Stuff Ken Klingenstein Stuff sack In

Скачать презентацию Stuff Ken Klingenstein Stuff sack In

35e0adcb544776f9b044441b52458ddb.ppt

Количество слайдов: 30

Stuff Ken Klingenstein

Stuff sack • In. Common Stuff • Infocard, Open Id, etc… • Federation soup • Cormack slides on EU (and US) privacy • International federation & Liberty Alliance • ISOC and Identity and trust • COmanage and collaboration support • Kumbaya for open source middleware? • Rumors and gossip kjk@internet 2. edu

About federating software… • Shibboleth project formation - Feb 2000 • OASIS starts SAML work; linkages with Shib established Dec 2000 • Release dates: Shib alpha 1 April 2002, Open. SAML July, 2002, Shib v 1. 0 April 2003 • SAML TC evolved a fusion of Liberty, Shib and SAML into SAML 2. 0 Nov 2005 • Microsoft-led business consortium develops WS-*, including WS-Fed, 2002 -2008 • Closure likely next year around SAML 2. 0 and Shib metadata as the first metadata profile in OASIS kjk@internet 2. edu

In. Common • Approximately 90 members and growing steadily • More than two million “users” • Most of the major research institutions • New types of members • • • Non usual suspects – Lafayette, NITLE, Univ of Mary Washington, etc. National Institute of Health, soon NSF and research. gov Energy Labs, ESnet, Tera. Grid MS, Apple, soon Google Student service providers • Steering Committee chaired by Clair Goldsmith of Univ of Texas; Technical Committee chaired by Renee Shuey of Penn State kjk@internet 2. edu

Uses • • • Access controlled wikis Access to academic content, such as Elsevier Access to popular content, such as Cdigix Access to Microsoft, i. Tunes U Access to services, such as student travel agencies, testing services, • Access to Grid computational resources, portal providers, recruitment services, etc • Access to external apps (e. g. Google Apps for Education) and clouds kjk@internet 2. edu

In. Common • Impacts of federation are real • Dreamspark - Microsoft delivery of developer kits, source code, etc to students https: //downloads. channel 8. msdn. com/; over 50% of all download traffic from Microsoft was federationenabled one week after announcement. • {Federation + persistent, opaque identifier + attributes with consent} addresses international privacy requirements. • In. Common Silver, a new profile is now being deployed to serve higher assurance applications • Federated Sharepoint, federated wikis are proving to be killer apps…. • www. incommonfederation. org kjk@internet 2. edu

A brief history of federations • Federations at national levels in several countries, beginning with a variety of protocols and converging on SAML • Federations form along natural relationships – state university systems, state educational agencies, regional optical networks, … • Federations in the business context begin as 1 -1 (outsourced services, like accounting) and sometimes grow into hub and spoke (e. g. automobile industry) • Other types of identity federations exist in pockets (e. g. federated PKI roots for IGTF) kjk@internet 2. edu

Federation Soup • Workshop held early June • Brought together all manners of federation to figure out federation relationships • In. Common, JISC, state federations, library federations, university system federations, grid federations, etc. • Topics include alignment of policies, technologies, attributes, metadata, etc. • Approaches include peering, nested, leveraged, and a whole lot of ad hoc • Web site at https: //spaces. internet 2. edu/display/Federation. Soup/Home kjk@internet 2. edu

Why we are here: Interfederation Interactions • Peering and soup • Service providers often belong to multiple federations; some identity providers are being asked to join several federations • Federal government interactions happening, but not as first anticipated • Virtual organizations (e. g. OOI and LIGO) are now presenting real use cases that require international federation interactions • Other sectors keenly watching us kjk@internet 2. edu

Workshop Goals and Outcomes • Inform specific efforts • fostering of local federations • blending of local federations with national ones • minimizing challenges down the road through some up-front consensus and coordination (ala federation best practices) • international peering/soup • Exchange governance and organizational approaches • Understand businesses and business models • Establish ongoing mechanisms for communication and coordination • Grow community kjk@internet 2. edu

Some soup dimensions • Alignments – LOA, attributes, user experience • Legal models – Dispute Resolution, Indemnification, etc • Business models – Operator, Source of funds, Services offered, Communities served • Privacy management and international issues • User experience – large multiplier… kjk@internet 2. edu

Federations. org • Interfederation of national R&E federations • More peering than soup • Possible activities • Reference point for new national federations • Aggregation of common materials • Triage for SP’s that want to learn how to deal with multiple federations • Assist in taking the federation template doc to RFC status • IDABC and EU Article 29 coordination • Successor to Refeds (http: //www. terena. org/activities/refeds/) kjk@internet 2. edu

International Activities • http: //www. terena. org/activities/refeds/ • A summary of discussions among R&E networks, including a survey of national efforts • http: //www. jisclegal. ac. uk/access/ • Excellent policy analytics, especially around international issues of privacy, peering, and attributes • http: //ec. europa. eu/idabc/ • Trans. European activities in Id. M for use among citizens, governments, and businesses kjk@internet 2. edu

Peering Parameters: • LOA • Attribute mapping • Legal structures • Liability • Adjudication • Metadata • VO Support • Economics • Privacy kjk@internet 2. edu

Peering frameworks • JISC Member-Federated Operator analysis • Feasability of cross-federation • EAuth-In. Common peering corpse • Kalmar Union • JISC template for inter-federation kjk@internet 2. edu

Next soup steps • Affinity group in system federations • State feds – not yet • PII normalization • Ask NACUA • Coping with EU privacy compliance • Interfederation template agreement • In. Common as a focus point for interfederation in the US kjk@internet 2. edu

Trust, Identity and the Internet • ISOC initiative to introduce trust and identityleveraged capabilities to many RFC’s and protocols • Acknowledges the assumptions of the original protocols about the fine nature of our friends on the Internet and the subsequent realities • Will leverage both federated and p 2 p trust (for those instances where there is no trusted Id. P) • http: //www. isoc. org/isoc/mission/initiative/trust. shtml • Dublin IETF at the end of July kick-off… kjk@internet 2. edu

ISOC Key Objectives • • • Architecture and Trust Implementing open trust mechanisms throughout the full cycle of Internet research, standardization, development and deployment Current Problems/Solutions and Trust Mitigating the social, policy, and economic factors that may hinder development and deployment for trust enabling technologies Identity and Trust Elevating "Identity" to a core issue in network research and standards development kjk@internet 2. edu

Infocard, Open ID, etc. • Open. Id widespread inter-site authn • lightweight technically and legally • you get what you pay for… • Warrants intelligent integration with federated identity • User control of identity selection and attribute release becoming critical • One model is the ARPviewer approach • Another attractive model is Info. Card kjk@internet 2. edu

Collaboration and Federated Identity • Two powerful forces being leveraged • the rise of federated identity • the bloom in collaboration tools, most particularly in the Web 2. 0 space but including file shares, email list procs, etc • Collaboration management platforms provide identity services to “domesticated” collaboration applications • Results in user and collaboration centric identity, not tool-based identity kjk@internet 2. edu

A Bloom of Collaboration Tools • An over-abundance of new tools that provide rich and growing collaboration capabilities (aka Web 2. 0) • Do you • Wiki, blog, moodle, sakai, IM, Chat, videoconference, audioconference, calendar, flikr, netmeeting, access grid, dimdim, listserv, webdav, etc • Share files among workgroups, access Elsevier, work with the IEEE, etc • No uber-app – limits invention and community of users • 3 - 4 is fine, but many per user is hard to manage • Leads to the need to manage the collaborations and its tools kjk@internet 2. edu

COmanage • A collaboration management platform, supported in part by a NSF OCI grant, being developed by the Internet 2 community, with Stanford as a lead institution • “Domesticated” applications externalize their identity management dimensions to an general identity/group/privilege/etc repository (LDAP, My. SQL, etc. ) • Users manage Id. M in a collaboration-centric way, not in a tool-centric way • Uses Shibboleth, Grouper, and Signet • Open source, open protocol kjk@internet 2. edu

COmanage • A “stand-alone” platform to manage Id. M for many different applications. • User accounts to access COmanage can be based in COmanage or, preferably, federated. • COmanage can provide authentication and authorization services (group membership, privilege management, etc) to apps • The “stand-alone” can be readily replumbed to be fully integrated into enterprise, federated or other attribute ecosystems as they develop kjk@internet 2. edu

Two types of application enablement • “domesticated” apps know to draw their entitlements, attributes and roles from the CMP directory or db or… (something external to the app) • Other apps can have information from COManage pushed into them • Static or dynamic provisioning • Connectors could be X. 509 certs, SAML assertions, etc. kjk@internet 2. edu

Domesticated applications • Applications that externalize their identity management dimensions • Domestication typically goes in stages – first identity, then group and privilege management, perhaps then provisioning • Domestication relative to the external access protocols used (SAML, LDAP, My. SQL, web services, etc. ) • Applications domesticated or being targeted • Sympa, Confluence, Asterisk (open-source IP audioconferencing), Dim -Dim (open-source web meeting), Bedeworks (federated open-source calendar), Subversion, JIRA, Al fresco, Foodle • Finally domain science resources – Instruments, Grids, etc kjk@internet 2. edu

Collaboration Management Platform (CMP) and the Attribute Ecosystem Collaboration Tools/ Resources File Sharing Calendar Email List Manager Phone/ Video Conference Federated Wiki Domain Science Instrument Domain Science Grid Application Attributes Collaboration Management Platform o C Authorization – Group Info manage Authorization – Privilege Info Authentication People Picker Other Functions Attribute/Resource Info Data Store Attribute Ecosystem Flows Home Org & Id Providers/ Sources of Authority University A University B Laboratory X Sources of Authority

COmanage specifics • Wiki, dev and users being set up • Beta release in July, 1. 0 in August, Open. LDAP as the data store. • Debian VMware • Domesticated apps in bundle where licenses permit • Testing in several venues and VO’s • GUI issues, modularity of components issues under discussion kjk@internet 2. edu

Kumbaya for open source? • Now that people believe there is a middleware layer, they want only one of them… • Most open source apps started well before plumbing and middleware • Some left open API’s, etc; some didn’t • Alignment between JA-SIG, Kuali Student, Kuali Financials, OKI, Fedora, Dspace, Sakai, etc. happening, slowly, intermittently, but happening… kjk@internet 2. edu

Rumors and Gossip • Nuclear winter at summer solstice • Internet 2, strategic planning and tactical • NLR and Darkstrand • NSF and OCI • Teragrid, OGF, Condor, Genesis II, etc. kjk@internet 2. edu