Presentación de PowerPoint - TERENA

Presentación de PowerPoint - TERENA

SIR, FedSSH and more to come Diego R. Lopez, RedIRIS TF-EMC2, Umea SIR Servicio de Identidad de RedIRIS Provide a single entry point to digital identity services for the academic community Multiprotocol Simplify management Guarantee evolution

Flexible Compatible with any level of IdM deployment Able to live in parallel with other infrastructures http://www.rediris.es/sir/ TF-EMC2. Umea, July 2008 The SIR Model One Ring to bring them all and in the darkness bind them In the Land of Mordor where

the Shadows lie. TF-EMC2. Umea, July 2008 IdPs in SIR Institutions in the RedIRIS constituency Virtual organizations related to them Must install a connector Able to produce assertions in the PAPI v1 protocol Minimum set of attributes in the iris-* schemas PHP, Java (JSP & Filter), Apache mod_perl, ASP, Sun AM, OSSO and some specific ones Community process for developing new ones

Must register for the service Accepting the conditions of use Providing their metadata TF-EMC2. Umea, July 2008 SIR Services Interconnection with SAML infrastructures Access to PAPI-based services eduGAIN BE OpenID producer Validation services Attribute exchange SAML OpenID

TF-EMC2. Umea, July 2008 SIR: SAML (including eduGAIN) Virtual IdP per institution Using simpleSAMLphp capabilities Metadata distribution for regional federations Direct integration of SAML IdPs is feasible Central eduGAIN BE Plus virtual BEs for institutions requesting them Commercial providers

Microsoft Elsevier Requests ongoing for Ovid, JSTOR, EBSCO, Driven by the user institutions TF-EMC2. Umea, July 2008 SIR: PAPI Two ways for connection: GPoA SIR Virtual AS for each institution Access to the the national license on ISI WoK RedIRIS inner services

Conferences Service control panel Portals Proxies TF-EMC2. Umea, July 2008 SIR: OpenID Virtual producer per institution Additional controls Match URL with attribute values Specify acceptable RPs User consent for extensions related to personal data Identifiers in whatever Spanish language

yo.rediris.es/soy/[email protected] jo.rediris.es/soc/[email protected] eu.rediris.es/son/[email protected] ni.rediris.es/[email protected]/naiz Simplified versions possible for OpenID2 TF-EMC2. Umea, July 2008 SIR: Some ideas for the future New protocols and identity services OAuth Cardspace COmanage New applications (beyond WebSSO)

SSH access Distributed storage Attribute authorities (a-la-COManage) Grid interconnection SLCS VOMS Usage of DNIe And the PEPS TF-EMC2. Umea, July 2008 FedSSH Based on the ideas discussed byTF-EMC2

along past summer Common public key servers are updated through specific SPs A modified version of the SSH server able to use an external repository for public keys TF-EMC2. Umea, July 2008 Deploying FedSSH Deployed as a pilot by CONFIA, the Southern Spanish federation Applied to teaching

environments Connected to a federated account provision system Plans to explore the applicability to storage services TF-EMC2. Umea, July 2008 Riding the Hype Make the case for identity services among the wider user community Some of the big players

are behind Explore direct potential applications There are smart people working on this TF-EMC2. Umea, July 2008 Identity a-la-carte Use your identity everywhere Easy deployment of additional control Makes it more valuable to users

OpenID identifiers for catch-all, low-LoA IdPs TF-EMC2. Umea, July 2008 Lightweight federation? SP checks for trusted IdP IdP checks for trusted SP

Mutual authentication possible TF-EMC2. Umea, July 2008 No changes to the basic protocol required ARPs could be implemented as well Simpler to deploy? Easier to integrate?

Closer to commercial providers? OAuth for auto-registration Fed IdP Fed SP Initiate registration Request attributes Process attributes Decide on values Update databases Associate with agreed

identifiers TF-EMC2. Umea, July 2008 Edificio CICA Avenida Reina Mercedes s/n 41012 Sevilla. Espaa

Recently Viewed Presentations