Federated Identity Management Interest Group Overview

fim ig n.w
1 / 20
Embed
Share

"Learn about the FIM-ig Federated Identity Management Interest Group, including its purpose, stakeholders, scope, and priorities. Explore the concept of federations and authorization within the group's domain."

  • FIM
  • Identity Management
  • Federation
  • Stakeholders
  • Authorization
rayaanacharya
kstro Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. FIM-ig Federated Identity Management Interest Group

  2. 2 Agenda Introduction FIM, what is it what should it do. A short overview including FIM4R activities Stakeholders, who is here, what are their interests? What is or should be within the IG scope? Specific topics within FIM, priorities for our group. How to organize ourselves further.

  3. 3 Federated Identity Purpose: Allow access to distributed services with a single set of credentials Maintained at the user s (trusted) home organization Single Sign-on Why? Economic advantages Scaling Separate domains of responsibility Convenience Existing organizational infrastructure for research & education: National Identity Federations etc.

  4. 4 Federations From a local user store to a federation Local External Federation DB DB SP LDAP LDAP DB LDAP SP SP IDP SAML (HTTP) HTTP HTTP HTTP HTTP B B B

  5. 5 Federations From a local user store to a federation Local External Federation DB DB DB DB DB SP LDAP DB LDAP LDAP RDB SP SP IDP SAML (HTTP) SAML (HTTP) HTTP SP IDP IDP IDP HTTP HTTP B HTTP B B B

  6. Federations W 6 Federation Operator A formal agreement: Privacy issues Traceability Agreement on user attributes exchange Agreement on attribute semantics Common Attribute set definition Exchange method for (federation) metadata What makes a Federation? Federation FO IDP SP IDP IDP SP SP IDP IDP

  7. Federations W 7 Inter Federation Federation A Federation B FO FO IDP IDP SP IFO SP IDP IDP IDP IDP SP SP SP SP IDP IDP IDP IDP

  8. 8 FIM for Authorization The attributes released by the Home Organization can be used for Authorization Can be sufficient to identify academic users or affiliation So allow students of University X access to Library Y However more complicated cases are difficult: Organizational distance between IdP and SP inhibits having very specific attributes such as: User A signed license B and is a member of Organization X There is eduPersonEntitlement, but the scope of use is limited Better use external community specific attribute providers that can hold such specific attributes User authentication and identification is already a worthwhile cause

  9. 9 Homeless users Sharing data with non-academic users Homeless Identity Provider operated by specific communities Allowing access with social network accounts What are the consequences Level of assurance Federation operators ?

  10. 10 FIM for Research (FIM4R) initiative IN EU, several research communities saw the potential of FIM and have been experimenting and using FIM But not in a unified approach, Unification and coordination came mostly from FIM service providers as the national academic federation providers While technology and organizational structure is still maturing and in need of steering Common needs should be communicated to FIM providers, funding agencies etc. So FIM4R initiative as an initiative of the research communities to find commonalities in FIM requirements and discuss with the stakeholders and produce recommendations

  11. 11 FIM for Research (FIM4R) initiative Communities Involved: High Energy Physics, Life Sciences, SSH, European Neutron Photon facilities, Earth Sciences Had now six FIM4R workshops organized by different communities: CERN in June 2011, RAL in November 2011, Taipei in February 2012, MPI-PL in June 2012, PSI in March 2013, CSC in Oct 2013 As a result of these workshops, a common vision for FIM across the research collaborations has emerged along with the desire to see this implemented with a roadmap and a set of recommendations.

  12. 12 Common Vision for FIM Need for a common policy and trust framework for Identity Management based on existing structures and federations either presently in use by or available to the communities. This framework must provide researchers with unique electronic identities authenticated in multiple administrative domains and across national boundaries that can be used together with community defined attributes to authorize access to digital resources. The necessary brevity of the vision statement had us skip some issues, but it is relatively complete

  13. 13 Community perceived FIM problems from FIM4R discussions Non exhaustive list of problems the communities need solved Non-browser based application support Multi-tier delegation for Web Services Generation of (short-lived) X509 certificates Lacking attribute release by IdPs Within the academic federations themselves Between federations i.e. eduGAIN inter-federation Need different Levels of Assurance (LoA) to cater for different sensitive data levels User friendly solutions: Homeless IdP, Discovery Services, Community specific attributes Unique persistent user identification Cater for citizen scientists (homeless IdP, Social networks)

  14. 14 Recommendations Recommendations to the research communities Pragmatic Risk Analysis from the RI viewpoint Pilot studies to explore further requirements and provide feedback on technologies and service providers Recommendations to technology providers Separation of Authentication and Authorization Credential revocation Attribute delegation to the research community More levels of security Recommendations to funding agencies Funding for FIM technologies that are focused on solving the described issues

  15. 15 Why a FIM Interest Group next to FIM4R? Hope to catch a wider, global audience More facilities to have a continuous interaction Perhaps create an umbrella for other also non-RDA related FIM activities Possibility to create WGs on specific topics within the FIM IG Interaction with other groups: DFT User Identification, ORCID

  16. 16 ESFRI Research Infrastructures As Research Communities, ESFRI Research Infrastructures have also identified FIM as a key common point: Paper: Realising the full potential of research data: common challenges in data management, sharing and integration across scientific disciplines https://zenodo.org/record/7636

  17. 17 Stakeholders in FIM, who is here? Research Communities FIM Service providers Federation operators FIM Software developers ? Funding Industry

  18. 18 What should be in the FIM ig scope, what are priorities No exclusions? Specific topics: User attributes: release policy, attribute sets Security levels Scenarios needing connection to other technologies: OpenID (Connect) OAUTH X509 Non-browser tools Organizational/management issues Federation as a service

  19. How to organize ourselves further. 19 Documentation gathering Prioritising areas of investigation and building a roadmap to produce results

  20. Thank You

Related


No related presentations.

More Related Content