1 / 16

OpenID Connect and R&E 2019

Learn about the challenges and benefits of delivering trusted collaboration at scale, bridging the gap between R&E and non-R&E practices. Discover how collaborating with the OpenID Foundation can help achieve multi-lateral trust, interoperability, and secure data exchange. Get involved to shape the future of trusted collaboration.

lkenneth
Download Presentation

OpenID Connect and R&E 2019

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OpenID Connect and R&E 2019 Chris Phillips | Technical Architect, Canadian Access Federation | TNC 2019 | Tallinn

  2. Challenge: Scaling trusted collaboration regardless of technology

  3. Delivering Trusted Collaboration at Scale • R&E • Trust by multi-lateral practices • Rich R&E data dictionary • Built primarily for and by R&E

  4. Understanding the Gap • R&E • Trust by multi-lateral practices • Rich R&E data dictionary • Built primarily for and by R&E • Non R&E • Trust by bi-lateral practices • Minimal data dictionary • Built primarily for and by business

  5. Bridging the Gap • Work ongoing on many fronts • OpenID Foundation(OIDF) are overseers of OpenID Connect (OIDC)

  6. Benefits of Collaborating with OIDF • Governance aligns with R&E • Well documented & similar merit driven processes • Already formally recognized as a working group • Chair: Davide Vaghetti (GARR/GÉANT) • Home: https://openid.net/wg/rande/

  7. OIDC R&E Profile Context Relies on & interops with Implementers Draft: R&E Profile Relies on & interops with More depth on process: https://openid.net/wg/about

  8. Scope of OIDF Working Group • Develop profiles with specific requirements for: • Security • Multi-lateral trust • Interoperability in the R&E sector • Specific set of claims and scopes related to R&E • Extensions to OpenID Connect entity's metadata Charter: https://github.com/daserzw/oidc-edu-wg/blob/master/charter.md

  9. Path to Success • 1st class multi-lateral trust support in OIDC • Ubiquitously supported by platforms • Operational capabilities on premises, by vendors, & fed-ops • Training offerings to ramp community knowledge • Regardless of protocol • Interoperability of multi-lateral inter-federation trusts • Predictable attribute exchange • Parity of trustworthiness of endpoints • R&E profile must work with existing OIDC libraries • Stretch goal: User Experience • Login once, user is able to access SAML or OIDC resources transparently and simultaneously

  10. What is R&E doing right now? • Collecting use cases for the OIDF R&E WG • Implementing OIDC and OAuth2 endpoints in: • Shibboleth OIDC Extension • Central Authentication Service (CAS) • Active Directory Federation Services (AD FS) Server2016 and higher • SATOSA • Working on guidance • Internet2 OIDC-OAuth WG • Implementing proxying now • CILogon • Authentication and Authorisation for Research Collaborations (AARC) Blueprint

  11. Are Proxies enough? • No, they are not. • Proxying is short term gain with long term pain • Offers temporary relief while we do the core work in the spec

  12. Why? • Proxies are not simple nor are they ‘free’ • Cloud will eclipse us: • In person power • In ubiquity of deployment • Ability to tightly integrate to cloud identity stores – a good thing!

  13. Do Nothing? • Only assures that: • Our needs will never be met • We will always have to ‘fix’ things for our world view • Cost and difficulty of delivering on core mission increase • Diminished relevancy and ability to serve the Researcher

  14. Call to Action: Get Involved! • Where? • OIDF WG list is main work area • REFEDS OIDCre WG on ramp/incubation area for R&E items • Passive participation • Join OIDF WG list and OIDCre and observe • Active participation • Join OIDF formally and be a voter (strongly encouraged) • Further steps: • Start learning more about OIDC and OAuth2 • Get involved on activities or projects • Experiment and implement Shib OIDC plugin in your sandbox • Participate in prototyping and pilots

  15. Questions?

More Related