refeds met, peer and mdui
DESCRIPTION
Presentation given to the REFEDS Bof at APAN33.TRANSCRIPT
What is REFEDS Interested In?
Nicole Harris UK Access Management Focus, JISC Advance
@nicoleharrisSlides: http://www.slideshare.net/nicolevharris
Me
• UK Access Management Focus;• Advisor to UK federation;• REFEDS Coordinator;• PEER Project Manager;• Shibboleth Consortium Manager;• Generally opinionated about access and identity.
What does the R&E Federation space look like?
R&E Federations Status (1)
R&E Federations Status (2)
• 27 Federations plus 2 confederations.• 4753 entities within those federations.• 1815 Identity Providers. • 2755 Service Providers. • Plus several ‘others’ (don’t worry about it).
(November 2011)
Top resources?
• In 14 federations: – Czech Medical Atlas and Microsoft Dreamspark.
• In 12: – Web of Knowledge, Scopus, ScienceDirect.
• In 11: – IEEE, EBSCO.
• In 10: – Springer, OVID.
So it’s all working, right?
For SPs, Federation SucksI know because I wrote a paper on it!
Barriers
• Multiple registry of entity data. • Multiple legal documents. • One-off clauses.• Interpretation of data protection. • Sponsorship letters.• Fees.• Technical Barriers.
https://refeds.terena.org/index.php/Barriers_for_Service_Providers
Registering Entity Data
• Federations are just big metadata (xml) files.• Entity = your chunk of that data. • It goes a bit like this:
How does it work?
Federation A
Federation B
Federation C
You
What we need is a place where this can be centrally registered and then called on by federations…
PEER
http://beta.terena-peer.yaco.es/
Legal Contracts
Wouldn’t it be great if these were standardised and simplified?
REFEDs Policy Review
• Painstakingly taking apart every clause in every federation policy.
• Mapping these to generic content ‘blocks’ and ‘elements’ within each block.
• Making recommendations about structure and unnecessary language.
• NOT a legal review.
Isn’t there an easier way?
Full Interfederation
• The ability of federations to exchange metadata about their entities.
• Normally an additional legal agreement between the 2 federations.
• Full technical and policy integration. • Bi-lateral (UK and Edugate) or via groups
(eduGain and Kalmar2).
eduGain (1)
www.edugain.org
eduGain (2) – Drawbacks
• At least one of the federations you are a member of needs to have signed up for eduGain.
• Opt-in: you have to ask to be included in an aggregate.
• Not always clear which entities are interfederated – are your customers there?
eduGain (3) Benefits
• Only have to have a relationship with 1 federation.
• Technically, as an SP, you can chose with federation that is.
A quick note on Barriers to Users
Login Interfaces Suck I know this because I’ve tried to use them
How Bad?
New UK federation WAYF
Foodle and DiscoJuice
MDUI
• Currently being used by DiscoJuice and Shibboleth Embedded Discovery Service / Central Discovery Service.
• OASIS Standard for IdP Discovery: – http://docs.oasis-open.org/security/saml/
Post2.0/sstc-saml-idp-discovery.pdf.
MDUI for SPs (Shibboleth Recs)
Non Logo elements• <mdui:DisplayName>Recommended required
<mdui:Description>Recommended 100 chars max • <mdui:Keywords> Not used • <mdui:InformationURL> Available • <mdui:PrivacyStatementURL> Available
Logo elements• Shibboleth - must be specified using an HTTPS URL • Shibboleth - logo size should be between 64px by 350px wide and 64px by
146px high • Shibboleth - logos should have transparent backgrounds • Shibboleth - logos look better if they have a landscape rather than a
portrait aspect ratio
https://refeds.terena.org/index.php/MDUI_-_Software_recommendations
MDUI for IdPs (Shibboleth Recs)
Non Logo elements<mdui:DisplayName>Recommended, 33 chars max Strongly recomended <mdui:Description> Supporting the Display Name function with more details<mdui:Keywords> Used Used for incremental search <mdui:InformationURL> Not used at present<mdui:PrivacyStatementURL>Not used at present – see Attribute WG recs <mdui:IPHint>Not used Planned for future release <mdui:DomainHint> Not used Planned for future release <mdui:GeolocationHint> Not used Heavily used. Strongly recomended.
Logo elements• Shibboleth - The URL specifying the logo must be https protected. • Shibboleth - One logo should be provided of size approximately 80px(width) by 60px (height). A larger
logo may be provided but the aspect ratio should be maintained (logos are selected based on apsect ration).
• Shibboleth - One logo should be provided of size 16px by 16px. • Shibboleth - Logo backgrounds should be transparent.
https://refeds.terena.org/index.php/MDUI_-_Software_recommendations
Thank you for listening