Post on 23-Feb-2016
description
transcript
Open Collaboration Exchange
Alexander Blanc, Niels van Dijk, Jocelyn Manderveld, Remco Poortinga - van Wijnen
VAMP 2013, Espoo
Current situation (good news)
• AAI/FIM well established across Europe and elsewhere• Solid growth (NL) on number of connected IDPs, SPs and usage• eduGAIN bridges HE&R fields
SURFconext statistics
Most used services
• All ‘campus centric’ type of services (not surprisingly)
• Also internal services (portal, timetable, …)
• Institutions somewhat reluctant to move to the cloud (for employees)• Google apps mostly for students only
But…
• eduGAIN only start of a solution (enabling)
• Although eduGAIN connects HE&R, no bridge to other (commercial/research) communities/fields yet (see VCH)
• (HE&R) Federations typically not allowed to connect other IdPs
• Most IdPs focus on ‘campus centric’ services
• Difficult to get IdPs to connect to services for a subset of users• E.g. VO services…• Opt-out vs opt-in?• Try ‘zero attribute’ authentication?
• No simple magic solution
So…
• Can we apply ideas from the network world?
• Especially network exchanges?
• See From Network Exchange to Collaboration Exchange - A guided tour https://tnc2012.terena.org/core/session/10
• Make it easy to connect and let participants decide who they want to work with
O.C.E. why? Transnational
• Several use cases show:• Federated approach needed as ‘enterprise’ IDM trust models are poorly suited for
collaborative cross-sector and transnational activities• Transnational collaboration is hindered by differences in federation readiness,
licensing issues, technical and other barriers.
• OCE allows entities to connect to multiple trust frameworks on one technical platform
• OCE will support several well established trust frameworks (e.g. eduGAIN) by default
• OCE significantly lowers barriers for transnational cloud service delivery
O.C.E. why? Cross-sector
• OCE supports cross-sector collaboration capabilities out of the box
• OCE specifically supports public/private partnerships
• Therefore decreasing need for guest access
• OCE enables knowledge transfer on federated approaches from research and education to other sectors
What are Open Collaboration Exchanges?
• An transnational infrastructure for identity- and service providers to interconnect, facilitating authentication-, authorization- and group management processes
• An infrastructure;• that combines a technical infrastructure (a "switchboard") with multiple behavioural trust/policy
frameworks• and thus allows entities to connect to multiple trust frameworks on one technical platform
• An open and secure platform, using open standards, based on open source (OpenConext) technology
• Self-service configuration interfaces for all participants
• Ecosystem for ‘value-added services’, such as a higher level of authentication, statistics, provisioning, metering/billing, etc.
• Aimed towards implementation of multi-stakeholder governance and maintenance
• Enabler of cross-sector and transnational collaboration and service delivery
O.C.E. What it is not
• A replacement for eduGAIN• Leverages/uses eduGAIN and other services/trust frameworks
• Pixie dust for collaboration• Still a lot (most?) effort for non-technical issues
• A trust framework itself• ‘Only’ aggregator with optional added self-service functions
• A finished product• Still very much a concept/idea, many many things still unclear
O.C.E. Overview
OCE(self-service)
IDP1
IDP2
Trust framework• eduGAIN• SURFconext• DIGID
Trust framework• eduGAIN• WAYF
SP1
SP2
Trust framework• SURFconext• DIGID
Trust framework• eduGAIN
eduGAIN• IDP1• IDP2• SP2
Entree• IDP1• SP1
DIGID• IDP1• SP1
trust framework2• IDP1• SP2
OCE(metadata)
O.C.E. What’s next?
• Engage• Different (european) educational federations • Several OpenConext pilot partners• eduGAIN• Global partners
• Learn• AMS-IX, Netherlight and other exchanges• Possible similar ideas, initiatives or projects
• Partnerships• Work with strategic partners on innovation, governance, and funding
• Pilots• In research and education• Cross-sector
O.C.E. pointers
• eduGAIN www.edugain.org
• OpenConext www.openconext.org
• From Network Exchange to Collaboration Exchange - A guided tour https://tnc2012.terena.org/core/session/10
• MARIO https://tnc2013.terena.org/core/session/27
• Collaboration Exchange for Services and Identities https://blog.surfnet.nl/?p=2392