Upload
hugh-little
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
INTRODUCTION: THE FIRST TRYInCommon eduGAIN Policy and Community Working Group
Trust Basics: The Actors• User: Person accessing the service• Identity Provider: The organization that knows that person
and verifies her identity online.• Service Provider: The organization the offers the service
and grants access to use it. • Federation Operator: The organization that vets the
membership, implements the community “rules” and publishes metadata about these IdPs and SPs in an aggregated file called the metadata aggregate.
Trust Basics: Federation is Distributed
Services
Service Provider Authorization
Certified Federation Metadata “Phone Book”
End User
AuthN
6 - Authorization
1
Fed schema
Enterprise Directory
Fede
ratin
gSo
ftw
are
3
2 - Request Authentication & Access Information (attributes)4
5 – Authentication Verified. Sending Attributes
7
2
Federating Soft
ware
Campus Authentication and
User Information
3 - Authentication
Trust Basics: Federation is Distributed
InCommon Federation (7.8 million users and
663 organizations)
Identity Provider
Services (368)
Service Providers (1,849)
InCommon Operations
(1)
Trust Basics: Federation is Shared
I have to trust what you do with my
• IdP: Data that I send you• SP: Service that you use
Being comfortable with how my partners perform their roles is key.
Trust Basics: Federation is Fractal
Roughly speaking…
Concerns at the org level are the same at the national level:• Privacy• Membership• Risk• Control over who my
partners are• First step to Trust is
Publish what you do
Trust Basics: Publish What you Do
• First Step: Publish• InCommon Participant
Operating Practices• eduGAIN participation
requirements
• Second Step: Decide• IdPs: to release
attributes• SPs: to authorize access
Refeds MAP
eduGAIN Policy FlowGEANT
(governing structure)
US Federation (InCommon run by Internet2)
eduGAIN Service
EU National R&E Federations (Gov sponsored)
Feds inAsia,Middle East,India,Africa,North &South America,….
A Word about Metadata
InCommon Metadata Aggregate (Official “phone” book)
Federation tags and authority
Identity provider
info
Service connection
Info
What’s in the Metadata Aggregate?• Information about:
• Security (signing keys)• Contacts (troubleshooting and support)• Connection (URLs of services)• Verifier of the orgs/metadata (InCommon)• Policy and practice compliance “tags” (R&S, Assurance)
eduGAIN is about Metadata Exchange
International Metadata Aggregate
eduGAIN authority
All Fed A info
Limited Fed B Info
Questions?