SlideShare a Scribd company logo

Trust and identity

Download as PPTX, PDF
Jisc
Jisc

Presentation from Networkshop46. Liberate case study, by Josh Howlett, head of trust and identity, Jisc. UK Access Management Federation update, by Rhys Smith, chief technical architect, trust and identity, Jisc and Alex Stuart, principal technical support specialist (UK federation), Jisc. eduTEAMS, by Niels Van Dijk, SURFnet.

Technology
1 of 51
Trust and identity Chair: Josh Howlett, Head of trust and identity, Jisc
Liberate update
>Access management is critical to HE, FE, and Research >The R&E requirement is often challenging and hard to address with commercial products >The R&E requirement often requires effort from highly skilled staff >As a result, it can be complex and costly to organise and deliver good access management What is Liberate?
>A fully-managed, cloud-based solution for access management >Provides an access management solution for >UK Access Management Federation >Eduroam (Home and Visited) >IP-authenticated services >Assent >Developed and operated by Jisc on AWS in Dublin, and connected to Janet >A subscription service which launched in October 2017 >Fully supported by our team of technical experts What is Liberate?
>Fourteen subscribers >Seven FE colleges >Four HE institutions >One Research organisation >Two Library Authorities >Many other organisations piloting >Internal administrative issues resulted in a four month delay to the Eduroam functionality >100% uptime and no technical issues reported yet Progress update
>Significant savings (£Ks) if replacing a competitor >Obtain new access management capabilities that were previously unaffordable >Seamless transition with no interruption to services >Staff able to focus on other priorities >Peace of mind (software updates, etc.) Key benefits seen by early adopters
>The SCL represents 151 Library Authorities in England, Wales, and Northern Ireland >Public Libraries share some of the same access management issues as HE/FE institutions >Currently being piloted by five Library Authorities >Introducing chargeable service in April 2018 (two already signed up) Jisc collaboration with Society for Chief Librarians
Except where otherwise noted, this work is licensed under CC-BY-NC-ND. Josh Howlett Head, trust & identity josh.howlett@jisc.ac.uk I have been… One Castlepark, Tower Hill, Bristol, BS2 0JA T 01235 822 363 customerservices@jisc.ac.uk jisc.ac.uk
Any questions? / Thank you
UK Access Management Federation update Rhys Smith, Chief technical architect, trust and identity, Jisc Alex Stuart, Principal technical support specialist, Jisc
Operational update
>Web Single Sign-On based on SAML >1131 member organisations; 2278 entities >Research and Education: 100% HE, ~80% FE, and representation from schools, government, public libraries, NHS >Federation to solve problem of N2 interactions* >Interfederation through eduGAIN allows interoperability with thousands more entities from 50 other federations* Some numbers... * some conditions apply
Data:1-Mar-2018 00:00:00 Registered Entities byType Entities 0 300 600 900 1200 1500 Dec 06Feb 08 Apr 09 Jun 10 Aug 11Oct 12Dec 13 Feb 15 Apr 16 Jun 17 SPs IdPs Type of entities 1
>500 Shibboleth IdPs (66%) and Open Athens (30%) >Recent security advisories reported on Shibboleth announce list: >LDAPS connector using non-standard configuration >ROBOT >Shibboleth IdP v2 to v3 transition, minority of IdPs still on v2 (End of life was July 2016) Type of entities 2: IdPs
>Publishers, collaboration tools, research project sites, gateways to e-Infrastructures, business apps, student sites, inventories... >Linear growth “for ever” >Over 1000 Shibboleth SPs (75%) with a long tail of other types of software (many open source libraries, some products) >Security advisories in last 12 months distributed on Shibboleth announce: >XMLtooling x 2 >ROBOT >MDQ client misconfiguration Type of entities 3: SPs
>99% support SAML 2 so can we just turn off SAML 1? >Unfortunately, support != use >Using WAYF protocol with the Central Discovery Service implies SAML 1, so in June 2017 we deprecated the WAYF protocol >MDUI support (primarily logos) at 30% >Algorithmic agility for XML cryptography Protocol support
New initiatives
MDQ: MD distribution 2.0
>Not really “new” any more - live for over a year >What is it? >Traditional MD distribution is regular syncing of the MD aggregate – currently 36MB >MDQ is just-in-time fetching of bits of metadata instead >FAR lower resource requirements for software – IdP uses far less memory – SP will startup far faster >Currently ~10% of clients now using MDQ. >But the traffic for that 10% is 0.0001% of total MDQ
UKf metadata distribution
Discovery
>UKf CDS services ~4,000,000 CDS flows/month >Very stable and reliable, but running on old code >Currently deciding what to replace it with >Awaiting results of RA21 working group >Don’t worry – look and feel will remain as consistent as possible (hopefully identical) Central Discovery Service
UKf CDS usage
Self Service
>Web portal on the Jisc community website to manage your own entities, domains, etc. >Can still make use of helpdesk if you’re worried or unsure about making changes! >Coming later this year (finally) Self Service
And various other things
>For example: >Improving quality of UKf Metadata >UKf Working with eduGAIN to improve quality of international metadata – better global interoperability >Managed Federation – rebuilding UKf backend systems in a containerised deployable way, to let us run other federation’s backend systems. >Rebuilding distribution infrastructure for MFS – UKf infrastructure should become even more resilient and performant >Tracking OIDC and other emerging technologies Behind the scenes tweaking
Rhys Smith Chief technical architect, trust and identity rhys.smith@jisc.ac.uk We have been... service@ukfederation.org.uk jisc.ac.uk/uk-federation Alex Stuart Principal technical support specialist (UK federation) alex.stuart@jisc.ac.uk
Any questions? / Thank you
eduTEAMS Niels Van Dijk, SURFnet
GÉANT supports and represents over 40 NRENs across Europe. Together they support over 10,000 institutions and 50 million academic users. About GÉANT
eduroam - secure global roaming access service 250+ million authentications per month in 89 territories eduGAIN - interconnects identity federations around the world, simplifying access to content, services and resources ~ 3500 identity providers accessing services AARC project – collaborating with e-infrastructures, research collaborations, libraries & federations to share policies, architectures, training materials & pilots that avoid re-inventing the authentication & authorisation wheel REFEDs – supporting identity federations worldwide Trusted Introducer – services for security and incident response teams Certificate Service – delivering cost-effective digital certificates. In partnership with Supporting users and enabling secure access to services Trust, Identity & Security
• Challenges in Authentication space • International Collaboration • Collaborative organisations work with people outside scope of R&E communities as well • Requires Collaborative organisations to peer with other non R&E Identity providers or maintain an additional Identity provider • Challenges in Authorization space • Services run by Collaborative Organisations often need attribute or group related information in the context of their collaboration, which are not issued by Institutions • Requires Collaborative Organisations to manage and provide additional attributes and groups towards their services, independently from the Institutions 37 Challenges for Collaborative Organisations
• The FIM4R paper (April 2012) was one of the first to articulate collective requirements for using Federated AAI for VOs. • The VOPaaS has performed a survey among several small and large Pan-European VOs to (re-)validate the requirements. 38 Market Analysis
39 Market Analysis Results http://www.geant.org/Projects/GEANT_Project_GN4-1/deliverables/D9-2_Market- Analysis-for-Virtual-Organisation-Platform-as-a-Service.pdf
• Goal • Investigate the conditions that would allow GÉANT to provide services to support Collaborative organisations • Focus on delivery of technical services • Out of scope: • Technical development • Policy & LOA development • Activities • Gather requirements and priorities with/from communities • Look at existing tools and technologies • Look into delivery model • Investigate business case & sustainability • Pilot with communities • Operations and Market 40 GEANT CO Platform as a Service Project
Objectives Conclusions Q&AChallenges Achievements Components • eduTEAMS Membership Management service • eduTEAMS Discovery Service • eduTEAMS Identity Hub Characteristics • 2 monthly release cycle • Supports AARC architecture • Single- and multi-tenant options Documentation, Cookbooks, Privacy Policy etc available https://wiki.geant.org/display/ED eduTEAMS A suite of services for using federated AAI for collaborations Collaboration suite to enable use of federated identity in research communities Partner for any e- Infra or Research Infra inc. “long tail”, informal groups 41
eduTEAMS - Pilots Engaging with communities, eInfras and NRENs 42 Research communities and e-Infrastructures • AARC2-as-VO (Pilot committed) • LifeScience AAI (Pilot) • Umbrella (Pilot committed) • HPC-Europe (Pilot intrest) • EUDAT (Pilot committed)* • EGI * * as part of AARC2 interoperability activity NRENS • JISC (UK) Moonshot Pathfinder project • SURFnet (NL) Science Collaboration Zone project • WAYF (DK) eduVPN Collaboration usecases
Components – LEGO approach Choose how much of the platform they want • eduTEAMS Membership Management service • VO specific workflows for onboarding members • Registry for VO persistent Identifier • Limited set of attributes to maximise interoperability • Use of eduperson entitlement to carry richer info • Available through eduGAIN • eduTEAMS Identity Hub • One persistent (SAML) IdP for many ‘Guest’ Identity Providers • Available and accessible through eduGAIN • Supports Research and Scholarship Entity Category • Discovery Service • Service based or embedded discovery for eduGAIN SPs • Allows per SP filtering of IdPs • Allows per entity category filtering, e.g. R&S
44 eduTEAMS ecosystem REST AA SAML AA COmanage eduTEAMS Membership Managemen t eduTEAMS Identity Hub IdP AuthN: ID + attributes External IdP SP(proxy)
Objectives Conclusions Q&AChallenges Achievements 45 eduTEAMS Membership Management Service (MMS) Manage Roles and Rights • Available trough eduGAIN • CoCo and R&S supported • Strong focus on privacy and GDPR • part of AARC2 interop activity • Technical and cookbooks: https://wiki.geant.org/display/ED/Membership +Management+Service • Service: https://registry.eduTEAMS.org NRENS • JISC (Pilot committed) • Moonshot Pathfinder project • SURFnet (Pilot committed) • Science Collaboration Zone project • GARR (Pilot interest) • SWITCH (Pilot interest) • SWITCH eduID • Swiss Personalised Health Network • Swiss Data Science Center • Swiss National Supercomputing Centre
Objectives Conclusions Q&AChallenges Achievements eduTEAMS Discovery Service • Component of eduTEAMS, but generically usable for eduGAIN SPs • Based on proven service from CESNET • Engaged in RA21 Pilot – Resource Access for the 21st Century (https://ra21.org) • Publishers, libraries and users https://wiki.geant.org/display/ED/Discovery+Servic e 46
Objectives Conclusions Q&AChallenges Achievements 47 eduTEAMS Identity Hub Persistent ID Account Recovery LOA Implemented Future eduTEAMS Identity Hub https://wiki.geant.org/display/ED/Identity+Hub
• Moonshot interaction with third-party AA systems • investigate potential for Assent service • and also all kinds of scientific collaborations • Combined access & authorization for web-based and non-web based services JISC eduTEAMS pilot 48
Moonshot and eduTEAMS 49 SAML AA COmanage eduTEAMS Membership Management eduTEAMS Identity Hub IdP External IdP Webbased Service Moonshot Compute resource Storage resource Groups & roles
Any questions? Thank you Any questions? Thank you
Any questions? / Thank you

Recommended

eduTEAMS
eduTEAMSeduTEAMS
eduTEAMS
Jisc
 
Technical Requirements of the UK Access Management Federation
Technical Requirements of the UK Access Management FederationTechnical Requirements of the UK Access Management Federation
Technical Requirements of the UK Access Management Federation
JISC.AM
 
NWCSC March 2022 event.pptx
NWCSC March 2022 event.pptxNWCSC March 2022 event.pptx
NWCSC March 2022 event.pptx
Cyber Security Partners
 
ISCA Slides - Barun Kumar v1.0
ISCA Slides - Barun Kumar v1.0ISCA Slides - Barun Kumar v1.0
ISCA Slides - Barun Kumar v1.0
Barun Kumar
 
Towards an integrated research management digital ecosystem
Towards an integrated research management digital ecosystemTowards an integrated research management digital ecosystem
Towards an integrated research management digital ecosystem
Jisc
 
Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLP
Robert Kloots
 
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow CanyonData Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Vlad Catrinescu
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)
Sarfaraz Chougule
 

Recommended

eduTEAMS
eduTEAMSeduTEAMS
eduTEAMS
Jisc
 
Technical Requirements of the UK Access Management Federation
Technical Requirements of the UK Access Management FederationTechnical Requirements of the UK Access Management Federation
Technical Requirements of the UK Access Management Federation
JISC.AM
 
NWCSC March 2022 event.pptx
NWCSC March 2022 event.pptxNWCSC March 2022 event.pptx
NWCSC March 2022 event.pptx
Cyber Security Partners
 
ISCA Slides - Barun Kumar v1.0
ISCA Slides - Barun Kumar v1.0ISCA Slides - Barun Kumar v1.0
ISCA Slides - Barun Kumar v1.0
Barun Kumar
 
Towards an integrated research management digital ecosystem
Towards an integrated research management digital ecosystemTowards an integrated research management digital ecosystem
Towards an integrated research management digital ecosystem
Jisc
 
Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLP
Robert Kloots
 
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow CanyonData Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Vlad Catrinescu
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)
Sarfaraz Chougule
 
ION Bangladesh - ISOC Dhaka Chapter Welcome
ION Bangladesh - ISOC Dhaka Chapter WelcomeION Bangladesh - ISOC Dhaka Chapter Welcome
ION Bangladesh - ISOC Dhaka Chapter Welcome
Deploy360 Programme (Internet Society)
 
Engaging with students and researchers: the case of the social sciences
Engaging with students and researchers: the case of the social sciencesEngaging with students and researchers: the case of the social sciences
Engaging with students and researchers: the case of the social sciences
Louise Corti
 
ECM as a Platform - Next Generation of Enterprise Content Management - Nuxeo ...
ECM as a Platform - Next Generation of Enterprise Content Management - Nuxeo ...ECM as a Platform - Next Generation of Enterprise Content Management - Nuxeo ...
ECM as a Platform - Next Generation of Enterprise Content Management - Nuxeo ...
Nuxeo
 
CNZ2013 Keynote | Trust in Digital Preservation | Natalie Harrower
CNZ2013 Keynote | Trust in Digital Preservation | Natalie HarrowerCNZ2013 Keynote | Trust in Digital Preservation | Natalie Harrower
CNZ2013 Keynote | Trust in Digital Preservation | Natalie Harrower
dri_ireland
 
Starting a Digital Preservation Program
Starting a Digital Preservation ProgramStarting a Digital Preservation Program
Starting a Digital Preservation Program
Sarah Shreeves
 
Customer Ppt
Customer PptCustomer Ppt
Customer Ppt
JanieroCampbell
 
Building Successful API Programs in Higher Education
Building Successful API Programs in Higher EducationBuilding Successful API Programs in Higher Education
Building Successful API Programs in Higher Education
3scale
 
UK Access Management Federation update
UK Access Management Federation updateUK Access Management Federation update
UK Access Management Federation update
Jisc
 
McShibboleth Presentation
McShibboleth PresentationMcShibboleth Presentation
McShibboleth Presentation
JISC.AM
 
Edugate/IE Federation - Glenn Wearen, Edugate Federation Operator, HEAnet
Edugate/IE Federation - Glenn Wearen, Edugate Federation Operator, HEAnetEdugate/IE Federation - Glenn Wearen, Edugate Federation Operator, HEAnet
Edugate/IE Federation - Glenn Wearen, Edugate Federation Operator, HEAnet
Eduserv
 
Parallel session: trust and identity
Parallel session: trust and identityParallel session: trust and identity
Parallel session: trust and identity
Jisc
 
Jisc trust and identity update
Jisc trust and identity updateJisc trust and identity update
Jisc trust and identity update
Jisc
 
Jisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategiesJisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategies
Jisc
 
e-infrastructural needs to support informatics
e-infrastructural needs to support informaticse-infrastructural needs to support informatics
e-infrastructural needs to support informatics
David Wallom
 
BDVA i Spaces - What they are, how to become one, value and collaborations
BDVA i Spaces - What they are, how to become one, value and collaborationsBDVA i Spaces - What they are, how to become one, value and collaborations
BDVA i Spaces - What they are, how to become one, value and collaborations
Big Data Value Association
 
Bdva - iSpaces
Bdva - iSpacesBdva - iSpaces
Bdva - iSpaces
Big Data Value Association
 
Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44
Jisc
 
DOIs for Research Publication
DOIs for Research PublicationDOIs for Research Publication
DOIs for Research Publication
Idowu Adegbilero-Iwari
 
Cultivating Sustainable Software For Research
Cultivating Sustainable Software For ResearchCultivating Sustainable Software For Research
Cultivating Sustainable Software For Research
Neil Chue Hong
 
Pawlowski and Beadles: Authentication and Access of Licensed Content in Ohio
Pawlowski and Beadles: Authentication and Access of Licensed Content in OhioPawlowski and Beadles: Authentication and Access of Licensed Content in Ohio
Pawlowski and Beadles: Authentication and Access of Licensed Content in Ohio
National Information Standards Organization (NISO)
 
Apanheath
ApanheathApanheath
Apanheath
refeds
 
Research Data Shared Service Webinar #1
Research Data Shared Service Webinar #1Research Data Shared Service Webinar #1
Research Data Shared Service Webinar #1
Jisc RDM
 

More Related Content

What's hot

ION Bangladesh - ISOC Dhaka Chapter Welcome
ION Bangladesh - ISOC Dhaka Chapter WelcomeION Bangladesh - ISOC Dhaka Chapter Welcome
ION Bangladesh - ISOC Dhaka Chapter Welcome
Deploy360 Programme (Internet Society)
 
Engaging with students and researchers: the case of the social sciences
Engaging with students and researchers: the case of the social sciencesEngaging with students and researchers: the case of the social sciences
Engaging with students and researchers: the case of the social sciences
Louise Corti
 
ECM as a Platform - Next Generation of Enterprise Content Management - Nuxeo ...
ECM as a Platform - Next Generation of Enterprise Content Management - Nuxeo ...ECM as a Platform - Next Generation of Enterprise Content Management - Nuxeo ...
ECM as a Platform - Next Generation of Enterprise Content Management - Nuxeo ...
Nuxeo
 
CNZ2013 Keynote | Trust in Digital Preservation | Natalie Harrower
CNZ2013 Keynote | Trust in Digital Preservation | Natalie HarrowerCNZ2013 Keynote | Trust in Digital Preservation | Natalie Harrower
CNZ2013 Keynote | Trust in Digital Preservation | Natalie Harrower
dri_ireland
 
Starting a Digital Preservation Program
Starting a Digital Preservation ProgramStarting a Digital Preservation Program
Starting a Digital Preservation Program
Sarah Shreeves
 
Customer Ppt
Customer PptCustomer Ppt
Customer Ppt
JanieroCampbell
 

What's hot (6)

ION Bangladesh - ISOC Dhaka Chapter Welcome
ION Bangladesh - ISOC Dhaka Chapter WelcomeION Bangladesh - ISOC Dhaka Chapter Welcome
ION Bangladesh - ISOC Dhaka Chapter Welcome
 
Engaging with students and researchers: the case of the social sciences
Engaging with students and researchers: the case of the social sciencesEngaging with students and researchers: the case of the social sciences
Engaging with students and researchers: the case of the social sciences
 
ECM as a Platform - Next Generation of Enterprise Content Management - Nuxeo ...
ECM as a Platform - Next Generation of Enterprise Content Management - Nuxeo ...ECM as a Platform - Next Generation of Enterprise Content Management - Nuxeo ...
ECM as a Platform - Next Generation of Enterprise Content Management - Nuxeo ...
 
CNZ2013 Keynote | Trust in Digital Preservation | Natalie Harrower
CNZ2013 Keynote | Trust in Digital Preservation | Natalie HarrowerCNZ2013 Keynote | Trust in Digital Preservation | Natalie Harrower
CNZ2013 Keynote | Trust in Digital Preservation | Natalie Harrower
 
Starting a Digital Preservation Program
Starting a Digital Preservation ProgramStarting a Digital Preservation Program
Starting a Digital Preservation Program
 
Customer Ppt
Customer PptCustomer Ppt
Customer Ppt
 

Similar to Trust and identity

Building Successful API Programs in Higher Education
Building Successful API Programs in Higher EducationBuilding Successful API Programs in Higher Education
Building Successful API Programs in Higher Education
3scale
 
UK Access Management Federation update
UK Access Management Federation updateUK Access Management Federation update
UK Access Management Federation update
Jisc
 
McShibboleth Presentation
McShibboleth PresentationMcShibboleth Presentation
McShibboleth Presentation
JISC.AM
 
Edugate/IE Federation - Glenn Wearen, Edugate Federation Operator, HEAnet
Edugate/IE Federation - Glenn Wearen, Edugate Federation Operator, HEAnetEdugate/IE Federation - Glenn Wearen, Edugate Federation Operator, HEAnet
Edugate/IE Federation - Glenn Wearen, Edugate Federation Operator, HEAnet
Eduserv
 
Parallel session: trust and identity
Parallel session: trust and identityParallel session: trust and identity
Parallel session: trust and identity
Jisc
 
Jisc trust and identity update
Jisc trust and identity updateJisc trust and identity update
Jisc trust and identity update
Jisc
 
Jisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategiesJisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategies
Jisc
 
e-infrastructural needs to support informatics
e-infrastructural needs to support informaticse-infrastructural needs to support informatics
e-infrastructural needs to support informatics
David Wallom
 
BDVA i Spaces - What they are, how to become one, value and collaborations
BDVA i Spaces - What they are, how to become one, value and collaborationsBDVA i Spaces - What they are, how to become one, value and collaborations
BDVA i Spaces - What they are, how to become one, value and collaborations
Big Data Value Association
 
Bdva - iSpaces
Bdva - iSpacesBdva - iSpaces
Bdva - iSpaces
Big Data Value Association
 
Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44
Jisc
 
DOIs for Research Publication
DOIs for Research PublicationDOIs for Research Publication
DOIs for Research Publication
Idowu Adegbilero-Iwari
 
Cultivating Sustainable Software For Research
Cultivating Sustainable Software For ResearchCultivating Sustainable Software For Research
Cultivating Sustainable Software For Research
Neil Chue Hong
 
Pawlowski and Beadles: Authentication and Access of Licensed Content in Ohio
Pawlowski and Beadles: Authentication and Access of Licensed Content in OhioPawlowski and Beadles: Authentication and Access of Licensed Content in Ohio
Pawlowski and Beadles: Authentication and Access of Licensed Content in Ohio
National Information Standards Organization (NISO)
 
Apanheath
ApanheathApanheath
Apanheath
refeds
 
Research Data Shared Service Webinar #1
Research Data Shared Service Webinar #1Research Data Shared Service Webinar #1
Research Data Shared Service Webinar #1
Jisc RDM
 
Trust and identity - enabling intra- and inter-organisational authentication ...
Trust and identity - enabling intra- and inter-organisational authentication ...Trust and identity - enabling intra- and inter-organisational authentication ...
Trust and identity - enabling intra- and inter-organisational authentication ...
Jisc
 
[Workshop] Digital Transformation: Breaking Down Boundaries for Greater Conne...
[Workshop] Digital Transformation: Breaking Down Boundaries for Greater Conne...[Workshop] Digital Transformation: Breaking Down Boundaries for Greater Conne...
[Workshop] Digital Transformation: Breaking Down Boundaries for Greater Conne...
WSO2
 
Federated Access Management: the Business Case
Federated Access Management: the Business CaseFederated Access Management: the Business Case
Federated Access Management: the Business Case
JISC.AM
 
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...
TheInevitableCloud
 

Similar to Trust and identity (20)

Building Successful API Programs in Higher Education
Building Successful API Programs in Higher EducationBuilding Successful API Programs in Higher Education
Building Successful API Programs in Higher Education
 
UK Access Management Federation update
UK Access Management Federation updateUK Access Management Federation update
UK Access Management Federation update
 
McShibboleth Presentation
McShibboleth PresentationMcShibboleth Presentation
McShibboleth Presentation
 
Edugate/IE Federation - Glenn Wearen, Edugate Federation Operator, HEAnet
Edugate/IE Federation - Glenn Wearen, Edugate Federation Operator, HEAnetEdugate/IE Federation - Glenn Wearen, Edugate Federation Operator, HEAnet
Edugate/IE Federation - Glenn Wearen, Edugate Federation Operator, HEAnet
 
Parallel session: trust and identity
Parallel session: trust and identityParallel session: trust and identity
Parallel session: trust and identity
 
Jisc trust and identity update
Jisc trust and identity updateJisc trust and identity update
Jisc trust and identity update
 
Jisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategiesJisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategies
 
e-infrastructural needs to support informatics
e-infrastructural needs to support informaticse-infrastructural needs to support informatics
e-infrastructural needs to support informatics
 
BDVA i Spaces - What they are, how to become one, value and collaborations
BDVA i Spaces - What they are, how to become one, value and collaborationsBDVA i Spaces - What they are, how to become one, value and collaborations
BDVA i Spaces - What they are, how to become one, value and collaborations
 
Bdva - iSpaces
Bdva - iSpacesBdva - iSpaces
Bdva - iSpaces
 
Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44
 
DOIs for Research Publication
DOIs for Research PublicationDOIs for Research Publication
DOIs for Research Publication
 
Cultivating Sustainable Software For Research
Cultivating Sustainable Software For ResearchCultivating Sustainable Software For Research
Cultivating Sustainable Software For Research
 
Pawlowski and Beadles: Authentication and Access of Licensed Content in Ohio
Pawlowski and Beadles: Authentication and Access of Licensed Content in OhioPawlowski and Beadles: Authentication and Access of Licensed Content in Ohio
Pawlowski and Beadles: Authentication and Access of Licensed Content in Ohio
 
Apanheath
ApanheathApanheath
Apanheath
 
Research Data Shared Service Webinar #1
Research Data Shared Service Webinar #1Research Data Shared Service Webinar #1
Research Data Shared Service Webinar #1
 
Trust and identity - enabling intra- and inter-organisational authentication ...
Trust and identity - enabling intra- and inter-organisational authentication ...Trust and identity - enabling intra- and inter-organisational authentication ...
Trust and identity - enabling intra- and inter-organisational authentication ...
 
[Workshop] Digital Transformation: Breaking Down Boundaries for Greater Conne...
[Workshop] Digital Transformation: Breaking Down Boundaries for Greater Conne...[Workshop] Digital Transformation: Breaking Down Boundaries for Greater Conne...
[Workshop] Digital Transformation: Breaking Down Boundaries for Greater Conne...
 
Federated Access Management: the Business Case
Federated Access Management: the Business CaseFederated Access Management: the Business Case
Federated Access Management: the Business Case
 
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...
Cw13 the rising stack-how & why open stack is changing it by mark collier-ope...
 

More from Jisc

Adobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptxAdobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptx
Jisc
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
Jisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of SheffieldJisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of Sheffield
Jisc
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
Jisc
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
Jisc
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
Jisc
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
Jisc
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
Jisc
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
Jisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
Jisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
Jisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
Jisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
Jisc
 

More from Jisc (20)

Adobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptxAdobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptx
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Jisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of SheffieldJisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of Sheffield
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 

Recently uploaded

Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Project Management Semester Long Project - Acuity
Project Management Semester Long Project - AcuityProject Management Semester Long Project - Acuity
Project Management Semester Long Project - Acuity
jpupo2018
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 

Recently uploaded (20)

Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Project Management Semester Long Project - Acuity
Project Management Semester Long Project - AcuityProject Management Semester Long Project - Acuity
Project Management Semester Long Project - Acuity
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 

Trust and identity

  • 1. Trust and identity Chair: Josh Howlett, Head of trust and identity, Jisc
  • 3. >Access management is critical to HE, FE, and Research >The R&E requirement is often challenging and hard to address with commercial products >The R&E requirement often requires effort from highly skilled staff >As a result, it can be complex and costly to organise and deliver good access management What is Liberate?
  • 4. >A fully-managed, cloud-based solution for access management >Provides an access management solution for >UK Access Management Federation >Eduroam (Home and Visited) >IP-authenticated services >Assent >Developed and operated by Jisc on AWS in Dublin, and connected to Janet >A subscription service which launched in October 2017 >Fully supported by our team of technical experts What is Liberate?
  • 5.
  • 6. >Fourteen subscribers >Seven FE colleges >Four HE institutions >One Research organisation >Two Library Authorities >Many other organisations piloting >Internal administrative issues resulted in a four month delay to the Eduroam functionality >100% uptime and no technical issues reported yet Progress update
  • 7. >Significant savings (£Ks) if replacing a competitor >Obtain new access management capabilities that were previously unaffordable >Seamless transition with no interruption to services >Staff able to focus on other priorities >Peace of mind (software updates, etc.) Key benefits seen by early adopters
  • 8. >The SCL represents 151 Library Authorities in England, Wales, and Northern Ireland >Public Libraries share some of the same access management issues as HE/FE institutions >Currently being piloted by five Library Authorities >Introducing chargeable service in April 2018 (two already signed up) Jisc collaboration with Society for Chief Librarians
  • 9.
  • 10. Except where otherwise noted, this work is licensed under CC-BY-NC-ND. Josh Howlett Head, trust & identity josh.howlett@jisc.ac.uk I have been… One Castlepark, Tower Hill, Bristol, BS2 0JA T 01235 822 363 customerservices@jisc.ac.uk jisc.ac.uk
  • 12. UK Access Management Federation update Rhys Smith, Chief technical architect, trust and identity, Jisc Alex Stuart, Principal technical support specialist, Jisc
  • 14. >Web Single Sign-On based on SAML >1131 member organisations; 2278 entities >Research and Education: 100% HE, ~80% FE, and representation from schools, government, public libraries, NHS >Federation to solve problem of N2 interactions* >Interfederation through eduGAIN allows interoperability with thousands more entities from 50 other federations* Some numbers... * some conditions apply
  • 15. Data:1-Mar-2018 00:00:00 Registered Entities byType Entities 0 300 600 900 1200 1500 Dec 06Feb 08 Apr 09 Jun 10 Aug 11Oct 12Dec 13 Feb 15 Apr 16 Jun 17 SPs IdPs Type of entities 1
  • 16. >500 Shibboleth IdPs (66%) and Open Athens (30%) >Recent security advisories reported on Shibboleth announce list: >LDAPS connector using non-standard configuration >ROBOT >Shibboleth IdP v2 to v3 transition, minority of IdPs still on v2 (End of life was July 2016) Type of entities 2: IdPs
  • 17. >Publishers, collaboration tools, research project sites, gateways to e-Infrastructures, business apps, student sites, inventories... >Linear growth “for ever” >Over 1000 Shibboleth SPs (75%) with a long tail of other types of software (many open source libraries, some products) >Security advisories in last 12 months distributed on Shibboleth announce: >XMLtooling x 2 >ROBOT >MDQ client misconfiguration Type of entities 3: SPs
  • 18. >99% support SAML 2 so can we just turn off SAML 1? >Unfortunately, support != use >Using WAYF protocol with the Central Discovery Service implies SAML 1, so in June 2017 we deprecated the WAYF protocol >MDUI support (primarily logos) at 30% >Algorithmic agility for XML cryptography Protocol support
  • 21. >Not really “new” any more - live for over a year >What is it? >Traditional MD distribution is regular syncing of the MD aggregate – currently 36MB >MDQ is just-in-time fetching of bits of metadata instead >FAR lower resource requirements for software – IdP uses far less memory – SP will startup far faster >Currently ~10% of clients now using MDQ. >But the traffic for that 10% is 0.0001% of total MDQ
  • 24. >UKf CDS services ~4,000,000 CDS flows/month >Very stable and reliable, but running on old code >Currently deciding what to replace it with >Awaiting results of RA21 working group >Don’t worry – look and feel will remain as consistent as possible (hopefully identical) Central Discovery Service
  • 27. >Web portal on the Jisc community website to manage your own entities, domains, etc. >Can still make use of helpdesk if you’re worried or unsure about making changes! >Coming later this year (finally) Self Service
  • 28.
  • 29.
  • 31. >For example: >Improving quality of UKf Metadata >UKf Working with eduGAIN to improve quality of international metadata – better global interoperability >Managed Federation – rebuilding UKf backend systems in a containerised deployable way, to let us run other federation’s backend systems. >Rebuilding distribution infrastructure for MFS – UKf infrastructure should become even more resilient and performant >Tracking OIDC and other emerging technologies Behind the scenes tweaking
  • 32. Rhys Smith Chief technical architect, trust and identity rhys.smith@jisc.ac.uk We have been... service@ukfederation.org.uk jisc.ac.uk/uk-federation Alex Stuart Principal technical support specialist (UK federation) alex.stuart@jisc.ac.uk
  • 35. GÉANT supports and represents over 40 NRENs across Europe. Together they support over 10,000 institutions and 50 million academic users. About GÉANT
  • 36. eduroam - secure global roaming access service 250+ million authentications per month in 89 territories eduGAIN - interconnects identity federations around the world, simplifying access to content, services and resources ~ 3500 identity providers accessing services AARC project – collaborating with e-infrastructures, research collaborations, libraries & federations to share policies, architectures, training materials & pilots that avoid re-inventing the authentication & authorisation wheel REFEDs – supporting identity federations worldwide Trusted Introducer – services for security and incident response teams Certificate Service – delivering cost-effective digital certificates. In partnership with Supporting users and enabling secure access to services Trust, Identity & Security
  • 37. • Challenges in Authentication space • International Collaboration • Collaborative organisations work with people outside scope of R&E communities as well • Requires Collaborative organisations to peer with other non R&E Identity providers or maintain an additional Identity provider • Challenges in Authorization space • Services run by Collaborative Organisations often need attribute or group related information in the context of their collaboration, which are not issued by Institutions • Requires Collaborative Organisations to manage and provide additional attributes and groups towards their services, independently from the Institutions 37 Challenges for Collaborative Organisations
  • 38. • The FIM4R paper (April 2012) was one of the first to articulate collective requirements for using Federated AAI for VOs. • The VOPaaS has performed a survey among several small and large Pan-European VOs to (re-)validate the requirements. 38 Market Analysis
  • 40. • Goal • Investigate the conditions that would allow GÉANT to provide services to support Collaborative organisations • Focus on delivery of technical services • Out of scope: • Technical development • Policy & LOA development • Activities • Gather requirements and priorities with/from communities • Look at existing tools and technologies • Look into delivery model • Investigate business case & sustainability • Pilot with communities • Operations and Market 40 GEANT CO Platform as a Service Project
  • 41. Objectives Conclusions Q&AChallenges Achievements Components • eduTEAMS Membership Management service • eduTEAMS Discovery Service • eduTEAMS Identity Hub Characteristics • 2 monthly release cycle • Supports AARC architecture • Single- and multi-tenant options Documentation, Cookbooks, Privacy Policy etc available https://wiki.geant.org/display/ED eduTEAMS A suite of services for using federated AAI for collaborations Collaboration suite to enable use of federated identity in research communities Partner for any e- Infra or Research Infra inc. “long tail”, informal groups 41
  • 42. eduTEAMS - Pilots Engaging with communities, eInfras and NRENs 42 Research communities and e-Infrastructures • AARC2-as-VO (Pilot committed) • LifeScience AAI (Pilot) • Umbrella (Pilot committed) • HPC-Europe (Pilot intrest) • EUDAT (Pilot committed)* • EGI * * as part of AARC2 interoperability activity NRENS • JISC (UK) Moonshot Pathfinder project • SURFnet (NL) Science Collaboration Zone project • WAYF (DK) eduVPN Collaboration usecases
  • 43. Components – LEGO approach Choose how much of the platform they want • eduTEAMS Membership Management service • VO specific workflows for onboarding members • Registry for VO persistent Identifier • Limited set of attributes to maximise interoperability • Use of eduperson entitlement to carry richer info • Available through eduGAIN • eduTEAMS Identity Hub • One persistent (SAML) IdP for many ‘Guest’ Identity Providers • Available and accessible through eduGAIN • Supports Research and Scholarship Entity Category • Discovery Service • Service based or embedded discovery for eduGAIN SPs • Allows per SP filtering of IdPs • Allows per entity category filtering, e.g. R&S
  • 45. Objectives Conclusions Q&AChallenges Achievements 45 eduTEAMS Membership Management Service (MMS) Manage Roles and Rights • Available trough eduGAIN • CoCo and R&S supported • Strong focus on privacy and GDPR • part of AARC2 interop activity • Technical and cookbooks: https://wiki.geant.org/display/ED/Membership +Management+Service • Service: https://registry.eduTEAMS.org NRENS • JISC (Pilot committed) • Moonshot Pathfinder project • SURFnet (Pilot committed) • Science Collaboration Zone project • GARR (Pilot interest) • SWITCH (Pilot interest) • SWITCH eduID • Swiss Personalised Health Network • Swiss Data Science Center • Swiss National Supercomputing Centre
  • 46. Objectives Conclusions Q&AChallenges Achievements eduTEAMS Discovery Service • Component of eduTEAMS, but generically usable for eduGAIN SPs • Based on proven service from CESNET • Engaged in RA21 Pilot – Resource Access for the 21st Century (https://ra21.org) • Publishers, libraries and users https://wiki.geant.org/display/ED/Discovery+Servic e 46
  • 47. Objectives Conclusions Q&AChallenges Achievements 47 eduTEAMS Identity Hub Persistent ID Account Recovery LOA Implemented Future eduTEAMS Identity Hub https://wiki.geant.org/display/ED/Identity+Hub
  • 48. • Moonshot interaction with third-party AA systems • investigate potential for Assent service • and also all kinds of scientific collaborations • Combined access & authorization for web-based and non-web based services JISC eduTEAMS pilot 48
  • 49. Moonshot and eduTEAMS 49 SAML AA COmanage eduTEAMS Membership Management eduTEAMS Identity Hub IdP External IdP Webbased Service Moonshot Compute resource Storage resource Groups & roles
  • 50. Any questions? Thank you Any questions? Thank you

Editor's Notes

  1. Mesh federation to solve N^2 interactions sets up introduction to MDQ Interfederation caveat leads to UKf metadata checking 45% of Ukf metadata is imported Ukf is 40% of eduGAIN
  2. Linear growth in number of SPs BUT complexity of metadata increasing, and churn of staff
  3. V3 Shibboleth rewrite and moving to semantic versioning V3.4 deprecations (later in 2018) with removals in v4 # date, Shib IdPs, v2, v3, assumed down, unclassified 2017-07-14,      488,      114,      205, 137, 32 2018-03-14,      502,       65,      271, 133, 33 ROBOT: did scans, worked with Ukf members,
  4. The university is not just researchers, teachers and students; plenty of professional staff New tools developed to manage metadata in git repo SIRTFI – hopefully Rhys gonna talk about that, but this will set up MDQ: benefits and risks on UKf website Also simpleSAMLphp security advisories in underlying library
  5. TODO: stats for WAYF protocol using SPs Alex presented at NWS42 (Exeter, 2014) saying “let’s get rid of SAML 1” also phasing out PKIX, 900 SPs Can talk about RA21 project and improving MDUI
  6. AuthN: people not in eduGAIN AuthZ: groups, attributes, in context of VO audit trail: who, when, by who
  7. Conducted Market Analysis including FIM4R paper Interview Vos include AARC findings
  8. Virtual Organisation Platform as a Service Project in GEANT: Create and Run a service to support Collaborative Organisations Requirements from communities Use existing software Create a sustainable service Run the service