Upload
nigel-bruce
View
213
Download
0
Embed Size (px)
Citation preview
Presenter’s Name
InCommon•Approximately 80 members and growing steadily
•More than two million “users”
•Most of the major research institutions (MIT joining soon)
•New types of members• Non usual suspects – Lafayette, NITLE, Univ of Mary Washington, etc.• National Institute of Health• Student service providers• Energy Labs• MS, Apple
•Steering Committee chaired by Clair Goldsmith of Univ of Texas; Technical Committee chaired by Renee Shuey of Penn State
Presenter’s Name
Uses
• Access controlled wikis• Access to academic content, such as Elsevier• Access to popular content, such as Cdigix• Access to Microsoft• Access to services, such as student travel agencies,
testing services, • Access to Grid computational resources, portal
providers, recruitment services, etc• (Trust base for dynamic circuit
authorization/accounting)• (Google Apps for Education)
Presenter’s Name
InCommon•Impacts of federation are real
• Dreamspark - Microsoft delivery of developer kits, source code, etc to students https://downloads.channel8.msdn.com/; over 50% of all download traffic from Microsoft was federation-enabled one week after announcement.
• {Federation + persistent, opaque identifier + attributes with consent} addresses international privacy requirements.
•InCommon Silver, a new profile is now being deployed to serve higher assurance applications•Federated Sharepoint, federated wikis are proving to be killer apps….•www.incommonfederation.org
Presenter’s Name
Federation Soup
• Workshop to held early June• Bringing together all manners of federation to figure out
federation relationships• InCommon, JISC, state federations, library federations,
university system federations, grid federations, etc.• Topics include alignment of policies, technologies, attributes,
metadata, etc.
• Approaches include peering, nested, leveraged, and a whole lot of ad hoc
• Outputs may include best practices, multi-homing, etc.
Presenter’s Name
Capabilities of federated identity
• Real-time delivery of identity and attributes
• Supports role-based access controls• Providing privacy and enhanced security• Integrates with collaboration management platforms that are being adopted by virtual organizations
Presenter’s Name
Real time access controls
• Delivery of attributes to control points• Initially via web browsers and now via web
services and a variety of native api’s
• Rich controls at policy control points
• ISOC “Identity, Trust and the Internet” will apply identity and trust to a growing suite of Internet RFC’s.
Presenter’s Name
Collaboration and Federated Identity
• Two powerful forces being leveraged• the rise of federated identity• the bloom in collaboration tools, most particularly in the
Web 2.0 space but including file shares, email list procs, etc
• Collaboration management platforms provide identity services to “well-behaved collaboration applications”
• Results in user and collaboration centric identity, not tool-based identity
Presenter’s Name
Comanage
• A collaboration management platform, supported in part by a NSF OCI grant, being developed by the Internet2 community, with Stanford as a lead institution
• Open source, open protocol• Uses Shibboleth, Grouper, and Signet• Parallels activities in the UK and Australia
Presenter’s Name
Comanageable applications
• Already done• Sympa, Federated wikis, Asterisk (open-source IP
audioconferencing), Dim-Dim (open-source web meeting), Bedeworks (federated open-source calendar)
• Immediate targets• Rich access controlled wikis• Web-based file shares, IM, Google Apps for Education
• Domain science resources• Instruments• Grids
FederatedWiki
Domain Science
Grid
Domain Science
Instrument
University A University B Laboratory X
CollaborationManagement
Platform
CollaborationTools/ Resources
ApplicationAttributes
Home Org & Id Providers/
Sources ofAuthority
AttributeEcosystem
Flows
Attribute/Resource Info Data Store
Collaboration Management Platform (CMP)and the Attribute Ecosystem
Sources of Authority
CoAuthorization –
Group InfoAuthorization –Privilege Info
AuthenticationPeoplePicker
OtherFunctions
manage
File Sharing
CalendarPhone/Video
Conference
Email List
Manager
Presenter’s Name
Possibilities and next steps
• Virtual organizations adopting federated identity and collaboration management platforms• LIGO – www.ligo.org (and GEO and VIRGO)• Ocean Observing Initiative -(
http://www.joiscience.org/ocean_observing)• Providing audit and security in a federated environment• Cutovers are more difficult than new VO
• Integrating domain science tools• Cyberinfrastructure, e.g. Teragrid, OSG, integrating, providing
collaboration management platform service centers • Integrating research administration into the mix