Fed Up - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Fed Up

Description:

Student travel, charitable giving, web learning and testing, ... Student loans, student testing, graduate school admissions, etc. The Teragrid. Government ... – PowerPoint PPT presentation

Number of Views:47
Avg rating:3.0/5.0
Slides: 25
Provided by: middleware
Category:
Tags: fed | loans | student

less

Transcript and Presenter's Notes

Title: Fed Up


1
Fed Up

2
Topics
  • Federation Basics
  • Drivers
  • Components
  • International and pulic sector developments
  • InCommon and its uses
  • Next steps for federations
  • Peering, confederation, and similar issues
  • Support for collaboration and virtual
    organizations
  • Development of other aspects of the attribute
    ecosystem

3
Middleware vision in one slide
  • Build a campus/enterprise core middleware
    infrastructure that
  • Serves the overall enterprise IT environment,
    providing business drivers and institutional
    investment for sustainability and scalability
  • Is designed from the start to support the
    research and instructional missions
  • Implies consistent approaches and common
    practices across campuses and internationally
  • Build, plumb, and replumb the tools of research
    on top of that emergent infrastructure
  • Domain-specific middleware (grids, sensor nets,
    etc)
  • Common collaboration tools (video, protected
    wikis, shared calendaring, audioconferencing,
    etc.)

4
Federated identity
  • Leveraging enterprise identity management beyond
    the enterprise
  • Creates general purpose interrealm trust fabrics
  • Standards (SAML) and open source (Shibboleth)
    well aligned and gaining broad adoption
  • Persistent and broad RE federations in many
    countries now

5
Drivers
  • Campuses want to allow their community to use
    their local credentials to access external
    partners in academia, government, businesses,
    etc.
  • Relying Parties want to use campus authn
  • For economies
  • Not another sso to incorporate into the app
  • Avoid much of the costs of account management
  • For scaling in users
  • Interest is tempered by legal considerations,
    policy considerations, and unintended disruptive
    economic consequences

6
Uses - Content
  • To protect IPR (the JSTOR incident)
  • To open up markets
  • Popular content Ruckus, CDigix, etc
  • MS
  • Scholarly content Google, OCLC WorldCat
  • Scope of IdM may be an issue

7
Services
  • Student travel, charitable giving, web learning
    and testing, plagiarism testing service, etc.
  • Allure for alumni services and other internal
    businesses
  • Student loans, student testing, graduate school
    admissions, etc.
  • The Teragrid

8
Government
  • NSF Fastlane Grant Submission
  • Dept of Agriculture Permits
  • Social Security
  • NIH
  • Dept of Ed

9
(No Transcript)
10
Components of Federation
  • Federating Software
  • Federation operator and metadata
  • Participants
  • Policies on identity management
  • Policies on privacy
  • Shared set of attributes, including LOA
  • Legal agreements among participants
  • Management and governance
  • (Peering, economics,)

11
International Federations
  • Widespread in Europe (over 15 countries),
    emergent in Australia, nascent in Asia.
  • The UK federation (http//www.ukfederation.org.uk/
    ) already has over five million active users and
    intends to grow to all of higher ed, K-12 and
    further education.
  • Used for academic content access, research
    support, national level services, etc
  • Clear needs for peering some need for
    confederation or dynamic relationships.

12
Public sector federations
  • http//www.public-cio.com/story.php?id2007.02.02-
    103751
  • State-based among health agencies (NY),
    presenting a SSO to citizens (Washington), etc.
  • GSA EAuthentication
  • NSF, NIH, and the Dept of Ed
  • State university federations - Texas, California,
    Maryland, etc
  • InCommon

13
UTexas Federation Apps
  • Project Tracking (CHA)
  • Monthly Financial Reporting (BUD)
  • TIXX (GOV)
  • UT Plane (ADM)
  • Compliance Training (ADM)
  • Research Projects Tracking (ACA)
  • Academic Affairs Jobs (ACA)
  • Degree Programs (ACA)
  • Grad Registration (ACA)
  • System Administration Wireless (OTIS)
  • Legal Tracking (OGC)
  • Parking Management (APS)
  • Signature Authority (APS)
  • Bid Specification (OFPC)
  • Project Time Reporting (OFPC)
  • Student Couponing (UT Austin)
  • Online Education via Blackboard (UTHSCH)
  • Board of Regents Agenda (BOR) 12/06
  • Budget Change Request (BUD) 12/06
  • UTANOP (BUD) 12/06

14
InCommon
  • US RE Federation
  • www.incommon.org
  • Members join a 501(c)3
  • Addresses legal, LOA, shared attributes, business
    proposition, etc issues
  • Approximately 50 members and growing
  • A low percentage of national Shib use

15
InCommon Members 2/27/07
  • Case Western Reserve University
  • Clemson University
  • Cornell University
  • Dartmouth
  • Duke University
  • Florida State University
  • Georgetown University
  • Miami University
  • New York University
  • Ohio University
  • Penn State
  • Stanford University
  • Stony Brook University
  • SUNY Buffalo
  • The Ohio State University
  • The University of Chicago
  • University of Alabama at Birmingham
  • University of California, Irvine
  • University of California, Los Angeles
  • University of Maryland
  • University of Maryland Baltimore County
  • University of Maryland, Baltimore
  • University of Rochester
  • University of Southern California
  • University of Virginia
  • University of Washington
  • University of Wisconsin - Madison
  • Cdigix
  • EBSCO Publishing
  • Elsevier ScienceDirect
  • Houston Academy of Medicine - Texas Medical
    Center Library
  • Internet2
  • JSTOR
  • Napster, LLC
  • OCLC
  • OhioLink - The Ohio Library Information
    Network
  • ProtectNetwork
  • Symplicity Corporation

16
Key aspects of InCommon
  • Federating software
  • Shib 1.2 (other possibilities in the future)
  • Shared attributes and schema
  • eduPerson right now
  • Levels of authentication
  • POP (participant operational practices)
  • InCommon Bronze and Silver will map to LOA 1 2
  • Management
  • Steering committee of members IT executives
  • Operations staffed by Internet2

17
Shibboleth
  • Shib 1.3 widely deployed 1.2 still common
  • Along the way, other capabilities added
  • ADFS compatibility for WS-Fed, (MS )
  • Eauthentication certification (with waiver
    form))
  • Shib 2.0 completes the SAMLShib integration
  • More compatible with COTS SAML 2.0 products than
    they are with each other
  • A Shib/SAML to TCP/IP analogy isnt bad Shib
    adds multi-party federation support through
    metadata, ARPS, etc.
  • Also eases support for n-tier, non-web and other
    capabilities
  • Alpha in April

18
The Shibboleth 2.0 Sidebar
  • Support for the attribute ecosystem
  • attribute handling, including policy, in both SP
    and IdP
  • designed to be reusable for other protocols (eg
    CardSpace)
  • sets stage for further work on multiple attribute
    sources, reputation management, etc.
  • All Java SP (in addition to current Java/Apache),
    easing integration for some applications
  • Trust management
  • PKI still seems too hard, even at the simpler
    enterprise level
  • Supports a broad set of trust choices CAs,
    certs, plain keys, managing site metadata
    (naming, acquisition, validating)
  • A product of years of painful experience ?

19
InCommon Management/Governance
  • Steering Committee of campus/vendor CIOs and
    policy people sets policies for membership,
    business model, etc.
  • Technical advisory committee - Sets common member
    standards for attributes (eduPerson 2.0) ,
    identity management good practices, etc.

20
InCommon Uses
  • Access control to content
  • Popular content Ruckus, CDigix, etc
  • Scholarly content Google, OCLC WorldCat
  • Downloads Microsoft
  • Access to external services
  • Student travel, charitable giving, web learning
    and testing, plagiarism testing service, etc.
  • Allure for alumni services and other internal
    businesses
  • Student loans, student testing, graduate school
    admissions, etc.
  • Access to national services
  • The National Science Digital Library
  • The Teragrid pilot

21
Inter-federation key issues
  • Peering, peering, peering
  • At what size of the globe?
  • Confederation, overlapping, leveraged
  • Tightly coupled autonomous federations
  • How do vertical sectors relate? How to relate to
    a government federation?
  • On what policy issues to peer and how?
  • Legal framework
  • Treaties? Indemnification? Adjudication
  • How to technically implement
  • Wide variety of scale issues
  • WAYF functionality
  • Virtual organization support

22
Peering
  • Parameters
  • LOA
  • Attribute mapping
  • Legal structures
  • Liability
  • Adjudication
  • Metadata
  • VO Support
  • Economics
  • Privacy

23
Privacy
  • There is a document within the UK Federation
    specifically on this issue
  • http//www.ukfederation.org.uk/library/uploads/Doc
    uments/recommendations-for-use-of-personal-data.pd
    f. 
  • This document is all recommendations and
    theguidelines laid out do not have to be
    followed, the only requirement is thatthe 8
    principles of the UK Data Protection Act (1998)
    are met. 

24
The Eight Principles
  • 1. Personal data shall be processed fairly and
    lawfully
  • 2. Personal data shall be obtained only for one
    or more specified and lawful purposes, and shall
    not be further processed in any manner
    incompatible with that purpose or those purposes
  • 3. Personal data shall be adequate, relevant and
    not excessive in relation to the purpose or
    purposes for which they are processed
  • 4. Personal data shall be accurate and, where
    necessary, kept up to date
  • 5. Personal data processed for any purpose or
    purposes shall not be kept for longer than is
    necessary for that purpose or those purposes
  • 6. Personal data shall be processed in accordance
    with the rights of data subjects under this Act
  • 7. Appropriate technical and organisational
    measures shall be taken against unauthorised or
    unlawful processing of personal data and against
    accidental loss or destruction of, or damage to,
    personal data
  • 8. Personal data shall not be transferred to a
    country or territory outside the European
    Economic Area unless that country or territory
    ensures an adequate level of protection for the
    rights and freedoms of data subjects in relation
    to the processing of personal data.
Write a Comment
User Comments (0)
About PowerShow.com