Date post: | 18-Dec-2015 |
Category: |
Documents |
View: | 216 times |
Download: | 2 times |
17th TF-EMC2. Lyon, February 2011
On the Many Ways to Identity Exchange
Digital identities are more valuable
as they are more widely assertable
Diego R. Lopez, RedIRIS
17th TF-EMC2. Lyon, February 2011
The Open Fronts
• Life beyond SAML OpenID and “Identity 2.0” OAuth and JWT
• Seeking for meeting points eIRG STORK eduGAIN, PEER, MDX, … AAI convergence and STS efforts
• Sort of Proxying Inner access: TERENA SPP Outer access: Proposal to REFEDS
17th TF-EMC2. Lyon, February 2011
The twodotosphere
• MACE’s WG on OpenID https://spaces.internet2.edu/display/OpenID/Home Guidance, toward some degree of standardization Examine the demand for, and applicability of,
SAML/OpenID gateways
• Integrating identities both ways Logins4Life Social authsources social2saml.org SIR-enabled Facebook groups Social discovery services
17th TF-EMC2. Lyon, February 2011
Tokens and token formats
• OAuth2 consolidating Several rather mature I-Ds making their way up in IETF And proposals based on it
• UMA, inside Kantara• REST token-based access, inside GN3
• JWT: JSON Web Token Intended for space constrained environments
• HTTP Authorization headers• URI query parameters
Simpler to code and parse
• OAuth2 AP: http://www.rediris.es/oauth2/• JWT: Proof-of-concept for SIR-REST integration
17th TF-EMC2. Lyon, February 2011
Higher Convergence
• STORK progressing Proposal for making EC services STORK-aware Seeking for new use cases in academic space Lever for integration with governmental infrastructures
• eIRG on AAIs Convergence in academic space a key issue Federations as the main enablers Integration with the wider Internet A long way to go, policy-wise Acknowledgement to TERENA and REFEDS role
17th TF-EMC2. Lyon, February 2011
Lower Convergence
• Metadata aggregators PEER (not) vs. eduGAIN
• Several services integrating federations and Grid PKIs Watch Chris’ talk on this
• Convergence at the WS level: STS SURFNet experiments and CLARIN interest EMI-EGI initiative GEMBus STS (soon to be demonstrated) EUGridPMA to explore policy aspects
17th TF-EMC2. Lyon, February 2011
The Identity Swiss Knives
• Proxying is a wide concept that can address solutions to a wide variety of issues
• Simplify management See Dick’s talk
• Increase federation usage The most usual application
• Boost privacy Only provide an IP to access resources
• Enhance user experience Resolvers and deep-linking
• Expanding applicability WS-based interfaces and non-Web clients
17th TF-EMC2. Lyon, February 2011
A Proposal for REFEDS Funding
• The goals Remote federated proxy administration Centralized configuration of proxy meshes Non-Web clients in third party WS environments Neutral link resolution and deep linking
• The technologies EZProxy Apache2 proxy capabilities
• The players: WAYF and RedIRIS