Federations in Texas

Barry Ribbeck University of Texas Health Science Center at Houston

Context Definitions

• Target: A federation member offering resource(s)

• Origin: A federation member requesting access to resources in exchange for asserted information

• Member: An entity agreeing to abide by the policies governing the federation

Potential Need for Federation(s)• UT Information Security• UT Austin Define System• UTHSC-Houston Blackboard resource• UTMB Center for bio-terrorism research• Texas Medical Center – Houston collaborative efforts

(17 physical institutions, 44 external institutions with hundreds of business partner relations per institution.

• Houston Higher Ed: UT-HSCH, Rice, A&M, Baylor, U of H, Texas Southern, HCC, Houston Baptist, U of St. Thomas, UT-MDACC

UT Infosec• UT – A state agency with 17 component parts

geographically dispersed across the state of Texas operating independently.

• Information Security (Infosec) is a cross institutional group charged with sharing information regarding security related issues and coordinating security related communications between institutions.

• All UT components operate under a common PKI, so a trust fabric exists

• Already committed to using Shibboleth as infrastructure exists to support it

UT Austin Define System

• A legacy mainframe application with extensive web front end development, used by multiple UT institutions within the state. Contains financial, student and other sensitive data.

• Austin is considering re-vamping their Authentication/Authorization (AA) process for this web based application as well as for the campus in general

• Austin no longer wants to support Identification and Authorization (I&A) for external components accessing this application.

UTHSCH-Houston Blackboard• Houston has satellite programs dispersed around

the state.• Most of these programs involve faculty and

students at other UT institutions.• Currently, non-UTHSCH users utilizing the

Houston Blackboard Course Management System resource require a guest account.

• Once the infrastructure is in place, it will allow courses offered at Houston to scale beyond the UT virtual boundaries.

• Planned deployment in Q1 2004

UTMB bio-terrorism facility

• UT Medical Branch in Galveston is building a level 4 biological research lab

• They are a candidate for a federal bio-terrorism facility

• How do we ensure security and access control to information that will be made available to collaborators inside and outside of the state?

Texas Medical Center

• 17 institutions operating independently with a 4 square mile area

• Largest medical center in the world• Many of the faculty and providers are cross

institutional affiliates.• Hippa is forcing US to change the way we

distribute non-mainstream health information (SMIME/Web) between institutional providers

Houston Higher Ed

• Many Institutions of higher learning

• Many resources (library resources) shared both locally and state wide

• Programs currently exist to allow students from one institution to take for credit courses at other institutions and pay for those courses locally.

Why does a Federation exist?

• To provide a venue and policy structure(s) for enterprises with common needs to access or provide digital resources securely while leveraging a common trust fabric.

• To provide assurance of compliance with policy of the trust fabric to relying parties.

• To enforce the polices of the Federation

Why does an Origin Join a Federeration?

• To provide a mechanism for its users to access external resources offered via the Federation thereby extending the utility of its internal resources in a scalable fashion

• To leverage the scale provided by a trust fabric and reduce the number of 1 to 1 Relying Party Agreements.

Why does a Target join a Federation?

• To provide access to resources of interest to a larger community with some level of control and accountability.

• To leverage the scale of a shared trust fabric and reduce the number of 1 to 1 Relying Party Agreements.

Why a another federation?

• Federations membership is based on the needs of the constituents.

• Target requirements and Origin requirements may not match nicely with RPA in a more generalized Federation.

• Will targets that require a high LOA for I&A be satisfied with an assertion of how authenticated?

• When Target and Origin are “close” within a federation and the applications are mission critical why outsource the federation when they are already supporting the ends.

• It may be easier to establish a “local” federation as policies within a community may already exist (PKI).