130 likes | 141 Views
Bart Kerver Bart.kerver@surfnet.nl TF-EMC2-meeting, Utrecht, 17 Oktober 2006. Update SURFnet. SURFnet Federation project. Main components: describe use-cases for Federated IdM; what services; policies; technology;. SURFnet’s role for IdM. Awareness for Identity Management (IdM)
E N D
Bart Kerver Bart.kerver@surfnet.nl TF-EMC2-meeting, Utrecht, 17 Oktober 2006 Update SURFnet
SURFnet Federation project Main components: • describe use-cases for Federated IdM; • what services; • policies; • technology;
SURFnet’s role for IdM • Awareness for Identity Management (IdM) • Reports on IdM • studies on current state of IdM in HE in .NL; • Scenarios to realize (upgrade) IdM; • Federated IdM (business drivers, solutions…). • Workshops on IdM • Workgroup for Library Access Management (‘BAM’) • Development and support of open source product A-Select (development, organize OS, pilots, architecture, deployments) • Stimulate deployment of A-Select (200k+ users high-ed)
Federation initiatives - .NL Identity provider service provider central components for federation
SURFnet Federation (2006) Build a service “SURFnet Federatie” (SNF) • technical implementation (based on A-Select); • define(d): policies, contracts, legal organization?…; • organize service providers (SP); • support identity providers (IdP); • Manuals and website (end-user, IdP,SP, helpdesk etc.)
SURFnet Federation (2007) • stimulate deployment and join-in • workshops; • install fests for both IdP and SP. • con-federate (‘confederate’: both NL and EU) • support standards (SAML, WS*,eduGAIN) • translate assertions enabling federared SSO (SAML <> A-Select <> WSF <> eduGAIN) • pilots/work on federated (de-)provisioning • monitoring/tracking/tracing within federation • home organization for SURFnet specific services? • Technology scouting on MW for SOA/grid-services
SURFnet Federation Policies Start simple: low level entry • Contract for IdP part of SURFnet contract? • Contract for all SP’s standardized; • If an IdP is also SP, just one contract. • IdPs make best efforts: • to issue credentials to members only • to ensure accuracy of assertions • SPs agree to respect the privacy of users • don't aggregate attributes or disclose to others • report on use of federation
SAML (SAML) users identities central federation components resources
Pilots with SURFnet Federation • Pilots with 3 publishers and Elsevier SD • Booking system for VC-equipment (appl. by Switch) • Ellips project (language studies) • SURFgroepen (www.surfgroepen.nl) – MS Sharepoint On the horizon (short term) • SURFnetdiensten (webshop); • 3TU – 3 technical universities collaborating; • VideoPortal; • Institution specific usage stats (on services); • SURFstat (network stats);
A-Select developments • Support for SAML1.1 (OpenSAML based) used for WAYF and IdP • IdP: • Browser/Post WebSSO profile • Browser/Artifact WebSSO profile (type 0001 & 0002) • SAML Subject Queries (Attribute, Authentication, Authorization) • Enhanced WAYF • IdP discovery for SP • Anonymity of users based on WS* • Soon start with: • WS* (ADFS) implementation • pilot with MS CardSpace • interoperability with Oracle and Novell (IdP, SP) • Looking into Liberty support http://www.aselect.org/version/1.5/aselectchangelog.txt
SURFnet Statistics on SCS 2006 Jan Feb Mar Apr May Jun Jul Aug Sep Total Certs accepted 0 0 4 43 75 76 67 91 68 424 Certs refused 0 0 3 7 20 10 15 11 23 SCS institutes 0 0 5 22 39 45 52 58 64 64 (unique)
SURFnet Detective Meanwhile… SURFnet Detective has reached status/level of production-service as of May ‘06. http://detective.surfnet.nl/