Open Collaboration Exchange

Alexander Blanc, Niels van Dijk, Jocelyn Manderveld, Remco Poortinga - van Wijnen

VAMP 2013, Espoo

Current situation (good news)

• AAI/FIM well established across Europe and elsewhere• Solid growth (NL) on number of connected IDPs, SPs and usage• eduGAIN bridges HE&R fields

SURFconext statistics

Most used services

• All ‘campus centric’ type of services (not surprisingly)

• Also internal services (portal, timetable, …)

• Institutions somewhat reluctant to move to the cloud (for employees)• Google apps mostly for students only

But…

• eduGAIN only start of a solution (enabling)

• Although eduGAIN connects HE&R, no bridge to other (commercial/research) communities/fields yet (see VCH)

• (HE&R) Federations typically not allowed to connect other IdPs

• Most IdPs focus on ‘campus centric’ services

• Difficult to get IdPs to connect to services for a subset of users• E.g. VO services…• Opt-out vs opt-in?• Try ‘zero attribute’ authentication?

• No simple magic solution

So…

• Can we apply ideas from the network world?

• Especially network exchanges?

• See From Network Exchange to Collaboration Exchange - A guided tour https://tnc2012.terena.org/core/session/10

• Make it easy to connect and let participants decide who they want to work with

O.C.E. why? Transnational

• Several use cases show:• Federated approach needed as ‘enterprise’ IDM trust models are poorly suited for

collaborative cross-sector and transnational activities• Transnational collaboration is hindered by differences in federation readiness,

licensing issues, technical and other barriers.

• OCE allows entities to connect to multiple trust frameworks on one technical platform

• OCE will support several well established trust frameworks (e.g. eduGAIN) by default

• OCE significantly lowers barriers for transnational cloud service delivery

O.C.E. why? Cross-sector

• OCE supports cross-sector collaboration capabilities out of the box

• OCE specifically supports public/private partnerships

• Therefore decreasing need for guest access

• OCE enables knowledge transfer on federated approaches from research and education to other sectors

What are Open Collaboration Exchanges?

• An transnational infrastructure for identity- and service providers to interconnect, facilitating authentication-, authorization- and group management processes

• An infrastructure;• that combines a technical infrastructure (a "switchboard") with multiple behavioural trust/policy

frameworks• and thus allows entities to connect to multiple trust frameworks on one technical platform

• An open and secure platform, using open standards, based on open source (OpenConext) technology

• Self-service configuration interfaces for all participants

• Ecosystem for ‘value-added services’, such as a higher level of authentication, statistics, provisioning, metering/billing, etc.

• Aimed towards implementation of multi-stakeholder governance and maintenance

• Enabler of cross-sector and transnational collaboration and service delivery

O.C.E. What it is not

• A replacement for eduGAIN• Leverages/uses eduGAIN and other services/trust frameworks

• Pixie dust for collaboration• Still a lot (most?) effort for non-technical issues

• A trust framework itself• ‘Only’ aggregator with optional added self-service functions

• A finished product• Still very much a concept/idea, many many things still unclear

O.C.E. Overview

OCE(self-service)

IDP1

IDP2

Trust framework• eduGAIN• SURFconext• DIGID

Trust framework• eduGAIN• WAYF

SP1

SP2

Trust framework• SURFconext• DIGID

Trust framework• eduGAIN

eduGAIN• IDP1• IDP2• SP2

Entree• IDP1• SP1

DIGID• IDP1• SP1

trust framework2• IDP1• SP2

OCE(metadata)

O.C.E. What’s next?

• Engage• Different (european) educational federations • Several OpenConext pilot partners• eduGAIN• Global partners

• Learn• AMS-IX, Netherlight and other exchanges• Possible similar ideas, initiatives or projects

• Partnerships• Work with strategic partners on innovation, governance, and funding

• Pilots• In research and education• Cross-sector

O.C.E. pointers

• eduGAIN www.edugain.org

• OpenConext www.openconext.org

• From Network Exchange to Collaboration Exchange - A guided tour https://tnc2012.terena.org/core/session/10

• MARIO https://tnc2013.terena.org/core/session/27

• Collaboration Exchange for Services and Identities https://blog.surfnet.nl/?p=2392