1 / 20

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago, 2006-12-04 Ingrid Melve, UNINETT CTO Overview Why work on federated identity in education? Feide Higher education Schools

Audrey
Download Presentation

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago, 2006-12-04 Ingrid Melve, UNINETT CTO

  2. Overview • Why work on federated identity in education? • Feide • Higher education • Schools • Rollout process • Applications get «Feidefied» • Current identity focused initatives • Future plans • Collaboration, research, development, deployment

  3. Norway: small European country

  4. Norwegian education • 7 universities, 46 university colleges (210 842 persons) • Extensive collaboration on electronic services in higher education • BIBSYS and other library services • FS and MSTAS student registry systems • Administrative systems: finance, HR, archive, invoice, • High performance computing, super-computers and grids • Schools (865 000 persons, pluss parents) • 454 upper secondary schools owned by 19 regions • Around 4500 schools owned by 430 municipalities • User populations, including parents, make up 43% of population

  5. ICT trends: Usage in higher education • All Norwegian universities and colleges are online since 1992 • Currently all students in higher education use e-learning • Tracking learning, tracking teaching • Personalization requires stronger central ICT systems • Half of the students have laptops (growing number), and they grew up with PCs • Web self service is increasingly deployed • Traffic grows exponentially

  6. UNINETT and Feide • UNINETT is the Norwegian research network • UNINETT is chartered to • Provide advanced network services among the world best • Support open standards and interoperability • Work in collaboration with education and research • Feide organization • A central service (7 persons) • Login service, operated by Oslo University, with integration support • Trust model • Information model • Project management • Deployment in higher education (3-1 persons) • Deployment for school owners (4-9 persons)

  7. Collaboration • Strong involvement from universities and colleges • User groups • Active participation in various project(s) • Close collaboration with SAP roll-out • Operational Feide service run by UiO • Backing from Ministry of Education and Research • Financial support • Clear political support for integrating services • Identity management for schools scheduled for 2008 • Partnership with commercial technology partner (Sun) for open source Liberty-based software • International participation: TF-EMC²/REFEDS, eduGAIN, GNOMIS, EuroCAMP, Internet2

  8. Identity management for education • Feide since 2000 (initially higher education) • Operational federation with login service since 2003 • Universities and university colleges: 2003 - 2006(7) • Schools and Feide • Participation decided by Ministry of Education early 2006 • Identity management should be available by 2008 for all schools • Strong campus identity management efforts • Universities and colleges develop and deploy IdM software • Organizational process: identify responsibilities and enforce routines for processing personal information • Supporting the Personal Data Act • Operational service providers (current: 26) • Adding 2-3 every month this fall

  9. Why federate? • Users and home organizations and service providers need to exchange information • Trust establishment • Feide-name and password • PKI and other credentials supported • Policy with privacy support • Technology: • Easy service provider integration • Multi-vendor environment • Open standards • Clear integration path

  10. Feide – Federated Electronic Identity for Norwegian Education • Feide is a non-commercial identity management federation for people in education • Feide is technology and platform agnostic • Feide offers guidelines and policy for campus identity management • Feide-names are valid for all education services, and may be used internally, for community services and with educational related services

  11. Feide login • User tries to access service • Service transfer user to Feide login • Authentication is done at campus • Local authentication point • Local control over information • Authentication is confirmed with the service, possibly with attribute release • Attribute release controlled by user, governed by contract

  12. Feide federates education Federations: • Establish trust • Authenticate • Do privacy control • Enforce information flow policy • Security

  13. Business drivers for Feide • End user: one username, one password • Each educational institution benefits from • Local dataflow clean-up • Overview and control of services • Common guidelines, requirements and best practice for identity management • University, college or school as Service Provider benefits • Easy integration of non-local users • Data protection contracts and guidelines • Common shared services benefit from • Integrated user space • Data protection contracts and guidelines

  14. Feide is glue in education

  15. User groups Technology based for campus IdM Regional based Support from vendors Novell for campus IdM Various Microsoft-affiliates Sun for federation support IBM, Oracle, Kantega for roll-out and applications Collaboration • Parents/guardians should be able to log in • How to reuse existing credentials? • How to link parent-child? • Public sector: MyID • PKI is on hold • Pincode-based federated ID • SAML2.0 • Possibilities in private sector • Private federations • PKI-based login • Not yet concrete plans

  16. Ongoing work • Feide operates with • One Identity Provider (central login service) • Many Authentication points (one at each educational insitution) • Attribute release is important • Feide-name valid only in organizational context • What school, affiliation, group, address, NIN, unit? • Provisioning: started PIFU standardization effort • Cross-federations needed (imply IdP chaining) • National: MyID for public sector • Nordic: Kalmar Union for higher education and research • International: eduGAIN, InCommon? • Service Oriented Architecture (implies ID-WSF) • Services talk on behalf of user to mediate content delivery

  17. More information • Information from Feide, including deployment status • http://www.feide.no/index.en.html • http://feide.no • Email for Feide: • administrasjon@feide.no • Questions for Ingrid • ingrid.melve@uninett.no Collaboration builds education

  18. Campus Identity Provider benefits • Authoritative quality for all affiliated users • Control of information flow for all affiliated users • Enhanced user management simplifies and automates business processes • Federated login provides access to services • One contract with Feide eliminates bi-lateral contracts with all service providers

  19. Service Provider benefits • Access for all Feide users • No local administration of user database • Feide handles login and gives high quality data about users • One contract with Feide eliminates bi-lateral contracts with all identity providers

  20. User benefits • One username • One password (or other credential) • Do not need to register information at each service, automatic updates from campus information • Informed consent for personal data transfer • Familiar log-in page may increase security

More Related