP Procurement and Business Network Roadmap [New York City]
SAP Ariba
 
Techfour company profile
Techfour company profileTechfour company profile
Techfour company profile
Techfour Engineering Solutions
 
Agile Fundamentals
Agile FundamentalsAgile Fundamentals
Agile Fundamentals
Daniel Luschwitz
 
CAF Workshop BCNet2014
CAF Workshop BCNet2014CAF Workshop BCNet2014
CAF Workshop BCNet2014
Chris Phillips
 
E-TAIL QA: Approach to E-commerce testing in an Agile environment
E-TAIL QA: Approach to E-commerce testing in an Agile environmentE-TAIL QA: Approach to E-commerce testing in an Agile environment
E-TAIL QA: Approach to E-commerce testing in an Agile environment
Nurun
 
Introducing the Infotention Network
Introducing the Infotention NetworkIntroducing the Infotention Network
Introducing the Infotention Network
Infotention
 
Modernize Sponsored Research with End-to-End Cloud Tools
Modernize Sponsored Research with End-to-End Cloud ToolsModernize Sponsored Research with End-to-End Cloud Tools
Modernize Sponsored Research with End-to-End Cloud Tools
Wellspring
 
LavaCon 2017 - How to Bridge Silos Through Search Results
LavaCon 2017 - How to Bridge Silos Through Search ResultsLavaCon 2017 - How to Bridge Silos Through Search Results
LavaCon 2017 - How to Bridge Silos Through Search Results
Jack Molisani
 

Similar to Federations on the rise (20)

NISO-STM RA21 Project Update
NISO-STM RA21 Project UpdateNISO-STM RA21 Project Update
NISO-STM RA21 Project Update
 
eduTEAMS
eduTEAMSeduTEAMS
eduTEAMS
 
Grand Challenges Learning Analytics
Grand Challenges Learning AnalyticsGrand Challenges Learning Analytics
Grand Challenges Learning Analytics
 
xAPI Live - The State of Standardization
xAPI Live - The State of StandardizationxAPI Live - The State of Standardization
xAPI Live - The State of Standardization
 
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...
Salo 2013 visiting lecture_university of bergamo_digital relationships and ne...
 
CloudExpo NY 2014: Moving Mission Critical Applications to the Cloud
CloudExpo NY 2014: Moving Mission Critical Applications to the CloudCloudExpo NY 2014: Moving Mission Critical Applications to the Cloud
CloudExpo NY 2014: Moving Mission Critical Applications to the Cloud
 
Reifier
ReifierReifier
Reifier
 
Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...
 
Acode innovation leadership
Acode innovation leadershipAcode innovation leadership
Acode innovation leadership
 
Fluxology Alliance
Fluxology AllianceFluxology Alliance
Fluxology Alliance
 
Building Successful API Programs in Higher Education
Building Successful API Programs in Higher EducationBuilding Successful API Programs in Higher Education
Building Successful API Programs in Higher Education
 
DevOps Requirement practises - the shift to agile
DevOps Requirement practises - the shift to agileDevOps Requirement practises - the shift to agile
DevOps Requirement practises - the shift to agile
 
Ariba, SAP Procurement and Business Network Roadmap [New York City]
Ariba, SAP Procurement and Business Network Roadmap [New York City]Ariba, SAP Procurement and Business Network Roadmap [New York City]
Ariba, SAP Procurement and Business Network Roadmap [New York City]
 
Techfour company profile
Techfour company profileTechfour company profile
Techfour company profile
 
Agile Fundamentals
Agile FundamentalsAgile Fundamentals
Agile Fundamentals
 
CAF Workshop BCNet2014
CAF Workshop BCNet2014CAF Workshop BCNet2014
CAF Workshop BCNet2014
 
E-TAIL QA: Approach to E-commerce testing in an Agile environment
E-TAIL QA: Approach to E-commerce testing in an Agile environmentE-TAIL QA: Approach to E-commerce testing in an Agile environment
E-TAIL QA: Approach to E-commerce testing in an Agile environment
 
Introducing the Infotention Network
Introducing the Infotention NetworkIntroducing the Infotention Network
Introducing the Infotention Network
 
Modernize Sponsored Research with End-to-End Cloud Tools
Modernize Sponsored Research with End-to-End Cloud ToolsModernize Sponsored Research with End-to-End Cloud Tools
Modernize Sponsored Research with End-to-End Cloud Tools
 
LavaCon 2017 - How to Bridge Silos Through Search Results
LavaCon 2017 - How to Bridge Silos Through Search ResultsLavaCon 2017 - How to Bridge Silos Through Search Results
LavaCon 2017 - How to Bridge Silos Through Search Results
 

More from Harold Teunissen

Surfing the data wave
Surfing the data waveSurfing the data wave
Surfing the data wave
Harold Teunissen
 
Transformation in Higher Education using ICT
Transformation in Higher Education using ICTTransformation in Higher Education using ICT
Transformation in Higher Education using ICT
Harold Teunissen
 
In de wolken - dat mag wat kosten?
In de wolken - dat mag wat kosten?In de wolken - dat mag wat kosten?
In de wolken - dat mag wat kosten?
Harold Teunissen
 
Ontsourcing -
Ontsourcing -Ontsourcing -
Ontsourcing -
Harold Teunissen
 
From Cubes to Spheres — The transition of higher education towards the cloud.
From Cubes to Spheres — The transition of higher education towards the cloud.From Cubes to Spheres — The transition of higher education towards the cloud.
From Cubes to Spheres — The transition of higher education towards the cloud.
Harold Teunissen
 
DDOS – a Nuisance or Threat?
DDOS – a Nuisance or Threat?DDOS – a Nuisance or Threat?
DDOS – a Nuisance or Threat?
Harold Teunissen
 
The chasm of cyberinfrastructures
The chasm of cyberinfrastructuresThe chasm of cyberinfrastructures
The chasm of cyberinfrastructures
Harold Teunissen
 
Dutch Cyberinfrastructure
Dutch CyberinfrastructureDutch Cyberinfrastructure
Dutch Cyberinfrastructure
Harold Teunissen
 
Collaborations Unleashed
Collaborations UnleashedCollaborations Unleashed
Collaborations Unleashed
Harold Teunissen
 
Collaboration is Happening
Collaboration is HappeningCollaboration is Happening
Collaboration is Happening
Harold Teunissen
 
Quantum Leap in Open Source Collaboration
Quantum Leap in Open Source CollaborationQuantum Leap in Open Source Collaboration
Quantum Leap in Open Source Collaboration
Harold Teunissen
 
Fusion of bandwidth on demand and virtual organizations
Fusion of bandwidth on demand and virtual organizationsFusion of bandwidth on demand and virtual organizations
Fusion of bandwidth on demand and virtual organizationsHarold Teunissen
 
Enabling Dynamic Services with SURFconext
Enabling Dynamic Services with SURFconextEnabling Dynamic Services with SURFconext
Enabling Dynamic Services with SURFconextHarold Teunissen
 
SURFconext - Collaboration without limit
SURFconext - Collaboration without limitSURFconext - Collaboration without limit
SURFconext - Collaboration without limit
Harold Teunissen
 
Community Clouds - Shared Infrastructure as a Service
Community Clouds - Shared Infrastructure as a ServiceCommunity Clouds - Shared Infrastructure as a Service
Community Clouds - Shared Infrastructure as a ServiceHarold Teunissen
 
Cloud computing for dummies
Cloud computing for dummiesCloud computing for dummies
Cloud computing for dummiesHarold Teunissen
 
From Fiber to Wireless (and back) - Enablers for Collaboration
From Fiber to Wireless (and back) - Enablers for CollaborationFrom Fiber to Wireless (and back) - Enablers for Collaboration
From Fiber to Wireless (and back) - Enablers for CollaborationHarold Teunissen
 
Anywhere, anytime, any place - embrace the Martini Principle
Anywhere, anytime, any place - embrace the Martini PrincipleAnywhere, anytime, any place - embrace the Martini Principle
Anywhere, anytime, any place - embrace the Martini PrincipleHarold Teunissen
 

More from Harold Teunissen (20)

Surfing the data wave
Surfing the data waveSurfing the data wave
Surfing the data wave
 
Transformation in Higher Education using ICT
Transformation in Higher Education using ICTTransformation in Higher Education using ICT
Transformation in Higher Education using ICT
 
In de wolken - dat mag wat kosten?
In de wolken - dat mag wat kosten?In de wolken - dat mag wat kosten?
In de wolken - dat mag wat kosten?
 
Ontsourcing -
Ontsourcing -Ontsourcing -
Ontsourcing -
 
From Cubes to Spheres — The transition of higher education towards the cloud.
From Cubes to Spheres — The transition of higher education towards the cloud.From Cubes to Spheres — The transition of higher education towards the cloud.
From Cubes to Spheres — The transition of higher education towards the cloud.
 
DDOS – a Nuisance or Threat?
DDOS – a Nuisance or Threat?DDOS – a Nuisance or Threat?
DDOS – a Nuisance or Threat?
 
The chasm of cyberinfrastructures
The chasm of cyberinfrastructuresThe chasm of cyberinfrastructures
The chasm of cyberinfrastructures
 
Dutch Cyberinfrastructure
Dutch CyberinfrastructureDutch Cyberinfrastructure
Dutch Cyberinfrastructure
 
Collaborations Unleashed
Collaborations UnleashedCollaborations Unleashed
Collaborations Unleashed
 
Collaboration is Happening
Collaboration is HappeningCollaboration is Happening
Collaboration is Happening
 
Quantum Leap in Open Source Collaboration
Quantum Leap in Open Source CollaborationQuantum Leap in Open Source Collaboration
Quantum Leap in Open Source Collaboration
 
Fusion of bandwidth on demand and virtual organizations
Fusion of bandwidth on demand and virtual organizationsFusion of bandwidth on demand and virtual organizations
Fusion of bandwidth on demand and virtual organizations
 
Enabling Dynamic Services with SURFconext
Enabling Dynamic Services with SURFconextEnabling Dynamic Services with SURFconext
Enabling Dynamic Services with SURFconext
 
SURFconext - Collaboration without limit
SURFconext - Collaboration without limitSURFconext - Collaboration without limit
SURFconext - Collaboration without limit
 
Community Clouds - Shared Infrastructure as a Service
Community Clouds - Shared Infrastructure as a ServiceCommunity Clouds - Shared Infrastructure as a Service
Community Clouds - Shared Infrastructure as a Service
 
Federaties in de praktijk
Federaties in de praktijkFederaties in de praktijk
Federaties in de praktijk
 
Federaties in de praktijk
Federaties in de praktijkFederaties in de praktijk
Federaties in de praktijk
 
Cloud computing for dummies
Cloud computing for dummiesCloud computing for dummies
Cloud computing for dummies
 
From Fiber to Wireless (and back) - Enablers for Collaboration
From Fiber to Wireless (and back) - Enablers for CollaborationFrom Fiber to Wireless (and back) - Enablers for Collaboration
From Fiber to Wireless (and back) - Enablers for Collaboration
 
Anywhere, anytime, any place - embrace the Martini Principle
Anywhere, anytime, any place - embrace the Martini PrincipleAnywhere, anytime, any place - embrace the Martini Principle
Anywhere, anytime, any place - embrace the Martini Principle
 

Recently uploaded

2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
NelTorrente
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
Wasim Ak
 
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
RitikBhardwaj56
 
World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024
ak6969907
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
Assignment_4_ArianaBusciglio Marvel(1).docx
Assignment_4_ArianaBusciglio Marvel(1).docxAssignment_4_ArianaBusciglio Marvel(1).docx
Assignment_4_ArianaBusciglio Marvel(1).docx
ArianaBusciglio
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
AyyanKhan40
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
TechSoup
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
Landownership in the Philippines under the Americans-2-pptx.pptx
Landownership in the Philippines under the Americans-2-pptx.pptxLandownership in the Philippines under the Americans-2-pptx.pptx
Landownership in the Philippines under the Americans-2-pptx.pptx
JezreelCabil2
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Akanksha trivedi rama nursing college kanpur.
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
chanes7
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 

Recently uploaded (20)

2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
 
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
 
World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
Assignment_4_ArianaBusciglio Marvel(1).docx
Assignment_4_ArianaBusciglio Marvel(1).docxAssignment_4_ArianaBusciglio Marvel(1).docx
Assignment_4_ArianaBusciglio Marvel(1).docx
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
Landownership in the Philippines under the Americans-2-pptx.pptx
Landownership in the Philippines under the Americans-2-pptx.pptxLandownership in the Philippines under the Americans-2-pptx.pptx
Landownership in the Philippines under the Americans-2-pptx.pptx
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 

Federations on the rise

  • 1. Federations on the rise… © WALLNOY Licia Florio (GÉANT) & Harold Teunissen (SURFnet) MAGIC Workshop SC14 New Orleans, November 2014
  • 2. Serving Dutch research & education MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 2
  • 3. SURF as umbrella • All ICT activities for Higher Education and Research in the Netherlands are under the SURF umbrella MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 3 Scientific Computing & Big Data Commercial ICT Products & Services National Research & Education Network eScience Collaboration and Tools
  • 4. Where are these Id. Federations? Source: REFEFDS map pilot production MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 4
  • 5. Federation essentials • We need a working inter-federation framework • Collaboration does not have boundaries MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 5
  • 6. Federations work but… CHALLENGES STILL AHEAD MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 6 ATTRIBUTE AGGREGATION CREDENTIAL TRANSLATION LEVELS OF ASSURANCE BRIDGING COMMUNITIES USER FRIENDLINESS ATTRIBUTE RELEASE HOMELESS USERS NON-WEB-BROWSER
  • 7. Developments in EU and beyond • EU work on two tiers: - National basis, led by the NRENs - EU scale as part of the GEANT project, mostly the identity and Trust research work and services • Global scale: - REFEDS MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 7
  • 8. GEANT InAcademia • To create a simple service to validate the affiliation of a user (i.e. is this a student?) • Use-cases for this: - Web shops discounts - “Free” access to some cloud services (i.e. Office 365, Apple, etc) - Validate affiliation on relevant social platforms • Pilot service expected by end of 2014, early 2015 MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 8
  • 9. InAcademia Rationale eduPersonAffiliationattribute • The attribute within a federated login can be used to validate membership of the academic community, however: - Joining a federation is a problem (policies and contracts) - Implementing SAML and doing federation is though - Inter-federation is even harder - Up front cost, but no customers • So, a lot of work, while the service only needs the Affiliation — pretty low risk in the privacy spectrum MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 9
  • 10. InAcademia — Workflow • Service gets attributes directly from user (self asserted or social) • Service queries a single “centralised” service — InAcademia Simple Validation Service to confirm affiliation • A well understood protocol can be used to query InAcademia • Policy barrier for using InAcademia is low • The user “proves” his affiliation at InAcademia which is under control of the existing federations and NRENs • InAcademia is connected to eduGAIN • Authentication at home Identity Provider delivers requested affiliation • InAcademia interprets the affiliation and answers the requesting service, but never directly delivers attribute values! • User gets discount and service pays a small transaction fee MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 10
  • 11. InAcademia - Benefits • For Identity Providers - SAML based, connected via eduGAIN - Two profiles that have minimal ‘low risk’ attribute requirements - No personal data stored at central service - One connection with many services that are of high value to users, but low effort for IdPs • For Services - OpenID Connect interface towards service, no SAML required - No need to deal with (inter) federation - Simplified policy, compatible with eduGAIN CoCo - Little upfront cost, only pay small amount when transaction is made - One connection with many trusted Identity Providers MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 11
  • 12. REFEDS • REFEDS = Research and Education FEDERATIONS - To that articulates the mutual needs of research and education identity federations worldwide - To offer best practices for R&E federations to ease inter-federation - Supported by GEANT Association (formerly Terena) - Open to anybody with an interest in using federated credentials MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 12 https://refeds.org
  • 13. REFEDS — Entity Categories • Aim: to group federation entities that share common criteria - To ease the attribute release problems - IdPs would release the same set of attributes to all SPs that are in a category instead than negotiating with each of them individually • Two categories approved: - Hide from Discovery - Research and Scholarship MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 13 https://wiki.refeds.org/display/ENT/Entity-Categories+Home
  • 14. REFEDS — SIRTFI • A Security Incident Response Trust Framework for Federated Identity — SIR-T-FI • To define a process for expressing security incident handling requirements as an assurance profile for federations. • Not strictly a REFEDS work, yet… • A lot of interest in this area MAGIC WORKSHOP — SC14 — New Orleans, LA, November 2014 14 https://wiki.refeds.org/display/GROUPS/SIRTFI