National Authentication and Authorization Infrastructures and NRENs Heather

Topics • What is an AAI? • Authentication and Authorization and Infrastructure • Why

Authentication and Authorization Infrastructure • Authentication – provides positive proof, at several possible strengths,

Lack of Infrastructure Reality • Lacking inter-realm infrastructure, • Collaborative applications can’t be safely

NRENs and AAI • In some places NRENS provide the AAI • In many

International AAI peering • International peering meeting October 1415 in Upper Slaughter, England •

Who’s got a national AAI? (or is working toward one? ) • Europe •

Presentations • Keith HAZELTON, University of Wisconsin -Madison and Internet 2 • James SANKAR,

Slides: 8

Download presentation

National Authentication and Authorization Infrastructures and NRENs Heather Boyles, Internet 2 heather@internet 2. edu 20 th APAN Meeting Taipei

Topics • What is an AAI? • Authentication and Authorization and Infrastructure • Why should a network operator/manager worry about AAI? • Management of security, network access, bandwidth on demand • In support of your users (grid, e-science, access to digital resources (journals)) • Who’s got an AAI?

Authentication and Authorization Infrastructure • Authentication – provides positive proof, at several possible strengths, of identity • Authorization – assign permissions to use resources, from web sites to supercomputer access, digital content to parking spaces • Infrastructure means: • A reliable, robust, ubiquitous, service • Initially to the R&E community but with applicability to other vertical sectors • National in character, but of service to multi-national virtual organizations • Built on either central, hierarchical or federated, enterprise models – “Trust Federations”

Lack of Infrastructure Reality • Lacking inter-realm infrastructure, • Collaborative applications can’t be safely deployed • E-science fails to scale • Virtual organizations create ad hoc, insecure, unreliable, non-transparent, difficult to audit duct-tape solutions • Privacy spills occur

NRENs and AAI • In some places NRENS provide the AAI • In many instances, NRENs will need to use the AAI • For network bandwidth control • E. g. access to a ‘lightpath’ type service • For network diagnostics and management • E. g. access to network measurement and monitoring data/equipment • Faciliate campuses’ network access control • E. g. visiting faculty in “roaming” projects • NRENs are in the business of ultimately supporting the end-user - researchers, faculty students engaged interinstitutional e-Science, accessing digital libraries and other resources

International AAI peering • International peering meeting October 1415 in Upper Slaughter, England • Issues include agreeing on policy framework, comparing policies, correlating applications usage to trust level, aligning privacy needs, working with multinational service providers, scaling the WAYF function • “Cookbook” or Guide and Secretary

Who’s got a national AAI? (or is working toward one? ) • Europe • Most being coordinated by existing NRENs • Switzerland (SWITCH), UK (JISC), Finland (FUNET), Spain (Red. IRIS), Netherlands (SURF), Germany (DFN) and more • TERENA Task Force EMC 2 • http: //www. terena. nl/tech/task-forces/tf-emc 2/ • Asia/Oceania • Australia • Japan • North America • US

Presentations • Keith HAZELTON, University of Wisconsin -Madison and Internet 2 • James SANKAR, AARNET • Yasuo OKABE, Kyoto University