1 / 7

Advancing Digital Identity Exchange: STORK and Beyond

Explore the latest in digital identity exchange systems with STORK pilot success, integration of STORK IdPs, metadata management, credential handling, and proposals for federated management. Learn about JSON-based identity protocols, SCIM for cloud data exchange, and evolving security models.

jabel
Download Presentation

Advancing Digital Identity Exchange: STORK and Beyond

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On the Many Ways to Identity Exchange (Again)Digital identities are more valuable as they are more widely assertable Diego R. Lopez, RedIRIS

  2. STORK • Pilot for academic institutions successfully finished • https://www.eid-stork.eu/pilots/pilot3.htm • STORK IdPs integrated as special SIR IdPs “If you are in SIR, you can deal with STORK identities” • Looking forward to strengthening integration • Sub-task in the current eduGAIN workplan • Module for simpleSAMLPHP • Metadata management • Policy issues • Additional use cases proposed for STORK extension • Credential management • LoA handling

  3. Proxying • Two proposals submitted for REFEDS funding • Federated management of central proxy instances • Central proxy configuration services • Do we need and open-source proxy? • EZProxy is well-known, widely deployed, provided in reasonably fair terms • Would it scale up to • National proxy services • More specific usages (Web Services, AJAX…) • Other access control mechanisms (OAuth, WS-Trust…) • Transformations from identity data to proxy mechanisms

  4. OAuth (2, of course…) • ID in its draft 16 • Rather stable: Both kernel and side standards • Including SAML and JWT • OpenID integrated flow: OpenIDConnect • UMA considering the user and consent sides • Use cases on their way • The RedIRIS service panel • GN3 VOOT (three-legged OAuth1 for the moment) • And Clouds • A few references if your are (still) curious http://www.independentid.com/2011/02/does-oauth-have-legs.html http://www.rediris.es/oauth2/ https://spaces.internet2.edu/display/socialid/

  5. JSON Space • Proposals are blooming on RESTful services using JSON as coding mechanism • Out of the common standard processes • Though many proposals are IDs • Supported by many of the big dogs • Google, Microsoft, Yahoo, Facebook • The good news • Essentially compatible with our current federation stuff • The not-so-good news • Too many fronts to be influential enough? http://self-issued.info/papers/The_Emerging_JSON-Based_Identity_Protocols.pdf

  6. The Omnipresent Cloud • SCIM, previously known as Cloud Directory • Intended for identity data exchange among actors in the cloud • Cloud Service Provider • Enterprise Cloud Subscriber • Cloud Service User • General “neutral” schema • Bindings to JSON, SAML and “bare” XML • RESTful API • Security and trust models still in their initial stages • Experiments on access control • OpenNebula usage of Grid certificates • Others initiatives not very active • OASIS IDCloud

  7. GEMBus STS • Demonstrator available http://gembus.rediris.es:8181/STSDemonstrator • Adaptors for Apache ServiceMix • Spring coming soon • Current token format based on GN2 relayed-trust SAML • Plans for a more neutral JWT-based token • Coordination with EUGridPMA policies

More Related