View
215
Download
0
Tags:
Embed Size (px)
Citation preview
Update SURFnet
Bart [email protected], Utrecht, 17 Oktober 2006
2 High-quality Internet for higher education and research
SURFnet Federation project
Main components:
– describe use-cases for Federated IdM;
– what services;
– policies;
– technology;
3 High-quality Internet for higher education and research
SURFnet’s role for IdM
• Awareness for Identity Management (IdM)– Reports on IdM
• studies on current state of IdM in HE in .NL;• Scenarios to realize (upgrade) IdM;• Federated IdM (business drivers, solutions…).
– Workshops on IdM– Workgroup for Library Access Management (‘BAM’)
• Development and support of open source product A-Select(development, organize OS, pilots, architecture, deployments)
• Stimulate deployment of A-Select (200k+ users high-ed)
4 High-quality Internet for higher education and research
Federation initiatives - .NL
Kennisnet Public libraries eduPoort SURFnet
Register users Yes, centrally No, federated Both local and federated Federated only
Authenticate users yes yes Both local and federated Federated only
Centralized attributes Yes No Both local and federated Federated only
WAYF no yes no Yes
SSO yes no yes Yes, federated
Multi federation protocol No No No Yes: A-Select and SAML
Con-federation Possibly Possibly Possibly Short term
Product A-Select A-Select ‘Proxy’ A-Select ‘Cross’ A-Select ‘Cross/SAML’
User type everyone everyone everyone Research/HE only
service provider
central components for federation
Identity provider
5 High-quality Internet for higher education and research
SURFnet Federation (2006)
Build a service “SURFnet Federatie” (SNF)
– technical implementation (based on A-Select);– define(d): policies, contracts, legal organization?…;– organize service providers (SP);– support identity providers (IdP);– Manuals and website (end-user, IdP,SP, helpdesk etc.)
6 High-quality Internet for higher education and research
SURFnet Federation (2007)
– stimulate deployment and join-in • workshops;• install fests for both IdP and SP.
– con-federate (‘confederate’: both NL and EU)– support standards (SAML, WS*,eduGAIN) – translate assertions enabling federared SSO
(SAML <> A-Select <> WSF <> eduGAIN)
– pilots/work on federated (de-)provisioning– monitoring/tracking/tracing within federation– home organization for SURFnet specific services?– Technology scouting on MW for SOA/grid-services
7 High-quality Internet for higher education and research
SURFnet Federation Policies
Start simple: low level entry• Contract for IdP part of SURFnet contract?• Contract for all SP’s standardized;• If an IdP is also SP, just one contract.
• IdPs make best efforts:– to issue credentials to members only– to ensure accuracy of assertions
• SPs agree to respect the privacy of users– don't aggregate attributes or disclose to others– report on use of federation
9 High-quality Internet for higher education and research
SURFnet Federation
10 High-quality Internet for higher education and research
users identities central federation components resources
(SAML)
SAML
11 High-quality Internet for higher education and research
Pilots with SURFnet Federation
• Pilots with 3 publishers and Elsevier SD• Booking system for VC-equipment (appl. by Switch)• Ellips project (language studies)• SURFgroepen (www.surfgroepen.nl) – MS Sharepoint
On the horizon (short term)- SURFnetdiensten (webshop);- 3TU – 3 technical universities collaborating;- VideoPortal;- Institution specific usage stats (on services);- SURFstat (network stats);
12 High-quality Internet for higher education and research
A-Select developments
• Support for SAML1.1 (OpenSAML based) used for WAYF and IdP• IdP:
– Browser/Post WebSSO profile – Browser/Artifact WebSSO profile (type 0001 & 0002)– SAML Subject Queries (Attribute, Authentication, Authorization)
• Enhanced WAYF
• IdP discovery for SP
• Anonymity of users based on WS*
• Soon start with:– WS* (ADFS) implementation– pilot with MS CardSpace– interoperability with Oracle and Novell (IdP, SP)– Looking into Liberty support
http://www.aselect.org/version/1.5/aselectchangelog.txt
13 High-quality Internet for higher education and research
SURFnet Statistics on SCS
2006 Jan Feb Mar Apr May Jun Jul Aug Sep TotalCerts accepted 0 0 4 43 75 76 67 91 68 424Certs refused 0 0 3 7 20 10 15 11 23
SCS institutes 0 0 5 22 39 45 52 58 64 64 (unique)
0
10
20
30
40
50
60
70
80
90
100
1 2 3 4 5 6 7 8 9
14 High-quality Internet for higher education and research
SURFnet Detective
Meanwhile…
SURFnet Detective has reached status/level of production-service as of May ‘06.
http://detective.surfnet.nl/