identity federations here and now n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Identity Federations: Here and Now PowerPoint Presentation
Download Presentation
Identity Federations: Here and Now

Loading in 2 Seconds...

play fullscreen
1 / 13

Identity Federations: Here and Now - PowerPoint PPT Presentation


  • 249 Views
  • Uploaded on

Identity Federations: Here and Now. David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke. Agenda. Brief Federation overview Higher Ed & Research federations in Europe US Federal eAuthentication federation InCommon: the US Higher Ed federation Inter-federation Q&A .

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Identity Federations: Here and Now' - andrew


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
identity federations here and now

Identity Federations:Here and Now

David L. Wasley

Thomas Lenggenhager

Peter Alterman

John Krienke

agenda
Agenda
  • Brief Federation overview
  • Higher Ed & Research federations in Europe
  • US Federal eAuthentication federation
  • InCommon: the US Higher Ed federation
  • Inter-federation
  • Q&A
federations
Federations
  • Otherwise independent entities that give up a certain degree of autonomy in order to achieve a common set of goals.
  • Working together requires
    • Common way to express meaning
    • Agreed upon ways to convey information
    • Acceptable governance and trust models
identity federations
Identity Federations
  • Authenticate locally
    • Campus or other Identity Service Provider
  • IdP provides trustworthy needed identity information to Resource Providers
    • Part of access management decision
  • Trust established through Federation Operator by means of standards, rules, and participation agreements
federations and trust
Federations and Trust
  • Requires common IdP and RP practices
  • Federation governance roles include
    • Establishing the rules
    • Overseeing adherence
  • Degrees of trust may be inherent/useful
    • Allows flexibility in IdP and RP services
  • What happens when trust is violated?
    • Liability and indemnification
not all federations are the same
Not all Federations are the same ...
  • Identity federations may have different rules or constraints on identity release
    • For example in Europe ...
  • Some may choose to offer on-line services as well, or hold contracts for resources on behalf of members
  • Some are for specific business purposes or industries, etc.
linking federations
Linking Federations
  • How can federations interoperate?
  • Information models must be compatible
    • Conversion may be difficult
  • Communication protocols
    • Gateways are hard
    • and may break trust models
  • Governance and trust models
    • Must be equivalent at some level
governance linking federations
Governance & Linking Federations
  • Governance sets community standards
    • May need to enhance or redefine somewhat
  • Must uphold inter-federation agreement
    • Responsible for trust between federations
    • May require stronger role within federation
    • May affect existing participation agreements
    • May incur new liabilities, etc.
  • Federation services might not interoperate
linking incommon and eauthentication
Linking InCommon and eAuthentication
  • Higher Ed is an important community for Federal many agency applications
    • Both have federations in place
    • Have been working together for ~ a year
  • Compatible technology
  • Similar identity attributes
    • InCommon has richer set
    • InCommon includes privacy protections
linking incommon and eauthentication1
Linking InCommon and eAuthentication ...
  • Trust issues
    • eAuth defines 4 levels of identity assurance
    • InCommon allows ‘best effort’
      • will need to define at least one compatible LOA
    • Privacy . . .
  • Operational issues
    • Will need to include LOA in identity assertions
    • Will need to tag metadata, etc...
linking incommon and eauthentication2
Linking InCommon and eAuthentication ...
  • Where we are now
    • Draft Memorandum of Agreement
    • Draft “InCommon Bronze” requirements
      • Based on eAuth Level 1
      • Three campuses already known to qualify
    • Working on inter-federation assessment
  • Goal
    • Interoperability by Fall of this year