1 / 15

BoF : Federated Identity Management for Researchers

BoF : Federated Identity Management for Researchers. David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014. Background. There has been growing collaboration between Research Communities and Federations Good progress being made Requirements documented by FIM4R

bryony
Download Presentation

BoF : Federated Identity Management for Researchers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20May 2014

  2. Background • There has been growing collaboration between Research Communities and Federations • Good progress being made • Requirements documented by FIM4R • Joint pilot projects underway • work being done in REFEDS/GEANT/eduGAIN • A response to the Horizon 2020 AAI call is being worked on FIM for Researchers, Kelsey

  3. Aims of BoF • Share information on recent work/future plans • Where are we with planning a submission to the H2020 AAI call? • Encourage ongoing discussions between Research Communities and Federations • No full presentations - this has been done before at TNC & REFEDS & FIM4R FIM for Researchers, Kelsey

  4. Speakers User Communities • FIM4R pilot projects • Ann Harding/SWITCH • AAI in Dariah • Peter Gietz/DAASI International GmbH Federations and Providers • REFEDS/Geant/eduGAIN • Licia Florio/TERENA • EUDAT (remote) • Jens Jensen/STFC • IGTF evolution • David Groep/Nikhef Other input • FIM and Security/Trust • RomainWartel/CERN • Evolution of IdMarchitecture • Bob Cowles/BrightLite Information Security • FIM4R news • David Kelsey/STFC • AAI H2020 plans • Licia Florio/TERENA FIM for Researchers, Kelsey

  5. FIM4R Update FIM for Researchers, Kelsey

  6. Federated IdMfor Research (FIM4R) • Includes photon & neutron facilities, social science & humanities, high energy physics, climate science, life sciences and ESA • Aim: define common vision, requirements and best practices • Vision and requirements paper published • https://cdsweb.cern.ch/record/1442597 FIM for Researchers, Kelsey

  7. FIM4R Update • Workshops started in June 2011 (CERN) • Most recent (7th) was hosted by ESRIN in Frascati • 23-24 April 2014 • http://indico.cern.ch/event/301888/ FIM for Researchers, Kelsey

  8. 7thFIM4R meeting summary(slides of Bob Jones/CERN) 23-24 April 2014 ESRIN Frascati

  9. Meeting agenda Agenda page online with material: https://indico.cern.ch/event/301888/ A written summary of this event will be produced FIM for Researchers, Kelsey

  10. The FIM4R Vision A common policy and trust framework for Identity Management based on existing structures and federations either presently in use by or available to the communities. This framework must provide researchers with unique electronic identities authenticated in multiple administrative domains and across national boundaries that can be used together with community defined attributes to authorize access to digital resources. • Still valid though we may think to extend: • lifetime of unique electronic identities to cover whole career of a researcher • Common policy and trust framework also includes operations • authorize access to digital resources may imply legal constraints • Being able to estimate the cost of transition to FIM may be an indication of maturity FIM for Researchers, Kelsey

  11. Prioritisation of FIM4R requirements • User friendliness (high) • Support for citizen scientists and researchers without formal association to research labs or univ Homeless-IdP tested in pilots • Browser & non-browser federated access (high) Testing in Pilots • Bridging communities (medium) • Bridging is a central issue with an efficient mapping of the respective attributes Not tested in Pilots • Multiple technologies with translators including dynamic issue of credentials (medium) Testing in Pilots • Implementations based on open stds and sustainable with compatible licenses (high) OpenID & SAML can interop. • Different Levels of Assurance with provenance (high) • Credentials need to include the provenance of the level under which it was issued Testing in Pilots • Authorisation under community and/or facility control (high) Testing in Pilots FIM for Researchers, Kelsey

  12. Prioritisation of FIM4R requirements • Well defined semantically harmonised attributes (medium) Limited success with subset of eduPerson but believe it is better to aim for consistency within a community • Flexible and scalable IdP attribute release policy (medium) • Bi-lateral negotiations between all SPs and all IdPs is not a scalable solution Not Yet  • Attributes must be able to cross national borders (high) • Data protection considerations must allow this to happen. Not Yet  • Attribute aggregation for authorisation (medium) • Attributes need to be aggregated from different sources of authority including federated IdPs and community-based attribute authorities. Works for Active Directory Federation Services • Privacy and data protection addressed with community-wide individual ids (medium) Testing in Pilots FIM for Researchers, Kelsey

  13. Actions from this meeting • As input for Terena H2020 AAI & GN4 proposals: • Each research community to provide by email a short list of key commercial Service Providers (including cloud services) they would like to see integrated with eduGAIN [Deadline: end May] FIM for Researchers, Kelsey

  14. Actions from this meeting (II) Consensus among FIM4R communities that: - Sufficient level of operation security is essential for inter-fed production services - Lack of minimal requirements for eduGAINIdPs/SPs poses unacceptable risks - FIM4R should leverage the current practices based on existing efforts & expertise - The SCI work is relevant and could perhaps be extended to incorporate FIM Proposal: - FIM4R to jointly propose common operational security requirements for IdPs/SPs Action: - Romain/Dave to circulate the latest version of the SCI paper [mid May] - Romain/Dave to compose + propose a draft document: [end June] - Based on the SCI paper - In collaboration with Geant/eduGAIN (Leif Nixon/Leif Johansson) - FIM4R communities to give feedback and eventually endorse document Following the approach of the original FIM4R paper [feedback end August] FIM for Researchers, Kelsey

  15. Actions from this meeting (III) • Formulate RDA Working Group focused on extension of FIM4R pilots to USA partners and adoption of minimal set of security operations requirements for IdPs • Schedule next FIM4R meeting in Amsterdam to coincide with RDA 4th plenary (22-24 Sept 2014) [discuss common operational security requirements for IdPs/SPs] FIM for Researchers, Kelsey

More Related