1 / 30

The Rise of Federations…Almost Everywhere

The Rise of Federations…Almost Everywhere. Topics. Federation Basics Drivers Components International and pulic sector developments InCommon and its uses Next steps for federations Peering, confederation, and similar issues Support for collaboration and virtual organizations

airell
Download Presentation

The Rise of Federations…Almost Everywhere

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Rise of Federations…Almost Everywhere

  2. Topics • Federation Basics • Drivers • Components • International and pulic sector developments • InCommon and its uses • Next steps for federations • Peering, confederation, and similar issues • Support for collaboration and virtual organizations • Development of other aspects of the attribute ecosystem • Libraries and federations in the US • Issues and opportunities • Next steps

  3. Middleware vision in one slide • Build a campus/enterprise core middleware infrastructure that • Serves the overall enterprise IT environment, providing business drivers and institutional investment for sustainability and scalability • Is designed from the start to support the research and instructional missions • Implies consistent approaches and common practices across campuses and internationally • Build, plumb, and replumb the tools of research on top of that emergent infrastructure • Domain-specific middleware (grids, sensor nets, etc) • Common collaboration tools (video, protected wikis, shared calendaring, audioconferencing, etc.)

  4. Federated identity • Leveraging enterprise identity management beyond the enterprise • Creates general purpose interrealm trust fabrics • Standards (SAML) and open source (Shibboleth) well aligned and gaining broad adoption • Persistent and broad R&E federations in many countries now

  5. Drivers • Campuses want to allow their community to use their local credentials to access external partners in academia, government, businesses, etc. • Relying Parties want to use campus authn • For economies • Not another sso to incorporate into the app • Avoid much of the costs of account management • For scaling in users • Interest is tempered by legal considerations, policy considerations, and unintended disruptive economic consequences

  6. Uses - Content • To protect IPR (the JSTOR incident…) • To open up markets • Popular content – Ruckus, CDigix, etc • MS • Scholarly content – Google, OCLC WorldCat • Scope of IdM may be an issue

  7. Services • Student travel, charitable giving, web learning and testing, plagiarism testing service, etc. • Allure for alumni services and other internal businesses • Student loans, student testing, graduate school admissions, etc. • The Teragrid

  8. Government • NSF Fastlane Grant Submission • Dept of Agriculture Permits • Social Security • NIH • Dept of Ed

  9. Components of Federation • Federating Software • Federation operator and metadata • Participants • Policies on identity management • Policies on privacy • Shared set of attributes, including LOA • Legal agreements among participants • Management and governance • (Peering, economics,…)

  10. International Federations • Widespread in Europe (over 15 countries), emergent in Australia, nascent in Asia. • The UK federation (http://www.ukfederation.org.uk/) already has over five million active users and intends to grow to all of higher ed, K-12 and further education. • Used for academic content access, research support, national level services, etc • Clear needs for peering; some need for confederation or dynamic relationships.

  11. Public sector federations • http://www.public-cio.com/story.php?id=2007.02.02-103751 • State-based among health agencies (NY), presenting a SSO to citizens (Washington), etc. • GSA EAuthentication • NSF, NIH, and the Dept of Ed… • State university federations - Texas, California, Maryland, etc • InCommon

  12. Legal Tracking (OGC) Parking Management (APS) Signature Authority (APS) Bid Specification (OFPC) Project Time Reporting (OFPC) Student Couponing (UT Austin) Online Education via Blackboard (UTHSCH) Board of Regents Agenda (BOR) 12/06 Budget Change Request (BUD) 12/06 UTANOP (BUD) 12/06 UTexas Federation Apps • Project Tracking (CHA) • Monthly Financial Reporting (BUD) • TIXX (GOV) • UT Plane (ADM) • Compliance Training (ADM) • Research Projects Tracking (ACA) • Academic Affairs Jobs (ACA) • Degree Programs (ACA) • Grad Registration (ACA) • System Administration Wireless (OTIS)

  13. InCommon • US R&E Federation • www.incommon.org • Members join a 501(c)3 • Addresses legal, LOA, shared attributes, business proposition, etc issues • Approximately 50 members and growing • A low percentage of national Shib use…

  14. Case Western Reserve University Clemson University Cornell University Dartmouth Duke University Florida State University Georgetown University Miami University New York University Ohio University Penn State Stanford University Stony Brook University SUNY Buffalo The Ohio State University The University of Chicago University of Alabama at Birmingham University of California, Irvine University of California, Los Angeles University of California, Merced University of California, Office of the President University of California, Riverside University of California, San Diego University of Maryland University of Maryland Baltimore County University of Maryland, Baltimore University of Rochester University of Southern California University of Virginia University of Washington University of Wisconsin - Madison Cdigix EBSCO Publishing Elsevier ScienceDirect Houston Academy of Medicine - Texas Medical Center Library Internet2 JSTOR Napster, LLC OCLC OhioLink - The Ohio Library & Information Network ProtectNetwork Symplicity Corporation Thomson Learning, Inc. Turnitin WebAssign InCommon Members 2/27/07

  15. Key aspects of InCommon • Federating software • Shib 1.2+ (other possibilities in the future) • Shared attributes and schema • eduPerson right now • Levels of authentication • POP (participant operational practices) • InCommon Bronze and Silver will map to LOA 1 & 2 • Management • Steering committee of members IT executives • Operations staffed by Internet2

  16. Shibboleth • Shib 1.3 widely deployed; 1.2 still common • Along the way, other capabilities added: • ADFS compatibility for WS-Fed, (MS $) • Eauthentication certification (with waiver form:)) • Shib 2.0 completes the SAML+Shib integration • More compatible with COTS SAML 2.0 products than they are with each other • A Shib/SAML to TCP/IP analogy isn’t bad; Shib adds multi-party federation support through metadata, ARPS, etc. • Also eases support for n-tier, non-web and other capabilities • Alpha in April

  17. The Shibboleth 2.0 Sidebar • Support for the attribute ecosystem • attribute handling, including policy, in both SP and IdP • designed to be reusable for other protocols (eg CardSpace) • sets stage for further work on multiple attribute sources, reputation management, etc. • All Java SP (in addition to current Java/Apache), easing integration for some applications • Trust management • PKI still seems too hard, even at the simpler enterprise level • Supports a broad set of trust choices – CA’s, certs, plain keys, managing site metadata (naming, acquisition, validating) • A product of years of painful experience 

  18. InCommon Management/Governance • Steering Committee of campus/vendor CIO’s and policy people – sets policies for membership, business model, etc. • Technical advisory committee - Sets common member standards for attributes (eduPerson 2.0) , identity management good practices, etc.

  19. InCommon Uses • Access control to content • Popular content – Ruckus, CDigix, etc • Scholarly content – Google, OCLC WorldCat • Downloads – Microsoft • Access to external services • Student travel, charitable giving, web learning and testing, plagiarism testing service, etc. • Allure for alumni services and other internal businesses • Student loans, student testing, graduate school admissions, etc. • Access to national services • The National Science Digital Library • The Teragrid pilot

  20. Inter-federation key issues • Peering, peering, peering • At what size of the globe? • Confederation, overlapping, leveraged • Tightly coupled autonomous federations • How do vertical sectors relate? How to relate to a government federation? • On what policy issues to peer and how? • Legal framework • Treaties? Indemnification? Adjudication • How to technically implement • Wide variety of scale issues • WAYF functionality • Virtual organization support

  21. Virtual Organizations • The big team science efforts, and smaller collaborations across a broad set of disciplines with real resources to be managed seriously • Have their own IdM issues • Collaboration tools • Domain science identity management • Today’s solutions are non-existent, insecure or widely despised… • Could leverage federated identity for both ease of use and better security

  22. Peering • Parameters: • LOA • Attribute mapping • Legal structures • Liability • Adjudication • Metadata • VO Support • Economics • Privacy

  23. VOs plumbed to federations

  24. The Attribute Ecosystem • We now understand, we think, an overall “attribute ecosystem” • Shibboleth is the real-time transport of attributes from an IdP to an SP for an authorization decision • Other, “compile-time” means are used to ship attributes from sources of authority to IdP • Or to the SP, or to the various middlemen (portals, proxies, etc.) • And a user needs to be manage all of this

  25. Libraries and Shib in the US • Not the driver that it is overseas • Content acquisition at local versus national levels • Poor communication between campus IT management and library management • Many universities have Shib in some form of deployment; very few use it for library content access • Preference of patron db for authentication and authorization over central directory services • Failure of Internet2 to publicize the many hybrid models available (eg IP address on campus, Shib for off campus, with or without SSO)

  26. Libraries and Shib in the US • Misunderstandings on Shibboleth and privacy • Shibboleth is privacy preserving • Institutions and users can change that • “Extra step” of authentication • Confusion about the relationship of federations and licenses • Shibboleth is not worth the work since some form of IP address control will always be needed • Too many publishers • Additional features not worth the work

  27. The “Stepping Up” Group • University of Chicago, Penn State University, UCSD, and the University of Maryland System Library Consortium • InCommon-library-services • Identity issues in technology, user experience, policy, and practices for access to external licensed resources • (Identify opportunities for value-added services that leverage infrastructure) • Report back…

  28. First thoughts… • Internal SP’s • Different policies for walk-ins and remote • People not in the institutional db – paid alumni… • PKI management in trust • Students working as RA’s and proxies for faculty • Looking up ARP’s for various SP

  29. Opportunities • Integration with repositories • NITLE and its offerings… • NSDL type collaborations • Collaboration tool platforms • New joint licensing possibilities

More Related