17 th tf-emc2. lyon, february 2011 on the many ways to identity exchange d i g i t a l i d e n t i t...
Post on 18-Dec-2015
217 views
TRANSCRIPT
![Page 1: 17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a](https://reader035.vdocuments.site/reader035/viewer/2022062515/56649d255503460f949fbdb1/html5/thumbnails/1.jpg)
17th TF-EMC2. Lyon, February 2011
On the Many Ways to Identity Exchange
Digital identities are more valuable
as they are more widely assertable
Diego R. Lopez, RedIRIS
![Page 2: 17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a](https://reader035.vdocuments.site/reader035/viewer/2022062515/56649d255503460f949fbdb1/html5/thumbnails/2.jpg)
17th TF-EMC2. Lyon, February 2011
The Open Fronts
• Life beyond SAML OpenID and “Identity 2.0” OAuth and JWT
• Seeking for meeting points eIRG STORK eduGAIN, PEER, MDX, … AAI convergence and STS efforts
• Sort of Proxying Inner access: TERENA SPP Outer access: Proposal to REFEDS
![Page 3: 17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a](https://reader035.vdocuments.site/reader035/viewer/2022062515/56649d255503460f949fbdb1/html5/thumbnails/3.jpg)
17th TF-EMC2. Lyon, February 2011
The twodotosphere
• MACE’s WG on OpenID https://spaces.internet2.edu/display/OpenID/Home Guidance, toward some degree of standardization Examine the demand for, and applicability of,
SAML/OpenID gateways
• Integrating identities both ways Logins4Life Social authsources social2saml.org SIR-enabled Facebook groups Social discovery services
![Page 4: 17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a](https://reader035.vdocuments.site/reader035/viewer/2022062515/56649d255503460f949fbdb1/html5/thumbnails/4.jpg)
17th TF-EMC2. Lyon, February 2011
Tokens and token formats
• OAuth2 consolidating Several rather mature I-Ds making their way up in IETF And proposals based on it
• UMA, inside Kantara• REST token-based access, inside GN3
• JWT: JSON Web Token Intended for space constrained environments
• HTTP Authorization headers• URI query parameters
Simpler to code and parse
• OAuth2 AP: http://www.rediris.es/oauth2/• JWT: Proof-of-concept for SIR-REST integration
![Page 5: 17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a](https://reader035.vdocuments.site/reader035/viewer/2022062515/56649d255503460f949fbdb1/html5/thumbnails/5.jpg)
17th TF-EMC2. Lyon, February 2011
Higher Convergence
• STORK progressing Proposal for making EC services STORK-aware Seeking for new use cases in academic space Lever for integration with governmental infrastructures
• eIRG on AAIs Convergence in academic space a key issue Federations as the main enablers Integration with the wider Internet A long way to go, policy-wise Acknowledgement to TERENA and REFEDS role
![Page 6: 17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a](https://reader035.vdocuments.site/reader035/viewer/2022062515/56649d255503460f949fbdb1/html5/thumbnails/6.jpg)
17th TF-EMC2. Lyon, February 2011
Lower Convergence
• Metadata aggregators PEER (not) vs. eduGAIN
• Several services integrating federations and Grid PKIs Watch Chris’ talk on this
• Convergence at the WS level: STS SURFNet experiments and CLARIN interest EMI-EGI initiative GEMBus STS (soon to be demonstrated) EUGridPMA to explore policy aspects
![Page 7: 17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a](https://reader035.vdocuments.site/reader035/viewer/2022062515/56649d255503460f949fbdb1/html5/thumbnails/7.jpg)
17th TF-EMC2. Lyon, February 2011
The Identity Swiss Knives
• Proxying is a wide concept that can address solutions to a wide variety of issues
• Simplify management See Dick’s talk
• Increase federation usage The most usual application
• Boost privacy Only provide an IP to access resources
• Enhance user experience Resolvers and deep-linking
• Expanding applicability WS-based interfaces and non-Web clients
![Page 8: 17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a](https://reader035.vdocuments.site/reader035/viewer/2022062515/56649d255503460f949fbdb1/html5/thumbnails/8.jpg)
17th TF-EMC2. Lyon, February 2011
A Proposal for REFEDS Funding
• The goals Remote federated proxy administration Centralized configuration of proxy meshes Non-Web clients in third party WS environments Neutral link resolution and deep linking
• The technologies EZProxy Apache2 proxy capabilities
• The players: WAYF and RedIRIS