1 / 13

Identity Federations: Here and Now

Identity Federations: Here and Now. David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke. Agenda. Brief Federation overview Higher Ed & Research federations in Europe US Federal eAuthentication federation InCommon: the US Higher Ed federation Inter-federation Q&A .

andrew
Download Presentation

Identity Federations: Here and Now

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity Federations:Here and Now David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke

  2. Agenda • Brief Federation overview • Higher Ed & Research federations in Europe • US Federal eAuthentication federation • InCommon: the US Higher Ed federation • Inter-federation • Q&A

  3. Federations • Otherwise independent entities that give up a certain degree of autonomy in order to achieve a common set of goals. • Working together requires • Common way to express meaning • Agreed upon ways to convey information • Acceptable governance and trust models

  4. Identity Federations • Authenticate locally • Campus or other Identity Service Provider • IdP provides trustworthy needed identity information to Resource Providers • Part of access management decision • Trust established through Federation Operator by means of standards, rules, and participation agreements

  5. Federations and Trust • Requires common IdP and RP practices • Federation governance roles include • Establishing the rules • Overseeing adherence • Degrees of trust may be inherent/useful • Allows flexibility in IdP and RP services • What happens when trust is violated? • Liability and indemnification

  6. Not all Federations are the same ... • Identity federations may have different rules or constraints on identity release • For example in Europe ... • Some may choose to offer on-line services as well, or hold contracts for resources on behalf of members • Some are for specific business purposes or industries, etc.

  7. And now for some examples ...

  8. Linking Federations • How can federations interoperate? • Information models must be compatible • Conversion may be difficult • Communication protocols • Gateways are hard • and may break trust models • Governance and trust models • Must be equivalent at some level

  9. Governance & Linking Federations • Governance sets community standards • May need to enhance or redefine somewhat • Must uphold inter-federation agreement • Responsible for trust between federations • May require stronger role within federation • May affect existing participation agreements • May incur new liabilities, etc. • Federation services might not interoperate

  10. Linking InCommon and eAuthentication • Higher Ed is an important community for Federal many agency applications • Both have federations in place • Have been working together for ~ a year • Compatible technology • Similar identity attributes • InCommon has richer set • InCommon includes privacy protections

  11. Linking InCommon and eAuthentication ... • Trust issues • eAuth defines 4 levels of identity assurance • InCommon allows ‘best effort’ • will need to define at least one compatible LOA • Privacy . . . • Operational issues • Will need to include LOA in identity assertions • Will need to tag metadata, etc...

  12. Linking InCommon and eAuthentication ... • Where we are now • Draft Memorandum of Agreement • Draft “InCommon Bronze” requirements • Based on eAuth Level 1 • Three campuses already known to qualify • Working on inter-federation assessment • Goal • Interoperability by Fall of this year

  13. Q & A ?

More Related