1 / 59

EUROPEAN IDENTITY STRATEGY

EUROPEAN IDENTITY STRATEGY. NICOLE HARRIS. e-Infrastructure Summer Workshops, Federated Identity Technology. EU DIRECTIVES / REGULATIONS. HELPFUL DISTINCTION: A Directive

Download Presentation

EUROPEAN IDENTITY STRATEGY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. EUROPEAN IDENTITY STRATEGY NICOLE HARRIS e-Infrastructure Summer Workshops, Federated Identity Technology

  2. EU DIRECTIVES / REGULATIONS HELPFUL DISTINCTION: A Directive shall be binding, as to the result to be achieved, upon each Member State to which it is addressed, but shall leave to the national authorities the choice of form and methods. A Regulation shall have general application. It shall be binding in its entirety and directly applicable in all Member States.

  3. DATA PROTECTION Currently: DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Moving to: REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

  4. “People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people….That social norm is just something that has evolved over time.” Mark Zuckerberg, January 2011 http://www.guardian.co.uk/technology/2010/jan/11/facebook-privacy

  5. http://www.oxfordmartin.ox.ac.uk/downloads/A%20New%20Privacy%20Paradox%20April%202014.pdfhttp://www.oxfordmartin.ox.ac.uk/downloads/A%20New%20Privacy%20Paradox%20April%202014.pdf

  6. “It is clear that the cord connecting technology and democracy has been severed. This is bad for democracy and bad for technology and it will not be easy to stitch the two back together,” NeelieKroes, European Commission, March 2014. http://thenextweb.com/eu/2014/03/10/need-stronger-data-safeguards-snowdens-wake-call-says-european-commissioner/

  7. WHAT IS NEW IN DP REGULATION? • A single set of rules on data protection, valid across the EU. • Increased responsibility and accountability for those processing personal data. • Consent has to be given explicitly, rather than assumed. • Easier access to their own data and be able to transfer personal data from one service provider to another more easily (right to data portability). • A ‘right to be forgotten’ will help people better manage data protection risks online: people will be able to delete their data if there are no legitimate grounds for retaining it. • EU rules must apply if personal data is handled abroad by companies that are active in the EU market and offer their services to EU citizens.

  8. IDENTITY Currently: DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 December 1999 on a Community framework for electronic signatures. Moving to: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on electronic identification and trust services for electronic transactions in the internal Market.

  9. WHAT’S NEW?

  10. REFEDS Goals Forum for R&E Federations Operators and other parties: • To develop best practise to facilitate inter-federations; • Following the model: do it once, use it multiple times. Hopefully to offer a place for user-communities to put forward their requirements/complaints. 11

  11. 31 Production Federations 17 Pilot Federations Last update May 2014

  12. REFEDS RESOURCES • DISCOVERY GUIDE (SEE NEXT SLIDE) • FEDERATION POLICY GUIDELINES WITH GEANT • FEDERATION OPERATIONAL BEST PRACTICE • ENTITY CATEGORIES TO SUPPORT DATA RELEASE • STANDARDS AND SPECIFICATIONS: • METADATA QUERY PROTOCOL • SAML ENTITY CATEGORIES • SERVICES

  13. DISCOVERY.REFEDS.ORG

  14. HOW?? http://www.terena.org/publications/files/2012-AAA-Study-report-final.pdf

  15. AARC CALL • GÉANT preparation is on-going: • Led heavily by NRENs • Open Calls and Enabling users help support community use-cases • Horizon 2020 call on AAI: • Consortium with both NRENs and e-Researchers • Good opportunity to work together as a team • Some of the work will take place in REFEDS but funded • Horizon 2020 call on AAI: • Consortium with both NRENs and e-Researchers • Good opportunity to work together as a team • Some of the work will take place in REFEDS but funded • Main topics: • LoA, Incident response, training and outreach, attribute authorities

  16. REFEDS EINFRA Call GÉANT Policy Best Practises Identity Harmonisation Operational Practises Federation Harmonisation LoA Services Training on policies eduGAIN Proof of Concepts Moonshot Pilot Services eduroam Outreach Support for R&E communities Supporting Tools Research Work Guest IdPs Enabling Users

  17. Research use-cases, tools and services NICOLE HARRIS e-Infrastructure Summer Workshops, Federated Identity Technology

  18. FIM4R: Federated Identity Management for Researchers • Includes photon & neutron facilities, social science & humanities, high energy physics, climate science, life sciences and ESA • Aim: define common vision, requirements and best practices • Vision and requirements paper published:https://cdsweb.cern.ch/record/1442597 “A common policy and trust framework for Identity Management based on existing structures and federations either presently in use by or available to the communities. This framework must provide researchers with unique electronic identities authenticated in multiple administrative domains and across national boundaries that can be used together with community defined attributes to authorize access to digital resources.”

  19. What do Researchers Want? • A log-in! • Everyone of their researcher partners to have a log-in. • Personally Identifiable Information (PII) to be released – where they need it. • Attributes from multiple sources. • To be able to have a higher level of trust (assurance). • Non-web login. • Great user interface. • Unicorns.

  20. User friendliness Attribute aggregation Credential translation Attribute release Levels of Assurance Homeless users Non-web-browser Bridging Communities 30+ Research Infrastructures in Europe Countless more “long tail” users

  21. Three Collaborative Pilots – User communities and GÉANT • “A connected network of people, information, tools, and methodologies for investigating, exploring and supporting work across the broad spectrum of the digital humanities.” • “Basic life science information constitutes a testament of human and natural evolution and advancement. As such, this wealth of knowledge should be freely available for all to access, study and process” “Umbrella is the Federated Identity Solution of the Photon and Neutron Community, enabling user initiated trans-facility access.” 22

  22. DARIAH EXPERIENCE eduGAIN is the best approach to pan European AAI for DARIAH but some time is needed to fulfil all needs DARIAH would like to see more entities available in eduGAIN and reasonable attributes available DARIAH has been able to meet many requirements • Distributed user and privilege administration • Policies that allow for integration into DFN-AAI and eduGAIN Combination of eduGAIN and community specific • DARIAH homeless-IdP and attribute authority 23

  23. ELIXIR EXPERIENCE • Nextphase of AAI in ELIXIR – blueprint for discussion • ExternalIdPs via eduGAIN • ELIXIR specificservices for authorisation (REMS), nonweb, homelessusers and communitymanagement A pan-Europeanapproach to LoA wouldbeappreciated/necessary in the future • MinimiseELIXIR-specificcustomisation Federated identity cross sector collaboration: REMS to beusedby FI-CLARIN & FI-CESSDA 24

  24. UMBRELLA Experience More opportunities for NREN/Research Infrastructure Collaboration • Security analysis discussion at FIM4R Piloting with a wider community has benefits • JANET/Diamond Light in UK Moonshot Pilot Confidentiality aspects critical for Umbrella - high competition, especially structural biology • Authorisation is delegated to the systems participating in Umbrella 25

  25. WORK TO DO Attributes - Release, consistency, community specific and harmonisation Understanding security and incident response Levels of Assurance A long term issue to be broken down Progress can be slow initially More experience, work faster Non web – Early pilot not novice user but evolving more Many other research communities developing AAI requirements and work 26

  26. Opportunities FIM4R /RDA T&I Committee Increased EC/public awareness of security Federations looking to do more • Support of GÉANT Code of Conduct • Emerging ‘opt-out’ pilots for eduGAIN • REFEDs Federation Operator Best Practice Research communities services appearing in national federations and eduGAIN • Knowledge gained with these pilots helps support other communities & plan service 27

  27. FIM: THE BUSINESS CASE NICOLE HARRIS e-Infrastructure Summer Workshops, Federated Identity Technology

  28. WHY? Developing a business case forces a well-considered decision that assesses a range of options. Managing a business case throughout an undertaking supports successful implementation by keeping activities "on course" for the desired outcome.

  29. EXAMPLES – UK FEDERATION • PILOT FEDERATION: 2003 – 2006. • Development programmes with institutions including “early adopter” funding. • FULL FEDERATION from 2006. • 1997 Entites with the federation. • 953 Identity Providers. • 1047 Service Providers.

  30. SECTIONS OF A BUSINESS CASE STRATEGIC FIT OPTIONS APRAISAL AFFORDABILITY ACHIEVABILITY

  31. STRATEGIC FIT

  32. STRATEGIC FIT – THE QUESTIONS • Are access management requirements currently being met? • Why do we have to change and does it have to be done now? • What internal and external strategic drivers are there for change? • Does the change fit with institutional strategy? • What is our approach to open-source and community-supported technology? • To what extent should identity information be controlled within the institution? • How many services should be brought together under a single access management infrastructure?

  33. (NOT) THE KILLER APP

  34. STRATEGIC DRIVERS - EXAMPLES

  35. STRATEGIC DRIVERS – INFLUENCES (1) EXTERNAL DRIVERS INTERNAL DRIVERS

  36. STRATEGIC DRIVERS – INFLUENCES (2) EXTERNAL DRIVERS INTERNAL DRIVERS

  37. STRATEGIC DRIVERS – INFLUENCES (3) EXTERNAL DRIVERS INTERNAL DRIVERS

  38. OPTIONS APPRAISAL

  39. OPTIONS APPRAISAL – THE QUESTIONS • What options are there? • Is the range of options under consideration sufficiently broad? • Have innovative options and/or collaboration with others been considered? • What are the option criteria? • Are all benefits, costs, risks and timescales covered? • Are all business needs, requirements and characteristics covered? • Would other stakeholders agree with the option criteria? • Are criteria weightings necessary? • What benefits, costs, risks and timescales are associated with each option? • What option has the optimum balance of cost, benefit and risk? • What trade-offs need to be made? (egforegoing some of the benefits to keep costs within budget)

  40. STRATEGIC CHOICES DO NOTHING DEPLOY A LIMITED SOLUTION DEPLOY A SINGLE SSO SOLUTION

  41. DEPLOYMENT CHOICES OPEN SOURCE SOFTWARE IN-HOUSE COMMUNITY SUPPORT OPEN SOURCE SOFTWARE IN-HOUSE PAID-FOR SUPPORT COMMERCIAL SOFTWARE / MANAGED SERVICE COMMERICAL / MANAGED SERVICE SUPPORT DO IT YOURSELF NOT RECOMMENDED!

  42. Hub and Spoke? Mesh Federation? Edugate JAGGER

  43. COST / BENEFITS ANALYSIS: BENEFITS

  44. COST / BENEFITS ANALYSIS: COST • UPFRONT PROJECT COSTS: pre-requisites, development effort, direct costs (hardware etc.), training, legal advice. • ONGOING SERVICE COSTS: membership fees?, support costs, administrative costs, hardware replacement, audit and compliance. • OPPORTUNITY COSTS: what other projects or initiatives could be undertaken if the budget or staff allocated required for the option could be freed up? • WE CANNOT TELL YOU HOW MUCH THIS IS GOING TO COST TO DEPLOY, SORRY

  45. AFFORDABILITY

More Related