1 / 13

IAM Group Meeting Federations

IAM Group Meeting Federations. August 9, 2007. Federations. Otherwise independent entities that give up a certain degree of autonomy in order to achieve a common set of goals. Working together requires Common way to express meaning Agreed upon ways to convey information

razi
Download Presentation

IAM Group Meeting Federations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IAM Group Meeting Federations August 9, 2007

  2. Federations • Otherwise independent entities that give up a certain degree of autonomy in order to achieve a common set of goals. • Working together requires • Common way to express meaning • Agreed upon ways to convey information • Acceptable governance and trust models

  3. Federations and Trust • Requires common Identity Provider (IdP) and Service Provider (SP) practices • Federation governance roles include • Establishing the rules • Overseeing compliance (e.g., audits) • Degrees of trust may be inherent/useful • Allows flexibility in IdP and SP services • When trust is violated • Liability and indemnification

  4. If we do “it” right… • Simplified Usability for all collaborations • Home organizations carefully manage the release of personal information • On-line resource providers focus on the protection and authorization of use of their on-line resources.

  5. Not all Federations are the same • Identity federations may have different rules, constraints, or laws on identity release • For example: FERPA is HE only • Some may choose to offer on-line services as well, or hold contracts for resources on behalf of members • Some are for specific business purposes or industries, etc.

  6. InCommon Federation • Created to support Higher Education and its research and business partners • Federation operator is an LLC operated by Internet2 • Builds on existing campus identity management and single sign-on systems • Makes use of open industry standards (SAML) and open source federating software (Shibboleth)

  7. InCommon Participation Requirements • Common descriptive information • Software Guidelines • http://www.incommonfederation.org/ops/softguide.html • Transparency of Policy and Practices • POP (Participant Operational Practices) • Participation Agreement • Minimal “bar” to enter • Limited Liability; No Indemnification • General Liability Insurance • Modest application and annual fee

  8. Current InCommon Participants: 62

  9. eAuthentication Federation • Intended for all Federal agency outward facing applications • 24 agencies, 17 interface with HE • 600+ applications • Over 100 interface with HE • Created a matrix with all participating agencies, services, customers (who & how many), and LOA’s • Rewrote the business and operating rules

  10. Linking InCommon & eAuthentication • Higher Ed is an important community for many Federal agency applications • Both have federations in place • Have been working together for > year • Compatible technology • Similar attributes • InCommon has richer set • InCommon & EAF include privacy protections

  11. Interoperability - Technical • Information models must be compatible • Conversion may be difficult • Communication protocols • Gateways are hard • and may break trust models

  12. Interoperability - Contractual • Governance sets community standards • May need to enhance or redefine somewhat • Must uphold inter-federation agreement • Responsible for trust between federations • May require stronger role within federation • May affect existing participation agreements • May incur new liabilities, etc. • Federation services might not interoperate

More Related