Enabling Global Trust Through Requirements Profiling

Enabling global trust through requirements profiling enables the interoperable Global Trust Federation, supporting distributed IT infrastructures for research. The Interoperable Global Trust Federation brings together e-Infrastructure resource providers, user communities, and identity authorities to agree on global, shared minimum requirements and assurance levels. Minimum Requirements Federation imposes operational and security needs on identity provider participants, reflecting the needs of resource providers. This coordination body for policy and credential best practices for research communities harmonizes a set of LoA requirements set by resource providers, creating an inclusive, bottom-up IdP cooperative for distributed research communities worldwide.

• Trust Federation
• Requirements Profiling
• Global Interoperability
• Research Communities
• Resource Providers

stor_90 Follow

Uploaded on Mar 13, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Enabling global trust through requirements profiling enabling the interoperable global trust federation David Groep Nikhef Nikhef, Amsterdam supported the Dutch national e-Infrastructure funded and coordinated by SURFsara, by EGI.eu, and by EGI-InSPIRE RI-261323,

2. IGTF: Interoperable Global Trust Federation supporting distributed IT infrastructures for research 3 regional coordination groups (AP, EMEA, Americas) ~80 authorities and ~10 cross-national infrastructure members ~100 000 subscribers Single integrated trust fabric with differentiated LoA May 2014 IGTF 2005 - 2014

3. IGTF Interoperable Global Trust Federation supporting distributed IT infrastructures for research IGTF brings together e-Infrastructure resource providers, user communities and identity authorities to agree on global, shared minimum requirements and assurance levels inspired and coordinated by the needs of relying parties: EGI, HPCI, PRACE-RI, PRAGMA, OSG, XSEDE, as well as most national e-infrastructure providers

4. Minimum Requirements Federation imposes minimum requirements on identity provider participants Reflect operational and security needs of resource providers Differentiated LoA support classic user-based subscriber services: serve all users identity services leveraging (R&E) federations with ID vetting LoA1+ Identifier-Only Trust Assurance if relying party has other ways to vet its users, allow for lower-assurance identifiers, thus enabling more ID federations LoA2- Research-inspired verification process: self-audits, peer-review, transparent open policies and processes meet or exceed required minimum standards

5. How to think of the IGTF? It may not be what you might think it is Coordination body for of policy and credential best practices for research communities Use-case driven differentiated LoA coordination Harmonized set of LoA requirements set by resource providers (e-Infrastructures) An inclusive bottom-up IdP cooperative for distributed research communities with widely dispersed users Supporting collective services acting coherently worldwide as a part of a larger jigsaw puzzle May 2014 IGTF 2005 - 2014

6. A part of the jigsaw IGTF IGTF by now supports many things agreed LoAs for e-Infrastructures for research LoA2- MICS, IOTA, Robots & credential translation levels inspired by current RPs: infra & user globally-coordinated unique identifiers key to cross-domain services with many SPs/RPs best practices for AuthZ, credential management, operational security and response for ID providers qualified trust anchor distribution mechanism modelled on assurance processes inspired by research bottom-up extends to all researchers (coverage) but by design cannot and should not do it all ! FIM4R SCI REFEDS GEANT INFRA7 AAI May 2014 IGTF 2005 - 2014

7. Going forward from here ? Beyond authentication and identity, attributes and authorization are (and are becoming more) important for e-infrastructures mere authentication likely commonplace in the years to come authorization, (community) assured attributes, and attribute composition are still unsolved for research e-infrastructures IGTF to generalise the current profiles into LoA documents we should be able to do away with most of the classical independent ID provisioning in Europe but we will still need ways to get to full 100% coverage: catch-all! both inside but also outside of Europe research is global! higher level LoA catch-all services should be fully integrated don t forget about industrial research and SME partners they re our research partners and collaborate in projects just like academia! It is our collective challenge to make it all work together IGTF 2005 - 2014 May 2014

8. Interoperable Global Trust Federation AP EU TAG BUILDING A GLOBAL TRUST FABRIC WWW.IGTF.NET IGTF 2005 - 2014