Some Frontier Issues from the Wild, Wild West - PowerPoint PPT Presentation

Loading...

PPT – Some Frontier Issues from the Wild, Wild West PowerPoint presentation | free to download - id: 602224-MzM4M



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Some Frontier Issues from the Wild, Wild West

Description:

Title: No Slide Title Last modified by: kjk Document presentation format: Custom Other titles: Times New Roman Lucida Sans Unicode Arial Times Wingdings Tahoma ... – PowerPoint PPT presentation

Number of Views:78
Avg rating:3.0/5.0
Slides: 42
Provided by: tnc2007Te
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Some Frontier Issues from the Wild, Wild West


1
Some Frontier Issues from the Wild, Wild West
  • Ken Klingenstein


2
Topics
  • Activities in the US
  • RE Sector
  • Government sector
  • Shib update
  • The issues on the frontier
  • At the infrastructure level
  • At the user and application level

3
(No Transcript)
4
Activities in the US
  • Government sector
  • EAuthentication
  • Law enforcement
  • Health Care
  • RE Sector
  • State based federations
  • InCommon

5
Diego and RL Bob
6
Or maybe this
7
Government Federations
  • Internationally, several national governments are
    developing federations of agencies and offering
    services to external users
  • Within the US, several national governments are
    developing federations ?
  • GSA EAuthentication
  • NSF
  • NIH
  • http//www.public-cio.com/story.php?id2007.02.02-
    103751

8
EAuthentication
  • A set of federal agencies, working through a
    coordinating agency (GSA) in conjunction with
    NIST for primarily business (and some consumer)
    interactions
  • Based on SAML, NIST 800-63, etc
  • Applications range from booking campgrounds to
    checking social security to filing administrative
    data from universities to agencies to student
    loans to access to grant management to
  • Not a very good soccer team yet but it is the US
    Gov
  • Attempting to peer with InCommon

9
State University Federations
  • State university federations - Texas, California,
    Maryland, etc
  • Leverage existing infrastructure in both policies
    and shared applications
  • Some, such as the California Digital Marketplace,
    reach very broad populations

10
UTexas Federation Apps
  • Project Tracking (CHA)
  • Monthly Financial Reporting (BUD)
  • TIXX (GOV)
  • UT Plane (ADM)
  • Compliance Training (ADM)
  • Research Projects Tracking (ACA)
  • Academic Affairs Jobs (ACA)
  • Degree Programs (ACA)
  • Grad Registration (ACA)
  • System Administration Wireless (OTIS)
  • Legal Tracking (OGC)
  • Parking Management (APS)
  • Signature Authority (APS)
  • Bid Specification (OFPC)
  • Project Time Reporting (OFPC)
  • Student Couponing (UT Austin)
  • Online Education via Blackboard (UTHSCH)
  • Board of Regents Agenda (BOR) 12/06
  • Budget Change Request (BUD) 12/06
  • UTANOP (BUD) 12/06

11
(No Transcript)
12
InCommon
  • US RE Federation
  • www.incommon.org
  • Members join a 501(c)3
  • Addresses legal, LOA, shared attributes, business
    proposition, etc issues
  • Approximately 50 members and growing
  • A low percentage of national Shib use

13
InCommon Members 5/1/07
  • Case Western Reserve University
  • Clemson University
  • Cornell University
  • Dartmouth
  • Duke University
  • Florida State University
  • Georgetown University
  • Indiana University
  • Miami University
  • New York University
  • Ohio University
  • Penn State
  • Stanford University
  • Stony Brook University
  • SUNY Buffalo
  • Texas AM
  • The Ohio State University
  • The Johns Hopkins University
  • The University of Chicago
  • University of California, Office of the President
  • University of California, Riverside
  • University of California, San Diego
  • University of Maryland
  • University of Maryland Baltimore County
  • University of Maryland, Baltimore
  • University of Rochester
  • University of Southern California
  • University of Virginia
  • University of Washington
  • University of Wisconsin - Madison
  • Cdigix
  • EBSCO Publishing
  • Elsevier ScienceDirect
  • Houston Academy of Medicine - Texas Medical
    Center Library
  • Internet2
  • JSTOR
  • Napster, LLC
  • OCLC

14
Key aspects of InCommon
  • Federating software
  • Shib 1.2 (other possibilities in the future)
  • Shared attributes and schema
  • eduPerson right now
  • Levels of authentication
  • POP (participant operational practices) for
    LOA-today
  • InCommon Bronze and Silver will map to LOA 1 2
  • Management
  • Steering committee of members IT executives
  • Operations staffed by Internet2

15
InCommon Management/Governance
  • Steering Committee of campus/vendor CIOs and
    policy people sets policies for membership,
    business model, etc.
  • Technical advisory committee - Sets common member
    standards for attributes (eduPerson 2.0) ,
    identity management good practices, etc.

16
InCommon Uses
  • Access control to content
  • Popular content Ruckus, CDigix, etc
  • Scholarly content Google, OCLC WorldCat
  • Downloads Microsoft
  • Access to external services
  • Student travel, charitable giving, web learning
    and testing, plagiarism testing service, etc.
  • Allure for alumni services and other internal
    businesses
  • Student loans, student testing, graduate school
    admissions, etc.
  • Access to national services
  • The National Science Digital Library
  • The Teragrid pilot

17
Challenges in the US
  • Addressing the risks in federated identity
  • Too many lawyers
  • Too few business drivers
  • No bulk content licensing
  • Few national applications
  • No government access yet
  • For many institutions, the focus is in state
    versus national for applications
  • Bi-lateral relationships exist more than national
    relationships.
  • Not all institutions really have their identity
    management technologies fully in place
  • Very few have their identity management policies
    in place.

18
Shibboleth
  • Shib 1.3 widely deployed 1.2 still common
  • Along the way, other capabilities added
  • ADFS compatibility for WS-Fed, (MS )
  • Eauthentication certification (with waiver
    form))
  • Shib 2.0 completes the SAMLShib integration
  • More compatible with COTS SAML 2.0 products than
    they are with each other
  • A Shib/SAML to TCP/IP analogy isnt bad Shib
    adds multi-party federation support through
    metadata, ARPS, etc.
  • Also eases support for n-tier, non-web and other
    capabilities
  • Alpha in April, Beta soon

19
The Shibboleth 2.0 Sidebar
  • Support for the attribute ecosystem
  • attribute handling, including policy, in both SP
    and IdP
  • designed to be reusable for other protocols (eg
    CardSpace)
  • sets stage for further work on multiple attribute
    sources, reputation management, etc.
  • All Java SP (in addition to current Java/Apache),
    easing integration for some applications
  • Trust management
  • PKI still seems too hard, even at the simpler
    enterprise level
  • Supports a broad set of trust choices CAs,
    certs, plain keys, managing site metadata
    (naming, acquisition, validating)
  • A product of years of painful experience ?

20
Federated Applications
  • Mostly access controls to content
  • The first shibbed collaborative apps are
    appearing
  • Several wikis
  • Digital repositories such as DSpace and Fedora
  • Learning Management Systems such as WebCT
  • IM, p2p fileshare (Lionshare), CVS
  • Grid-Shib integration in several ways
  • SIP based tools (videoconferencing,
    audioconferencing) within reach
  • Bootstrapping from duct tape sometimes a problem

21
The Frontier
22
The issues on the frontier
  • Peering, leveraging, confederating, etc
  • Integration with p2p trust
  • The user interface
  • The applications
  • Collaboration
  • Domain-specific

23
Relationships among federations
  • Peering
  • Confederation
  • Presumes peering, adds multifederation support
  • Leveraged
  • Specialized federations that extend a common base
    federation

24
Some inter-federation key issues
  • Multi-protocols
  • Sharing metadata
  • Aligning policies
  • WAYF functionality
  • Dispute resolution
  • Virtual organization support

25
REFeds
26
Peering
  • Parameters
  • LOA
  • Attribute mapping
  • Legal structures
  • Liability
  • Adjudication
  • Metadata
  • VO Support
  • Economics
  • Privacy

27
VOs plumbed to peered federations
28
Developing the Attribute Ecosystem
  • Addressing not only the real time delivery of
    attributes, but their creation, distribution and
    maintenance
  • Providing a consistent set of user experiences,
    both in managing their identity/privacy, but in
    their roles as managers of privileges to others
  • Must function with the real world of existing
    middlemen, uncertain user capabilities, laws and
    regulations, and duct tape

29
Application access controls (including network
devices)
Shib
User
IdP
p2p
30
A Simple Life GUI
Application access controls (including network
devices)
Autograph
Shib
User
Authn
IdP
Source of Authority
Source of Authority
Source of Authority
p2p
31
An Integrated IdM Life
Application access controls (including network
devices)
Shib
User
IdP
Local apps
Source of Authority
Source of Authority
Source of Authority
p2p
32
Integrated Interfaces
Application access controls (including network
devices)
Autograph
Shib
User
Authn
IdP
Local apps
Source of Authority
Source of Authority
Source of Authority
Signet/ Grouper
p2p
33
Real Life
Source of Authority
Application access controls (including network
devices)
Source of Authority
Portal
Gateway
Shib
Proxy
Source of Authority
Source of Authority
IdP
User
Source of Authority
Source of Authority
Source of Authority
Source of Authority
p2p
34
Source of Authority
Application access controls (including network
devices)
VO Service Center
Gateway
IdP
Shib
Source of Authority
IdP
User
Source of Authority
Source of Authority
Source of Authority
Source of Authority
p2p
35
Internet Identity P2P
  • Provides tokens for interpersonal trust
  • Use cases include file and photo sharing, some
    encrypted email, etc.
  • Limited role but large personal contexts
  • Subtle but critical layers
  • Identity Selector, tokens, mobility, reputation
    systems, others
  • Active space Cardspace in MS Vista, Higgins and
    the Bandits, OpenId, etc.

36
Identity Integration goals
  • Of federated and p2p identity
  • Many levels of integration
  • The tokens
  • The GUI
  • The privacy management paradigm
  • Of identity and privilege management
  • Assignment and management of permissions to users
    by those with authority to grant such access
  • Addresses the static aspects of the authorization
    space, with audit, delegation, prerequisites,
    etc.
  • Permissions can be enterprise or virtual
    organization

37
User Interface Frontier
  • A consistent look and feel to the management of
    identity activities across a set of collaboration
    applications
  • The applications may be web services, video or
    audioconferencing, calendaring, IM, wikis, file
    shares, etc
  • The activities may include authentication,
    release of attributes and management of privacy,
    creation of attributes for others, group
    management, etc
  • Defaults must hide most of the complexity
  • Cards seem to be a common metaphor
  • Variety of appliances an issue

38
Management of the Domain
  • Lacking general infrastructure, identity and
    privilege management within the domain is
    problematic
  • Insecure, ineffective, ad hoc or often missing
  • Building tools to integrate Id/Pr Management
    within the domain with the approaches used on
    campuses.
  • Allows more seamless interactions of research and
    instructional roles.
  • Permit students to sample and engage in research
    securely and easily.
  • Allow researchers to administer grants and
    integrate virtual and physical realities.

39
Collaboration tools and services
  • Addressing the collaborative side of research
  • Adapting common open-source collaborations tools
    for more effective use
  • First in an institutional and inter-institutional
    use
  • Then, leveraging that, for virtual organizations
  • Addressing integration of authentication,
    authorizations, privacy, etc.
  • Wikis, IM, web-accessed file-shares,
    videoconferencing, audio conferencing, etc.
  • Use cases abound, from open to members of a
    community to just these few colleagues and
    others

40
MACE
41
(No Transcript)
About PowerShow.com