The Art of Federations. Topics Federations of what… Federated identity versus federations...
-
Upload
bailey-griffin -
Category
Documents
-
view
223 -
download
0
Transcript of The Art of Federations. Topics Federations of what… Federated identity versus federations...
The Art of Federations
Topics
• Federations of what…
• Federated identity versus federations
• Federations in other sectors – business, gov, ad hoc
• R&E Federations
• Peering and confederation
• -------------------
• International Grid Trust Federation
Lots of things can federate
• Data sets• Search engines and catalogues• Grid resources• Primary identity providers• Secondary identity providers
Federated identity and federations
• Federated identity –passing of information from an identity provider (IdP) to a relying party or service provider (SP) for an access control decision
• Bi-lateral, likely appended to an existing business relation
• Usually uses SAML
• Federation – bi-lateral or compound passing of information from several IdP and others to a SP
• Multi-institutional, broad communities with multiple IdP and SP
• Needs metadata management, more sophisticated attributes (including scoped), multi-lateral trust management, agreements on standards, more sophisticated AAP and ARP mechanisms, etc.
• Usually uses Shibboleth or a compatible
Federations in other sectors
• Corporate• Internal federations within large, diverse
companies• Limited use for vertical sector operations
• Government
R&E Federations
• Rapidly growing sector, with many countries deploying and federation size increasing
• General scope is higher education, with coverage ranging from complete (e.g. Switzerland, Finland, Norway) to well underway (e.g. Denmark, France, UK, Germany, Australia) to planning
• Largest and most ambitious is the UK Access Management Federation, scoped to all higher education, K-12 and further education
In the US
• Growing number of state based federations• University of Texas, University of California,
University of Maryland, Ohiolink, etc.• Easy to build on top of existing relationships
• Ad hoc federations – eg FEMA and Hurricane Katrina
• InCommon
InCommon
• US R&E Federation
• www.incommonfederation.org
• Members join a 501(c)3
• Addresses legal, LOA, shared attributes, business proposition, etc issues
• Approximately 45 members and growing
• A low percentage of national Shib use…
InCommon Uses
• Dartmouth, and others, to get to ScienceDirect at Elsevier
• Penn State, and others, to get to WebAssign, an outsourced testing service
• University of Washington, and others, to get to CDigex
• Univ of Chicago, and others, to get to TurnItIn, a plagiarism testing service
• All members of InCommon, to get to spaces.internet2.edu
• (Soon, all members to get to the TeraGrid.)• (Soon, all members to get to Fastlane and NIH
and…
Policy components
• Participant operational practices• To help SP decide on amount of trust to have
• IdM and local administration• May or may not be audited
• Standard Attributes• Metadata agreements• Contract between institution and federated
operator• Easy except for limited liability and dispute
resolution
Peering and Confederation
• For federations to be fully-scalable• Peering - relationship between two autonomous
federations• Work underway in peering between InCommon and
US Federal EAuthentication Federation• MOU addresses metadata exchange, liability and
dispute resolution, economics, technical mappings as addendum
• Confederation – a union of federations• Addresses discovery, conversion of protocols and a
more unified set of services• Seemingly a natural structure for Europe• eduGain, a Geant project, is working on this