1 / 20

InCommon and Federated Identity Update

InCommon and Federated Identity Update. Topics. The complex world of Internet identity InCommon growing out Size and impact Application uses InCommon growing up Silver eptid federated incident handling Futures issues Governance, business model

sparr
Download Presentation

InCommon and Federated Identity Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. InCommon and Federated Identity Update

  2. Topics • The complex world of Internet identity • InCommon growing out • Size and impact • Application uses • InCommon growing up • Silver • eptid • federated incident handling • Futures issues • Governance, business model • Services offered – SSL/personal certs, eduroam • The Tao of Attributes workshop

  3. Complex world of Internet identity Apparent distinctions between federated identity systems and social networking (OpenId) Positioned as competitive • Complementary in models • OpenId limited to LOA 1 (at best) Several governments at work within the beltway Often more PR driven than use-case driven Privacy misunderstood but finally on the radar

  4. Internet identity likely outcomes Integration of technologies • OpenId within the Shib platform • eduPersonOpenId? • Attribute management within OpenId Focus on business processes, not on protocols • That’s what the TFP do Privacy management by end-users The attribute ecosystem becomes the real set of issues

  5. InCommon • Over 160 members now • Over 3.6 million users • Most of the major research institutions • Other types of members • Non usual suspects – Lafayette, NITLE, Univ of Mary Washington, etc. • National Institute of Health, NSF and research.gov • Energy Labs, ESnet, TeraGrid • MS, Apple, Elsevier, etc. • Student service providers • Commercial identity providers • Growth is quite strong; doubled in size for the fifth year straight • Silver profile approved but not yet operational

  6. InCommon Impact Tens of thousands of transactions a day at Penn State Basis for CIC collaborations Underpins hundreds of applications within UC, Texas, New York, North Carolina systems Required for external collaborations at several universities The basis for much of MS and Apple interactions with academia The basis for much of Elsevier, Proquest, JSTOR, National Student Loan Clearinghouse, alcohol.edu, Student Universe, OCLC, etc…

  7. NIH Driving agency for much of our government activity Several types of applications, spanning two levels of LOA and a number of attributes • Wikis, access to genome databases, etc • CTSA • Electronic grants administration “Why should external users have internal NIH accounts?” Easier stuff – technology, clue at NIH, user interest Harder stuff – attributes (e.g. “organization”), dynamically supplied versus statically-supplied info

  8. International R&E federations • More than 25 national federations • Several countries at 100% coverage, including Norway, Switzerland, Finland; communities served varies somewhat by country, but all are multi-application and include HE • UK intends a single federation for HE and Further Education ~ tens of millions of users • EU-wide identity effort now rolling out - IDABC and the Stork Project (www.eid-stork.eu) • Key issues around EU Privacy and the EPTID • Some early interfederation – Kalmar Union and US-UK

  9. InCommon Growing Up - Silver LOA 2 on the campus Highly secure federation operational procedures Many applications require it (especially with LOA 1 now being sooooo low) May enfold other procedures on campuses

  10. InCommon Growing Up – eptid and privacy Need to have campuses provide persistent opaque identifiers (eptid) Need to adopt some explicit privacy policies, likely in the format of best practices and self certification Need to develop audit training mechanisms

  11. InCommon Growing Up – Federated Incident Handling Paradigms of shared security services (see REN-ISAC) • Trust • Local enforcement of external requests • Interactions with law enforcement as needed How to amend InCommon agreements and processes

  12. Attributes and Identity Authentication is very important, but… Identity is just one of many attributes And attributes provide scalable access control, privacy, customization, linked identities, federated roles and more Good authentication + shared attributes (syntax and semantics) is the path.

  13. Attribute use cases are rapidly emerging FEMA needing first responders attributes and qualifications dynamically High-confidence attributes Access-ability use cases AAMC step-up authentication possibilities Public input processes – anonymous but qualified respondents Grid relying parties aggregating VO and campus The “IEEE” problem The “over legal age” and the difference in legal ages use cases Self-asserted attributes – friend, interests, preferences, etc

  14. Key Issues Aggregation Metadata of attributes, LOA, etc Sources of authority and delegation Schema management, mapping, etc User interface Privacy and legal issues

  15. Attribute aggregation Gathering attributes from multiple sources • From IdP or several IdP • From other sources of authority • From intermediaries such as portals Static and dynamic acquisition • Some attributes are volatile (group memberships); others are static (Date of Birth) • Some should be acquired per assertion; some once in a boarding process Will require a variety of standardized mechanisms – • Bulk feeds, user activated links, triggers

  16. Sources of authority Who gets to assign semantics (and syntax) to an attribute? How can they delegate assignment of value to the attribute by business agents, etc? What needs to be retained for audit/diagnostic How are attributes transported from sources of authority to the various repositories that will hold them

  17. Schema management, mappings Registries for schema Role of national level schema How to avoid mappings How to handle mappings

  18. Current situation Proliferation of attributes – see http://wiki.idcommons.net/Identity_Schemas Attribute aggregation approaches are beginning No real understanding of sources of authority, delegation, audit, etc Mappings and other evils lurk All of which needs to work with humans as users, authorities, etc.

  19. GSA Workshop: The Tao of Attributes Begin exploring the attribute issues Using US Gov use cases, including citizenship, voting residency, access-abilities, academic researcher support, first responder capabilities, etc. Map the landscape of issues Identify areas for further discussion, low-hanging fruit, etc All-star cast in a fishbowl, use case owners around, webcast Sept 28, 29th at NIH 属性之道

More Related