1 / 13

Bart Kerver Bart.kerver@surfnet.nl TF-EMC2-meeting, Utrecht, 17 Oktober 2006

Bart Kerver Bart.kerver@surfnet.nl TF-EMC2-meeting, Utrecht, 17 Oktober 2006. Update SURFnet. SURFnet Federation project. Main components: describe use-cases for Federated IdM; what services; policies; technology;. SURFnet’s role for IdM. Awareness for Identity Management (IdM)

berryc
Download Presentation

Bart Kerver Bart.kerver@surfnet.nl TF-EMC2-meeting, Utrecht, 17 Oktober 2006

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Bart Kerver Bart.kerver@surfnet.nl TF-EMC2-meeting, Utrecht, 17 Oktober 2006 Update SURFnet

  2. SURFnet Federation project Main components: • describe use-cases for Federated IdM; • what services; • policies; • technology;

  3. SURFnet’s role for IdM • Awareness for Identity Management (IdM) • Reports on IdM • studies on current state of IdM in HE in .NL; • Scenarios to realize (upgrade) IdM; • Federated IdM (business drivers, solutions…). • Workshops on IdM • Workgroup for Library Access Management (‘BAM’) • Development and support of open source product A-Select (development, organize OS, pilots, architecture, deployments) • Stimulate deployment of A-Select (200k+ users high-ed)

  4. Federation initiatives - .NL Identity provider service provider central components for federation

  5. SURFnet Federation (2006) Build a service “SURFnet Federatie” (SNF) • technical implementation (based on A-Select); • define(d): policies, contracts, legal organization?…; • organize service providers (SP); • support identity providers (IdP); • Manuals and website (end-user, IdP,SP, helpdesk etc.)

  6. SURFnet Federation (2007) • stimulate deployment and join-in • workshops; • install fests for both IdP and SP. • con-federate (‘confederate’: both NL and EU) • support standards (SAML, WS*,eduGAIN) • translate assertions enabling federared SSO (SAML <> A-Select <> WSF <> eduGAIN) • pilots/work on federated (de-)provisioning • monitoring/tracking/tracing within federation • home organization for SURFnet specific services? • Technology scouting on MW for SOA/grid-services

  7. SURFnet Federation Policies Start simple: low level entry • Contract for IdP part of SURFnet contract? • Contract for all SP’s standardized; • If an IdP is also SP, just one contract. • IdPs make best efforts: • to issue credentials to members only • to ensure accuracy of assertions • SPs agree to respect the privacy of users • don't aggregate attributes or disclose to others • report on use of federation

  8. SURFnet Federation

  9. SAML (SAML) users identities central federation components resources

  10. Pilots with SURFnet Federation • Pilots with 3 publishers and Elsevier SD • Booking system for VC-equipment (appl. by Switch) • Ellips project (language studies) • SURFgroepen (www.surfgroepen.nl) – MS Sharepoint On the horizon (short term) • SURFnetdiensten (webshop); • 3TU – 3 technical universities collaborating; • VideoPortal; • Institution specific usage stats (on services); • SURFstat (network stats);

  11. A-Select developments • Support for SAML1.1 (OpenSAML based) used for WAYF and IdP • IdP: • Browser/Post WebSSO profile • Browser/Artifact WebSSO profile (type 0001 & 0002) • SAML Subject Queries (Attribute, Authentication, Authorization) • Enhanced WAYF • IdP discovery for SP • Anonymity of users based on WS* • Soon start with: • WS* (ADFS) implementation • pilot with MS CardSpace • interoperability with Oracle and Novell (IdP, SP) • Looking into Liberty support http://www.aselect.org/version/1.5/aselectchangelog.txt

  12. SURFnet Statistics on SCS 2006 Jan Feb Mar Apr May Jun Jul Aug Sep Total Certs accepted 0 0 4 43 75 76 67 91 68 424 Certs refused 0 0 3 7 20 10 15 11 23 SCS institutes 0 0 5 22 39 45 52 58 64 64 (unique)

  13. SURFnet Detective Meanwhile… SURFnet Detective has reached status/level of production-service as of May ‘06. http://detective.surfnet.nl/

More Related