1 / 11

InCommon Federation: Connecting Institutions for Collaborative Identity Management

InCommon is a growing federation with over 80 members, providing access to academic and popular content, services, and resources. It enables real-time delivery of identity and attributes, supports role-based access controls, and integrates with collaboration management platforms.

sdale
Download Presentation

InCommon Federation: Connecting Institutions for Collaborative Identity Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. InCommon • Approximately 80 members and growing steadily • More than two million “users” • Most of the major research institutions (MIT joining soon) • New types of members • Non usual suspects – Lafayette, NITLE, Univ of Mary Washington, etc. • National Institute of Health • Student service providers • Energy Labs • MS, Apple • Steering Committee chaired by Clair Goldsmith of Univ of Texas; Technical Committee chaired by Renee Shuey of Penn State

  2. Uses • Access controlled wikis • Access to academic content, such as Elsevier • Access to popular content, such as Cdigix • Access to Microsoft • Access to services, such as student travel agencies, testing services, • Access to Grid computational resources, portal providers, recruitment services, etc • (Trust base for dynamic circuit authorization/accounting) • (Google Apps for Education)

  3. InCommon • Impacts of federation are real • Dreamspark - Microsoft delivery of developer kits, source code, etc to students https://downloads.channel8.msdn.com/; over 50% of all download traffic from Microsoft was federation-enabled one week after announcement. • {Federation + persistent, opaque identifier + attributes with consent} addresses international privacy requirements. • InCommon Silver, a new profile is now being deployed to serve higher assurance applications • Federated Sharepoint, federated wikis are proving to be killer apps…. • www.incommonfederation.org

  4. Federation Soup • Workshop to held early June • Bringing together all manners of federation to figure out federation relationships • InCommon, JISC, state federations, library federations, university system federations, grid federations, etc. • Topics include alignment of policies, technologies, attributes, metadata, etc. • Approaches include peering, nested, leveraged, and a whole lot of ad hoc • Outputs may include best practices, multi-homing, etc.

  5. Capabilities of federated identity • Real-time delivery of identity and attributes • Supports role-based access controls • Providing privacy and enhanced security • Integrates with collaboration management platforms that are being adopted by virtual organizations

  6. Real time access controls • Delivery of attributes to control points • Initially via web browsers and now via web services and a variety of native api’s • Rich controls at policy control points • ISOC “Identity, Trust and the Internet” will apply identity and trust to a growing suite of Internet RFC’s.

  7. Collaboration and Federated Identity • Two powerful forces being leveraged • the rise of federated identity • the bloom in collaboration tools, most particularly in the Web 2.0 space but including file shares, email list procs, etc • Collaboration management platforms provide identity services to “well-behaved collaboration applications” • Results in user and collaboration centric identity, not tool-based identity

  8. Comanage • A collaboration management platform, supported in part by a NSF OCI grant, being developed by the Internet2 community, with Stanford as a lead institution • Open source, open protocol • Uses Shibboleth, Grouper, and Signet • Parallels activities in the UK and Australia

  9. Comanageable applications • Already done • Sympa, Federated wikis, Asterisk (open-source IP audioconferencing), Dim-Dim (open-source web meeting), Bedeworks (federated open-source calendar) • Immediate targets • Rich access controlled wikis • Web-based file shares, IM, Google Apps for Education • Domain science resources • Instruments • Grids

  10. Domain ScienceInstrument Domain ScienceGrid C o Laboratory X Collaboration Management Platform (CMP)and the Attribute Ecosystem File Sharing Calendar Email List Manager Phone/VideoConference FederatedWiki CollaborationTools/ Resources ApplicationAttributes manage CollaborationManagementPlatform Authorization –Group Info Authorization –Privilege Info Authentication PeoplePicker OtherFunctions Attribute/Resource Info Data Store AttributeEcosystemFlows Home Org & Id Providers/Sources ofAuthority Sources of Authority University A University B

  11. Possibilities and next steps • Virtual organizations adopting federated identity and collaboration management platforms • LIGO – www.ligo.org (and GEO and VIRGO) • Ocean Observing Initiative -(http://www.joiscience.org/ocean_observing) • Providing audit and security in a federated environment • Cutovers are more difficult than new VO • Integrating domain science tools • Cyberinfrastructure, e.g. Teragrid, OSG, integrating, providing collaboration management platform service centers • Integrating research administration into the mix

More Related