Post on 11-Jan-2016
Developments and challenges in authentication and
authorisationKlaas Wierenga
klaas.wierenga@surfnet.nlBerlin, 23 May 2006
High-quality Internet for higher education and research
Agenda
• Federations• Drivers for (identity)
federations• Key developments• Challenges• Summary
High-quality Internet for higher education and research
Federations
Identity Provider
User
Resource Provider
Resource
TrustOrganisation BOrganisation A
Federations are about sharing resources across organisational borders
High-quality Internet for higher education and research
Drivers for (identity) federations
Organisational• Users are becoming increasingly mobile
– Bologna process, ECTS– E-learning for everyone
• Research is getting to “large” to do alone– Collaboration is common, projects cross organisational borders– Grids
• Self serving interfaces, changes in workflow inside university– Employees and students get tasks from administration– Cutting cost
Technical• Higher need for security without stopping people from studying or doing resarch• Two-sided communication gets replaced by multidimensional web services, SOA• Centralising applications in order to individualise services
– Personalisation gets more important
Political and societal• Government AAI (and commercial IdPs)
– Interconnections
High-quality Internet for higher education and research
Federations are happening
HAKA
JISC federation
DK-AAI
• Applications outsourcing their users– To the home institution of the user– To a single place at the home institution
• Academic identity federations are operational– Real services used everyday by large
amount of users– Research and educational applications
are federated
• Federation software available in the marketplace
• Infocard– Making "identity" tangible to users
• Convergence is there– With SAML as lingua franca
High-quality Internet for higher education and research
Organisational Challenges
• Local identity management
• Provisioning– must be understood both on campus and in
applications
• Managing roles and attributes
• Scalability problems (many sources of authority)
High-quality Internet for higher education and research
Technical Challenges (1)
• Horizontal integration– Government federations– Commercial federations (Liberty Alliance, WS-*
based)– Across national boundaries
• Vertical integration– Web SSO, eduroam, grids– Lightpath provisioning (GLIF), measurement
and monitoring (PerfSonar)– E-mail, IM, SIP, SSH
High-quality Internet for higher education and research
Technical Challenges (2)• External IdP’s
– Different levels of authentication– Different levels of authorisation
• From authentication to authorisation– Do those enterprise directories really contain authoritive
authorisation information?
• Security constraints– Policy and technology
• N-tier problems– Where are the attributes?
High-quality Internet for higher education and research
Political and Societal challenges
• Privacy– Locally– Within federations– Across Europe– World-wide
• Interconnection policies– building federations– bridging federations
• Integration of enterprise and federated identity with personal identity
• Agreement on consistent approaches to authentication
High-quality Internet for higher education and research
Summary
• Educational federations are happening
• Convergence to (small number of) standards– SAML
• International federations are emerging– eduroam– Grids– Géant2 AAI (eduGAIN)
• Federations are moving up into the stack• But campus issues remain a concern
High-quality Internet for higher education and research
Thanks to
• Ken Klingenstein (Internet2)• Diego Lopez (RedIRIS)• Ingrid Melve (UNINETT)• Bob RL Morgan (Internet2)• Milan Sova (CESNET)• Torbjorn Wiberg (Umea University)