1 / 13

Stuff, including interfederation stuff

Stuff, including interfederation stuff. Dr Ken Klingenstein, Director, Middleware and Security, Internet2. Topics. InCommon Growth ISOC and Attributes NSTIC (and FICAM) Interfederation Federation Risk Assessment Gap Analysis. Growth. ISOC and Attribute Infrastructure.

Jimmy
Download Presentation

Stuff, including interfederation stuff

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Stuff,including interfederation stuff Dr Ken Klingenstein, Director, Middleware and Security, Internet2

  2. Topics • InCommon Growth • ISOC and Attributes • NSTIC (and FICAM) • Interfederation • Federation Risk Assessment • Gap Analysis

  3. Growth

  4. ISOC and Attribute Infrastructure • Workshop held March 12, 2012 in DC as follow-up to workshop in Amsterdam in December. • Outcomes include • Planning for attribute registries • Name space registries • Good attribute design principles document • Attributes of attributes • Quality (LOA) of attributes • Managing the marketplace

  5. NSTIC and FICAM • NSTIC is an initiative, intended to foster the Identity Ecosystem and the US Government’s participation in it. • Works with agencies, IdP’s, standards and advocacy groups, etc. • Pilot programs this fall • FICAM is an operational service, setting standards (LOA, privacy, etc) and certifying compliance

  6. Interfederation The use cases The theory and the practice Gap analysis

  7. The use cases Between R&E feds (contacts in Turkey, Middle East and India urgently needed) Between .gov fed and InCommon With K-12 fed With OIX fed

  8. Theory and practice • In theory, there is no difference between practice and theory; in practice there is. • Interfederation has several steps • Ad hoc interfeds today and soon • PEER to exchange metadata • True interfederation

  9. Federation Manager Risk Assessment • Assesses risks in the full metadata process • Internal ops • Vetting of enterprise • Security of metadata supply chain in organization • Authentication • Delegation • https://spaces.internet2.edu/display/InCCollaborate/Federation+Manager+Authentication+Risk+Assessment • Immediate consequences in 2FA metadata submission

  10. Buckets of interfed issues Exchange of metadata Policy alignment Alignment of payloads (attributes) Operational issues

  11. Short-term and long-term A few high-level distinctions between the short-term and long-term approaches to the meeting these needs: Short-term, the flow of metadata for interfederation and the flow of trust in the values being asserted in the metadata are the same – member to federation to another federation to its members. Long-term, the flow of metadata and the flow of trust in the values within the metadata may diverge, allowing an ecosystem of other “vetters” of application or end-entity characteristics. Short-term, a limited set of widely used attributes (eduPerson, Shac) enables almost all essential needs. Long-term, richer attributes will require some mapping approaches, as well as interfederation coordination of names, identifiers, etc. Short-term, almost all operational aspects are handled on a case by case basis. Long-term, operational standards will be needed for effective use and best practices.

  12. Alignment of policies to enable trust in the metadata being exchanged • How the federation manages verification of both the organizations and their (perhaps delegated) authorized submitters (the FOP) • How does the federation manage verification of other richer end-entity attributes it asserts, such as classification of applications (e.g. R&S), recommended attribute release policies, etc. • How the federation operates, in terms of signing metadata approaches, legal status, etc. • Aligning the LOA at basic and higher levels for authentication • Aligning the relationships between IdP and SP when they are not in the same federation • Direct contracts should govern where applicable • If the contractual flow is member to fed, and then across interfed to an SP in another…

  13. Interfed gap analysis • Technical • Interfed discovery • Metadata sharing • Aligned attribute bundles • Policy

More Related