1 / 30

What is REFEDS Interested In?

What is REFEDS Interested In? . Nicole Harris UK Access Management Focus, JISC Advance @ nicoleharris Slides: http://www.slideshare.net/nicolevharris. Me . UK Access Management Focus; Advisor to UK federation; REFEDS Coordinator; PEER P roject Manager; Shibboleth Consortium Manager;

agatha
Download Presentation

What is REFEDS Interested In?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What is REFEDS Interested In? Nicole Harris UK Access Management Focus, JISC Advance @nicoleharris Slides: http://www.slideshare.net/nicolevharris

  2. Me • UK Access Management Focus; • Advisor to UK federation; • REFEDS Coordinator; • PEER Project Manager; • Shibboleth Consortium Manager; • Generally opinionated about access and identity.

  3. What does the R&E Federation space look like?

  4. R&E Federations Status (1)

  5. R&E Federations Status (2) • 27 Federations plus 2 confederations. • 4753 entities within those federations. • 1815 Identity Providers. • 2755 Service Providers. • Plus several ‘others’ (don’t worry about it). (November 2011)

  6. Top resources? • In 14 federations: • Czech Medical Atlas and Microsoft Dreamspark. • In 12: • Web of Knowledge, Scopus, ScienceDirect. • In 11: • IEEE, EBSCO. • In 10: • Springer, OVID.

  7. So it’s all working, right?

  8. For SPs, Federation Sucks I know because I wrote a paper on it!

  9. Barriers • Multiple registry of entity data. • Multiple legal documents. • One-off clauses. • Interpretation of data protection. • Sponsorship letters. • Fees. • Technical Barriers. https://refeds.terena.org/index.php/Barriers_for_Service_Providers

  10. Registering Entity Data • Federations are just big metadata (xml) files. • Entity = your chunk of that data. • It goes a bit like this:

  11. How does it work? Federation A Federation B Federation C You

  12. What we need is a place where this can be centrally registered and then called on by federations…

  13. PEER http://beta.terena-peer.yaco.es/

  14. Legal Contracts

  15. Wouldn’t it be great if these were standardised and simplified?

  16. REFEDs Policy Review • Painstakingly taking apart every clause in every federation policy. • Mapping these to generic content ‘blocks’ and ‘elements’ within each block. • Making recommendations about structure and unnecessary language. • NOT a legal review.

  17. Isn’t there an easier way?

  18. Full Interfederation • The ability of federations to exchange metadata about their entities. • Normally an additional legal agreement between the 2 federations. • Full technical and policy integration. • Bi-lateral (UK and Edugate) or via groups (eduGain and Kalmar2).

  19. eduGain (1) www.edugain.org

  20. eduGain (2) – Drawbacks • At least one of the federations you are a member of needs to have signed up for eduGain. • Opt-in: you have to ask to be included in an aggregate. • Not always clear which entities are interfederated – are your customers there?

  21. eduGain (3) Benefits • Only have to have a relationship with 1 federation. • Technically, as an SP, you can chose with federation that is.

  22. A quick note on Barriers to Users

  23. Login Interfaces Suck I know this because I’ve tried to use them

  24. How Bad?

  25. New UK federation WAYF

  26. Foodle and DiscoJuice

  27. MDUI • Currently being used by DiscoJuice and Shibboleth Embedded Discovery Service / Central Discovery Service. • OASIS Standard for IdP Discovery: • http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-idp-discovery.pdf.

  28. MDUI for SPs (Shibboleth Recs) Non Logo elements • <mdui:DisplayName>Recommended required <mdui:Description>Recommended 100 chars max • <mdui:Keywords> Not used • <mdui:InformationURL> Available • <mdui:PrivacyStatementURL>Available Logo elements • Shibboleth - must be specified using an HTTPS URL • Shibboleth - logo size should be between 64px by 350px wide and 64px by 146px high • Shibboleth - logos should have transparent backgrounds • Shibboleth - logos look better if they have a landscape rather than a portrait aspect ratio https://refeds.terena.org/index.php/MDUI_-_Software_recommendations

  29. MDUI for IdPs (Shibboleth Recs) Non Logo elements <mdui:DisplayName>Recommended, 33 chars max Strongly recomended<mdui:Description> Supporting the Display Name function with more details <mdui:Keywords> Used Used for incremental search <mdui:InformationURL>Not used at present <mdui:PrivacyStatementURL>Not used at present – see Attribute WG recs <mdui:IPHint>Not used Planned for future release <mdui:DomainHint> Not used Planned for future release <mdui:GeolocationHint> Not used Heavily used. Strongly recomended. Logo elements • Shibboleth - The URL specifying the logo must be https protected. • Shibboleth - One logo should be provided of size approximately 80px(width) by 60px (height). A larger logo may be provided but the aspect ratio should be maintained (logos are selected based on apsect ration). • Shibboleth - One logo should be provided of size 16px by 16px. • Shibboleth - Logo backgrounds should be transparent. https://refeds.terena.org/index.php/MDUI_-_Software_recommendations

  30. Thank you for listening

More Related