Embed Size (px)
Citation preview
Updates on Shib, a bit of InCommon and International Federations
Presenter’s Name
Topics
• Shib 2.0 and Autograph• Non-federal aspects of InCommon• International peering• Others will do InCommon and the US Gov,
Usher, etc…
Presenter’s Name
State University Federations
• State university federations - Texas, California, CSU, etc
• Leverage existing infrastructure in both policies and shared applications
• Some, such as the California Digital Marketplace, reach very broad populations
Presenter’s Name
InCommon
•US R&E Federation
•www.incommon.org
•Members join a 501(c)3
•Addresses legal, LOA, shared attributes, business proposition, etc issues
•Approximately 55 members and growing
•A low percentage of national Shib use…
Presenter’s Name
InCommon Members 5/1/07
•Case Western Reserve University •Clemson University •Cornell University• Dartmouth •Duke University •Florida State University• Georgetown University•Indiana University• Miami University• New York University •Ohio University •Penn State •Stanford University •Stony Brook University •SUNY Buffalo •Texas A&M•The Ohio State University •The Johns Hopkins University•The University of Chicago •University of Alabama at Birmingham•University of California, Davis •University of California, Irvine •University of California, Los Angeles •University of California, Merced
•University of California, Office of the President •University of California, Riverside •University of California, San Diego•University of Maryland•University of Maryland Baltimore County•University of Maryland, Baltimore •University of Rochester •University of Southern California •University of Virginia •University of Washington •University of Wisconsin - Madison •Cdigix •EBSCO Publishing •Elsevier ScienceDirect •Houston Academy of Medicine - Texas Medical Center Library •Internet2 •JSTOR •Napster, LLC •OCLC• OhioLink - The Ohio Library & Information Network •ProtectNetwork •Symplicity Corporation •Thomson Learning, Inc.• Turnitin •WebAssign
Presenter’s Name
Key aspects of InCommon
• Federating software•Shib 1.2+ (other possibilities in the future)
• Shared attributes and schema•eduPerson right now
• Levels of authentication•POP (participant operational practices) for LOA-today• InCommon Bronze and Silver will map to LOA 1 & 2
• Management•Steering committee of members IT executives•Operations staffed by Internet2
Presenter’s Name
InCommon Management/Governance
• Steering Committee of campus/vendor CIO’s and policy people – sets policies for membership, business model, etc.
• Technical advisory committee - Sets common member standards for attributes (eduPerson 2.0) , identity management good practices, etc.
Presenter’s Name
Shibboleth
• Shib 1.3 widely deployed; 1.2 still common• Along the way, other capabilities added:
•ADFS compatibility for WS-Fed, (MS $)•Eauthentication certification (with waiver form:))
• Shib 2.0 completes the SAML+Shib integration•More compatible with COTS SAML 2.0 products than
they are with each other•A Shib/SAML to TCP/IP analogy isn’t bad; Shib adds
multi-party federation support through metadata, ARPS, etc.
•Also eases support for n-tier, non-web and other capabilities
•Alpha for Unix and Windows now being released
Presenter’s Name
The Shibboleth 2.0 Sidebar
• Support for the attribute ecosystem• attribute handling, including policy, in both SP and IdP• designed to be reusable for other protocols (eg CardSpace) • sets stage for further work on multiple attribute sources,
reputation management, etc. • All Java SP (in addition to current Java/Apache), easing
integration for some applications• Trust management
• PKI still seems too hard, even at the simpler enterprise level• Supports a broad set of trust choices – CA’s, certs, plain
keys, managing site metadata (naming, acquisition, validating)
• A product of years of painful experience
Presenter’s Name
Federated Applications
• Mostly access controls to content• The first shibbed collaborative apps are
appearing…•Several wikis•Digital repositories such as DSpace and Fedora•Learning Management Systems such as WebCT• IM, p2p fileshare (Lionshare), CVS
• Grid-Shib integration in several ways• SIP based tools (videoconferencing,
audioconferencing) within reach• Bootstrapping from duct tape sometimes a
problem
Presenter’s Name
Membership in InCommon
• 53 members, perhaps 25 million students covered, growing slowly but steadily
• Some interesting discussions•Apple, Google, Microsoft all as SP’s
• The assertion of student-ness
•National Energy Labs, as IdP’s and SP’s
• And off in testshib…•The Navy, Google, …
Presenter’s Name
International Federations
• Many nations now have federations; OECD and the UN are looking at ways to address the other
• Status ranges from fully developed (Finland, Switzerland, Norway, Netherlands) to rapidly growing (France, UK) to struggling but moving forward (Denmark, Belgium) to just starting (Germany, Italy)
• Several uses cases are already emerging for interfederation arrangements•Wikis, grids…
Presenter’s Name
9-9:30 Welcome and intros Desired Outcomes: a prototype agreement between federations that all attendees can take back to their federation for discussion.
9:30-10:30. A Few Federation Updates, with some emphasis on interfederation or inter-sector issues FEIDE UK Access Manage InCommon Liberty Instances. Others?
Key takeaways: state of the R&E world state of the commercial world
11:00-11:30 Use cases Common Interfederation needs Use of proxies
11:30 -12:00 Agreement on terms Categories of relationships between federations (peering, overlapped, leveraged, confederation, hierarchical, etc.) Multi-homed institutions - pros and cons Transitivity situations - necessary? desirable? Categories of policy issues Service models - trust broker, bulk services provider, etc. Business models - uniform fees, RP pays, subsidized, etc.
Presenter’s Name
Afternoon of International Peering
• Attributes Validity requirements Eppn policy Privacy requirements Special identifiers User specified? RP specified? Transient?
• LOA Credentials? Attributes? Both?? POP management and/or requirements Standard levels: Can we agree...?? Audit: requred? who does it? who sees it? Federation practices in support of LOA Standard practises between federations
Presenter’s Name
Late afternoon international peering
• Legal and Financial Liability issues Financial Considerations (dues, transactions, etc) Dispute Resolution Can the federation commit its members? Working with commercial federations? Non NREN academic federations?
• Kinda technical issues WAYF Trust anchors (use of commercial CA’s) Help desk and problem resolution
• Wrap-ups and Next Steps OECD? UN? OASIS? etc. Where to continue and how Who's got the ball?
• Nice dinner if we’ve earned it…
Presenter’s Name
Collaboration tools
• Expanding enterprise and federated versions of popular tools•Adding identity, group and privilege management•Providing security and privacy
• Adding the middleware extensions for virtual organizations• Integrating the VO life with the campus life in portals,
videoconferencing, etc.
Presenter’s Name
VOs plumbed to federations
