Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

13
Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston

Transcript of Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

Page 1: Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

Federations in Texas

Barry Ribbeck University of Texas Health Science Center at Houston

Page 2: Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

Context Definitions

• Target: A federation member offering resource(s)

• Origin: A federation member requesting access to resources in exchange for asserted information

• Member: An entity agreeing to abide by the policies governing the federation

Page 3: Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

Potential Need for Federation(s)• UT Information Security• UT Austin Define System• UTHSC-Houston Blackboard resource• UTMB Center for bio-terrorism research• Texas Medical Center – Houston collaborative efforts

(17 physical institutions, 44 external institutions with hundreds of business partner relations per institution.

• Houston Higher Ed: UT-HSCH, Rice, A&M, Baylor, U of H, Texas Southern, HCC, Houston Baptist, U of St. Thomas, UT-MDACC

Page 4: Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

UT Infosec• UT – A state agency with 17 component parts

geographically dispersed across the state of Texas operating independently.

• Information Security (Infosec) is a cross institutional group charged with sharing information regarding security related issues and coordinating security related communications between institutions.

• All UT components operate under a common PKI, so a trust fabric exists

• Already committed to using Shibboleth as infrastructure exists to support it

Page 5: Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

UT Austin Define System

• A legacy mainframe application with extensive web front end development, used by multiple UT institutions within the state. Contains financial, student and other sensitive data.

• Austin is considering re-vamping their Authentication/Authorization (AA) process for this web based application as well as for the campus in general

• Austin no longer wants to support Identification and Authorization (I&A) for external components accessing this application.

Page 6: Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

UTHSCH-Houston Blackboard• Houston has satellite programs dispersed around

the state.• Most of these programs involve faculty and

students at other UT institutions.• Currently, non-UTHSCH users utilizing the

Houston Blackboard Course Management System resource require a guest account.

• Once the infrastructure is in place, it will allow courses offered at Houston to scale beyond the UT virtual boundaries.

• Planned deployment in Q1 2004

Page 7: Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

UTMB bio-terrorism facility

• UT Medical Branch in Galveston is building a level 4 biological research lab

• They are a candidate for a federal bio-terrorism facility

• How do we ensure security and access control to information that will be made available to collaborators inside and outside of the state?

Page 8: Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

Texas Medical Center

• 17 institutions operating independently with a 4 square mile area

• Largest medical center in the world• Many of the faculty and providers are cross

institutional affiliates.• Hippa is forcing US to change the way we

distribute non-mainstream health information (SMIME/Web) between institutional providers

Page 9: Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

Houston Higher Ed

• Many Institutions of higher learning

• Many resources (library resources) shared both locally and state wide

• Programs currently exist to allow students from one institution to take for credit courses at other institutions and pay for those courses locally.

Page 10: Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

Why does a Federation exist?

• To provide a venue and policy structure(s) for enterprises with common needs to access or provide digital resources securely while leveraging a common trust fabric.

• To provide assurance of compliance with policy of the trust fabric to relying parties.

• To enforce the polices of the Federation

Page 11: Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

Why does an Origin Join a Federeration?

• To provide a mechanism for its users to access external resources offered via the Federation thereby extending the utility of its internal resources in a scalable fashion

• To leverage the scale provided by a trust fabric and reduce the number of 1 to 1 Relying Party Agreements.

Page 12: Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

Why does a Target join a Federation?

• To provide access to resources of interest to a larger community with some level of control and accountability.

• To leverage the scale of a shared trust fabric and reduce the number of 1 to 1 Relying Party Agreements.

Page 13: Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

Why a another federation?

• Federations membership is based on the needs of the constituents.

• Target requirements and Origin requirements may not match nicely with RPA in a more generalized Federation.

• Will targets that require a high LOA for I&A be satisfied with an assertion of how authenticated?

• When Target and Origin are “close” within a federation and the applications are mission critical why outsource the federation when they are already supporting the ends.

• It may be easier to establish a “local” federation as policies within a community may already exist (PKI).