Identity Federations: Here and Now - PowerPoint PPT Presentation

andrew
identity federations here and now n.
Skip this Video
Loading SlideShow in 5 Seconds..
Identity Federations: Here and Now PowerPoint Presentation
Download Presentation
Identity Federations: Here and Now

play fullscreen
1 / 13
Download Presentation
Identity Federations: Here and Now
253 Views
Download Presentation

Identity Federations: Here and Now

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Identity Federations:Here and Now David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke

  2. Agenda • Brief Federation overview • Higher Ed & Research federations in Europe • US Federal eAuthentication federation • InCommon: the US Higher Ed federation • Inter-federation • Q&A

  3. Federations • Otherwise independent entities that give up a certain degree of autonomy in order to achieve a common set of goals. • Working together requires • Common way to express meaning • Agreed upon ways to convey information • Acceptable governance and trust models

  4. Identity Federations • Authenticate locally • Campus or other Identity Service Provider • IdP provides trustworthy needed identity information to Resource Providers • Part of access management decision • Trust established through Federation Operator by means of standards, rules, and participation agreements

  5. Federations and Trust • Requires common IdP and RP practices • Federation governance roles include • Establishing the rules • Overseeing adherence • Degrees of trust may be inherent/useful • Allows flexibility in IdP and RP services • What happens when trust is violated? • Liability and indemnification

  6. Not all Federations are the same ... • Identity federations may have different rules or constraints on identity release • For example in Europe ... • Some may choose to offer on-line services as well, or hold contracts for resources on behalf of members • Some are for specific business purposes or industries, etc.

  7. And now for some examples ...

  8. Linking Federations • How can federations interoperate? • Information models must be compatible • Conversion may be difficult • Communication protocols • Gateways are hard • and may break trust models • Governance and trust models • Must be equivalent at some level

  9. Governance & Linking Federations • Governance sets community standards • May need to enhance or redefine somewhat • Must uphold inter-federation agreement • Responsible for trust between federations • May require stronger role within federation • May affect existing participation agreements • May incur new liabilities, etc. • Federation services might not interoperate

  10. Linking InCommon and eAuthentication • Higher Ed is an important community for Federal many agency applications • Both have federations in place • Have been working together for ~ a year • Compatible technology • Similar identity attributes • InCommon has richer set • InCommon includes privacy protections

  11. Linking InCommon and eAuthentication ... • Trust issues • eAuth defines 4 levels of identity assurance • InCommon allows ‘best effort’ • will need to define at least one compatible LOA • Privacy . . . • Operational issues • Will need to include LOA in identity assertions • Will need to tag metadata, etc...

  12. Linking InCommon and eAuthentication ... • Where we are now • Draft Memorandum of Agreement • Draft “InCommon Bronze” requirements • Based on eAuth Level 1 • Three campuses already known to qualify • Working on inter-federation assessment • Goal • Interoperability by Fall of this year

  13. Q & A ?