1 / 8

Federations round table Haka federation of Finland

Federations round table Haka federation of Finland. EuroCAMP 17.4.2007 Mikael Linden mikael.linden@csc.fi CSC, the Finnish IT Center for Science. Status of Haka Federation. Operational 8/2005 23 (of 48) Federation Members with 213 000 end users (68% of eduPersons; in universities 90%)

goro
Download Presentation

Federations round table Haka federation of Finland

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Federations round tableHaka federation of Finland EuroCAMP 17.4.2007 Mikael Linden mikael.linden@csc.fi CSC, the Finnish IT Center for Science

  2. Status of Haka Federation • Operational 8/2005 • 23 (of 48) Federation Members • with 213 000 end users (68% of eduPersons; in universities 90%) • 3 Federation partners • Library content providers, ASP service providers • 13 IdPs operational • with 159 000 end users (51% of eduPersons) • 20 SPs • 168 400 logins in March 2007 • federating sw: Shibboleth ver 1.3 • 2 IdPs still running Shibboleth 1.2

  3. Library services Nelli portal (Ex libris Metalib) Library management system (Endeavor Voyager) eLearning Moodle, A&O, Optima learning management systems CSC’s services Funet extranet Scientist’s Interface SPs in the federation Student administration • Application form for becoming a visiting student www.joopas.fi HR administration • Competence management system/ASP (Personec hr) Other administration • Process database for universities WLAN roaming (Jyväskylä polytech)

  4. Campus IdM policies in Haka federation Home organisations must make sure that • only fresh attributes are released to SPs • when an end user departs, the accounts must be closed (or the roles updated) no later than in seven days • initial authentication face-to-face (or similar) • using photo ID issued by the police • on-line authentication at least with passwords • no less than 8 characters + other quality checks

  5. Campus IdM policy enforcement in Haka • Home organisation publishes its IdM practices in the web • using a template provided by federation operator;http://www.csc.fi/english/institutions/haka/registration/idm-description • Self-Audit for joining IdPs • When an IdP is registered to the federation, the federation operator checks the published document to assess if minimum requirements are met • If OK, the IdP is added to the federation metadata • If it turns out that the policy is not followed by a home organisation there is a procedure for dropping a home organisation from the federation

  6. Privacy and the Data Protection Directive (DPD) in Haka • Only SPs related to research and education can be registered to the federation • DPD: dependability on the purpose of processing personal data • Only attributes relevant for the service are released to an SP • when a new SP is registered, the SP admin declares the relevant attributes • based on the declaration, federation operator constructs and distributes Shibboleth Site-ARPs to the IdPs • End user’s informed consent is a requirement for attribute release • to make the consent informed, the end user is provided with a link to the service’s privacy policy document

  7. Schemas, roles and groups in Haka • funetEduPerson 2.0 schema • incorporates schac 1.2.0 • roles/groups in funetEduPerson • eduPersonAffiliation – a Finnish interpretation of the vocabulary is presented in funetEduPerson • funetEduPersonStudentCategory – 10 categories for students (BSc,MSc,doctor,other,open-university,exchange-student…) • students’ target degree – e.g. MSc in Engineering • students’ educational degree probram – e.g. Political history • students’ specialisation option – e.g. software engineering • student status – present/absent • student union membership • schacHomeOrganizationType – university/polytechnic

  8. Level of assurance for authentication in Haka • currently one LoA: the miminum requirement is a password • stronger methods ”can be used” • University of Helsinki has had a pilot on PKI/Smartcards in Shibboleth 1.x IdP • Waiting for Shibboleth/SAML2.0 • authentication context concept • Services asking for certain level of authentication • candidates for stronger authentication • PKI/smartcards • OTPs provided by the Finnish banks

More Related