Federations As a Concept What is Federation Image

  • Slides: 35
Download presentation
Federations: As a Concept

Federations: As a Concept

What is Federation ?

What is Federation ?

Image Source: https: //commons. wikimedia. org/wiki/File: Map_of_USA_with_state_names. svg

Image Source: https: //commons. wikimedia. org/wiki/File: Map_of_USA_with_state_names. svg

Image Source: https: //thehill. com/

Image Source: https: //thehill. com/

Why do Federations exist ?

Why do Federations exist ?

• Key concept to use the same set of credentials to obtain access

• Key concept to use the same set of credentials to obtain access to multiple resources • Specifically tries to avoid duplication of credentials • Reduce costs associated with managing user credentials • Reduces the amount of credentials a data subject, or USER needs to manage.

Concepts may differ, but the technologies will achieve the same goal But how is

Concepts may differ, but the technologies will achieve the same goal But how is it different to SSO?

How does Federation work ?

How does Federation work ?

Image Source: https: //safire. ac. za/users/how/

Image Source: https: //safire. ac. za/users/how/

TRUST!!

TRUST!!

Federations are built on Trust Frameworks So what is a Trust framework ?

Federations are built on Trust Frameworks So what is a Trust framework ?

• Provides assurance • Exists to make sure everyone understands their roles –

• Provides assurance • Exists to make sure everyone understands their roles – so we can understand our responsibilities • Helps manage expectations • Makes the boundries of the trust relationship clear to all • Ensures Id. Ps and SPs do the right thing • Reduce the risk that the relationship will break down as the result of inadvertent or malicious actions by a minority • Will evolve and get more stringent over time Source: Governance, Policies & Privacy - Ubuntu. Net TI 18

“Trust amongst members of an identity federation is foundational to its operation and is

“Trust amongst members of an identity federation is foundational to its operation and is established through the set of agreements and associated rules that are specific to that community” reference: https: //nvlpubs. nist. gov/nistpubs/ir/2018/nist. ir. 8149. pdf

Trust Framework

Trust Framework

Privacy

Privacy

• Use pseudo-anonymous, opaque, targeted identifiers instead of usernames wherever possible • Don’t

• Use pseudo-anonymous, opaque, targeted identifiers instead of usernames wherever possible • Don’t release more attributes than you need to • But don’t release fewer than you need to either!!! • Let users know what you’re doing with their PI • In a privacy statement/policy • During attribute release Source: Governance, Policies & Privacy - Ubuntu. Net TI 18

Legal basis for privacy • Legislation • Id. Ps and SPs in Europe are

Legal basis for privacy • Legislation • Id. Ps and SPs in Europe are bound by the General Data Protection Regulation (GDPR), and South Africa has signed POPI into law…. albeit, without a commencement date, …. for now…. . • This does affect your users and your services

Federation Entities, and The Roles they play

Federation Entities, and The Roles they play

Identity Provider • Also known as: Id. P, Home Organization Home Institution, (Responsible Party

Identity Provider • Also known as: Id. P, Home Organization Home Institution, (Responsible Party in POPI, and Data Controller in the GDPR. ) • The role of the Id. P at it’s core is to provide login credentials for it’s users (Data Subjects) • The trust that is put on the Id. P is that it has proper Identity management lifecycles in place, meaning, it is responsible for the user data that is asserted to the Federation • To have sufficient policy in place as to govern users, ie. An acceptable use policy.

Service Provider • Also known as: SP, Visited Organization. • To offer a service,

Service Provider • Also known as: SP, Visited Organization. • To offer a service, or an application that requires restricted access • Trust that the data they receive from Id. P’s is accurate to be able to make such decisions as to authorize, or deny access …which brings us back to Id. P’s having Identity management lifecycles in place… • Publish a privacy policy in which it is outlined how they handle Personal Information. Ie. POPI/GDPR responsibilities!

Federation Operator • also known as the Roaming Operator (as can be seen in

Federation Operator • also known as the Roaming Operator (as can be seen in the case of eduroam) • Broker Trust between members of the federation • Governance of the Federation (policies, and documentation) • POPI/GDPR • Rules surrounding the trust framework • Manage Participation • Maintain the federation infrastructure/Architecture

Interfederation Operator • Also known as the confederation • Much the same as a

Interfederation Operator • Also known as the confederation • Much the same as a Federation Operator, except that it is that one step higher, A Interfederation operator performs much of the same functions as a federation operator, except with federations, rather than individual Identity Providers, or Service Providers.

Global Authentication infrastructure opening global services to users whose institutions are registered in national

Global Authentication infrastructure opening global services to users whose institutions are registered in national identity federations user > institutional identity > identity federation (> national services) > edugain > global services https: //edugain. org/

Image source: https: //edugain. org

Image source: https: //edugain. org

Trust Framework

Trust Framework

Academic Identity Federations Halse, G. , (2016). "Introduction to the South African Identity Federation".

Academic Identity Federations Halse, G. , (2016). "Introduction to the South African Identity Federation".

• All the major social network platforms provide federated identities… • … so

• All the major social network platforms provide federated identities… • … so why don’t we just use these? • They all have one major drawback – they are self asserted • This means you cannot trust any of the attributes • This is often okay, but… donald. trump 17@gmail. com Halse, G. , (2016). "Introduction to the South African Identity Federation".

• Academic identity federations exist to solve the trust problem • Your home

• Academic identity federations exist to solve the trust problem • Your home organisation – university, research council, etc – knows a lot about you • They also know stuff specific to higher education • More importantly, most of this information has been checked and may be subject to audit • This makes them ideal to act as identity providers Halse, G. , (2016). "Introduction to the South African Identity Federation".

Academic Federation Operators • All federations have operators • Facebook Inc operates Facebook Connect

Academic Federation Operators • All federations have operators • Facebook Inc operates Facebook Connect • Academic federations are usually operated by the National Research and Education Network • Typically one per country • 63 known academic federations worldwide • International collaboration through REFEDS Halse, G. , (2016). "Introduction to the South African Identity Federation".

Academic Identity Federations Around the World: Image source: https: //refeds. org/federations-map

Academic Identity Federations Around the World: Image source: https: //refeds. org/federations-map

Late to Join ? • Maps show level of deployment in Africa • advantages

Late to Join ? • Maps show level of deployment in Africa • advantages of drawing on experience of others

Benefits of Federation

Benefits of Federation

Students and Researchers • Students and Researchers get more collaboration opportunities • Potential Access

Students and Researchers • Students and Researchers get more collaboration opportunities • Potential Access to more resources and data The Research Community • Authoritative statement of affiliation • More efficient utilization of resources within the research community • Research collaborations can be setup far quicker Knight, J. , (2018). “Federation Introduction".

Campus, or instituion • Fewer Contracts; More Organizations can function under a common framework

Campus, or instituion • Fewer Contracts; More Organizations can function under a common framework • Institutional reputation • A Stronger Security profile for the network “Participants could spend time establishing operating principles, technology hooks, and agreed-upon data exchange elements with each partner; or they could do it once through the Federation and then leverage these common elements for many relationships. ” - In. Common Knight, J. , (2018). “Federation Introduction".

Video Source: JISC 2007

Video Source: JISC 2007

Shibboleth and Federations 9162020 Agenda Trust fabrics FederationsShibboleth and Federations 9162020 Agenda Trust fabrics Federations
GP Federation Patient viewpoint What is a FederationsGP Federation Patient viewpoint What is a Federations
1 Docker Image Container Image Image Docker Image1 Docker Image Container Image Image Docker Image
Digital Image Processing Image Restoration Image Restoration ImageDigital Image Processing Image Restoration Image Restoration Image
Assembly Method Concepts Concept 2 Concept 1 ConceptAssembly Method Concepts Concept 2 Concept 1 Concept
Chapter 6 Concept Modeling Concept Modeling Contents ConceptChapter 6 Concept Modeling Concept Modeling Contents Concept
Today Eerste Concept Tweede Concept Defenitief Concept OnderzoekToday Eerste Concept Tweede Concept Defenitief Concept Onderzoek
Concept check Concept check Concept check Look atConcept check Concept check Concept check Look at
WELLNESS CONCEPT Concept Of Health And Wellness ConceptWELLNESS CONCEPT Concept Of Health And Wellness Concept
RHUMBA Project Concept RHUMBA Concept Green Project ConceptRHUMBA Project Concept RHUMBA Concept Green Project Concept
Concept Mapping What are Concept Maps Concept mapsConcept Mapping What are Concept Maps Concept maps
COGNITION THOUGHT Concept Formation Concepts Concept Formation ConceptCOGNITION THOUGHT Concept Formation Concepts Concept Formation Concept
PPTwww pptbz com Concept concept Concept 150 140PPTwww pptbz com Concept concept Concept 150 140
www 51 pptmoban com Concept concept Concept 150www 51 pptmoban com Concept concept Concept 150
Concept Maps Definitions of concept maps A conceptConcept Maps Definitions of concept maps A concept
Assignment 4 Concept Map CONCEPT MAP 1 CONCEPTAssignment 4 Concept Map CONCEPT MAP 1 CONCEPT
Concept Mapping What is Concept Mapping A conceptConcept Mapping What is Concept Mapping A concept
Concept Voorstellen Het Concept Ons definitieve concept isConcept Voorstellen Het Concept Ons definitieve concept is
Universal Peace Federation Interreligious and International Federation forUniversal Peace Federation Interreligious and International Federation for
SWISS ICE HOCKEY FEDERATION SWISS ICE HOCKEY FEDERATIONSWISS ICE HOCKEY FEDERATION SWISS ICE HOCKEY FEDERATION
European Federation of Foundation Contractors EFFC The FederationEuropean Federation of Foundation Contractors EFFC The Federation
European Federation of Foundation Contractors EFFC The FederationEuropean Federation of Foundation Contractors EFFC The Federation
SWISS ICE HOCKEY FEDERATION SWISS ICE HOCKEY FEDERATIONSWISS ICE HOCKEY FEDERATION SWISS ICE HOCKEY FEDERATION
Spanish Federation of Recovery FER The Federation ofSpanish Federation of Recovery FER The Federation of