h"ps://aarc-project.eu
Authen4ca4onandAuthorisa4onforResearchandCollabora4on
HannahShort
Sir+iUpdate
AARCCERN-IT
REFEDSMee4ng12thJune2016
h"ps://aarc-project.eu
Whathavewedonesincethelastmee4ng?
Futureplans Whatdoyouwanttodo?
2
Agenda
h"ps://aarc-project.eu
2012 2013 2014 2015 2016 2017 2018 2019
FIM4RPaper
SecurityforCollabora4ngInfrastructures(SCI)
REFEDSWorkingGroup
AARC
SirViv1.0Published
GN4supportsSirViDeployment
FirstRoundDeployment
RFC
AARC2
SecondRoundDeployment
3
Sir+iA<meline
h"ps://aarc-project.eu 4
Whathavewedonesincethelastmee<ng?
SirViisreadytogo!
TrainingPack
5interna4onalpresenta4ons
2REFEDSConsulta4ons
• BigmilestonewasSirViv1.0,whichwaspublishedearly2016
• Wehavebeenpresen4ngtheframework
• Wehavecreatedtrainingmaterial
• Nowfedera4onsareinterestedinactuallyadop4ngSirVi!
h"ps://aarc-project.eu 5
Whathavewedonesincethelastmee<ng?TrainingMaterial
h"ps://aarc-project.eu
• Webinarsandinpersonpresenta4ons• SecurityresponseworkshopheldatISGC• DiscussionsmovingbeyondFIMworld,talkingwithSWITCHSecurityandTF-CSIRT
6
Whathavewedonesincethelastmee<ng?Events
Event Loca<on Date
EWTI(EuropeanWorkshoponTrustandIden4ty Vienna 01Dec2015
ISGC(Interna4onalSymposiumonGridsandClouds) Taiwan 15Mar2016
KantaraIAWG,Videoconference US 07Apr2016
Internet2Webinar US May2016
Internet2GlobalSummit US May2016
TF-CSIRT Riga 12May2016
h"ps://aarc-project.eu
• REFEDSConsulta4ononmanagingmetadataextensionscompletedinAprilh"ps://wiki.refeds.org/display/CON/Consulta4on%3A+Managing+Metadata+Extensions• SirViisnowontheofficiallistofIANAAssuranceProfilesh"ps://www.iana.org/assignments/loa-profiles/loa-profiles.xhtml
7
Whathavewedonesincethelastmee<ng?TechnicalSpecifica<on
<En4tyDescriptor...><Extensions><a"r:En4tyA"ributes>...<saml:A"ributeNameFormat="urn:oasis:names:tc:SAML:2.0:a"rname-format:uri"Name="urn:oasis:names:tc:SAML:a"ribute:assurance-cer4fica4on"><saml:A"ributeValue>h"ps://refeds.org/sirVi</saml:A"ributeValue></saml:A"ribute>...</a"r:En4tyA"ributes></Extensions>...</En4tyDescriptor>
<ContactPersonxmlns:remd="h"p://refeds.org/metadata"contactType="other"remd:contactType="h"p://refeds.org/metadata/contactType/security"><GivenName>SecurityResponseTeam</GivenName><EmailAddress>security@xxxxxxxxxxxxxxx</EmailAddress></ContactPerson>
h"ps://aarc-project.eu
• GN4hasrecognisedthevalueofSirViandwillbeprovidingsupporttomoveSirVitoTRL“Late-stage-pilot”,level7• Concreteaims
1. Pushforwide-scaleadop4onatbothhub-and-spokeandfull-meshfedera4ons
2. Pushforadop4onatkeye/r-infrastructures3. Troubleshootpropaga4onproblems(i.e.metadata
filtering)4. DefineandtestKPIs5. AddSirVitoHighlyRecommendededuGAINprac4ces
8
FutureplansDeployment–SupportfromGN4
h"ps://aarc-project.eu
• SirViwillformthebasisforthe“GenericSecurityIncidentResponseProcedureforFedera4ons”
• DueJanuary2017• WillneedtoexpandonSirVitoinclude
• Workflowsforincidentscenarios• Interac4onwithexis4ngpolicies• …
9
FutureplansAARCDNA3.2IncidentResponseProcedure
h"ps://aarc-project.eu
• WISEWorkinggroupSCIV2h"ps://wiki.geant.org/display/WISE/SCIV2-WG• SCIdocumentneedssomecareanda"en4on…• IncidentResponsemayhaveanupdate• CometotheWISEBoFthisWednesday!hYps://tnc16.geant.org/core/event/21
10
FutureplansSCIV2
h"ps://aarc-project.eu
• Movingawayfromtheoryandtowardsproof-of-conceptpresenta4ons• ThesecurityworkshopatISGCprovedaninteres4ngexerciseanditwouldbeworthrepea4ngJ• MuchofthisoutreachworkwillbemovedtoGN4
11
FutureplansEvents
Event Loca<on Date
TNC-16 Prague June2016
CIC(15USUniversi4es) Michigan July2016
TechEx16 Miami September2016
TF-CSIRT Zurich October2016
GN4 ? December2016
EWTI ? December2016
h"ps://aarc-project.eu
• LiveforIdPs!• UsingSURFcertasSecurityContactProxy• SPsonTODOlist
12
FutureplansCountryUpdates–NL
h"ps://aarc-project.eu
• Technicalworkneeded• Changingfromincommontorefedsnamespace• Wouldwantformaldefini4onofframework,akintoEn4tyCategoryDefini4on
• Outreachworkneeded• MayleverageREN-ISAC’s~10,000SecurityContactstogetstarted
13
FutureplansCountryUpdates–U.S.
h"ps://aarc-project.eu
• AimstosupportSirVibyAutumn• StrongsupportfromSWITCHSecurityTeam
14
FutureplansCountryUpdates–CH
h"ps://aarc-project.eu 15
FutureplansDeployment-Pilots
InterestfromDenmark,Finland,GermanyandUK.Wanttobeonthismap?ComeandfindmeovercoffeeJSir+iisalsobeingincorporatedasarequirementforotherservices,e.g.CERNServices&CiLogonPilot.Tohelpthis,AARCwillworkonaPilotforaSir+iDiscoveryService.
h"ps://aarc-project.eu
87!16
NumberofSir+iCompliantEn<<es…
h"ps://aarc-project.eu
• InthespiritofborrowingInCommon’sgoodideas…• TherehavebeenseveraldiscussionsabouthavingaSirVilogo• ThereisbudgetinAARCtogetthisdone• Avisualindica4onoftrustwouldactasamarkofconfidenceandhopefullyencourageotherorganisa4onstotakealook
17
Whatdoyouwanttodo?Howcanweshowwhichen<<esareSir+icompliant?
Whatdoyouthink?
h"ps://aarc-project.eu
• …
18
…
h"ps://aarc-project.eu
Sugges4onsinclude:• AnofficialREFEDSdocakintoanen4tycategoryspecifica4onh"ps://refeds.org/category/research-and-scholarshiptodefinea"esta4ondura4on,therela4onshipbetweenorganisa4onsandIdPs/SPs• Guidanceonensuringcurrencyofcontactdetails–shouldfedopspingthemregularly?
19
Whatdoyouwanttodo?MissingMaterial
Whatdoyouthink?
h"ps://aarc-project.eu 20
Thanks
• SirViWorkingGroupfortheir4me,ideasandenthusiasm• REFEDSCommunityfortheirsupportandinputtoConsulta4ons• LiciaandAARCforthefundingandfocus• VariousindividualsfromAARCwhohavehelpedputthetrainingmaterialtogether
h"ps://aarc-project.eu
ThankyouAnyQues4ons?
©GÉANTonbehalfoftheAARCproject.TheworkleadingtotheseresultshasreceivedfundingfromtheEuropeanUnion’sHorizon2020researchandinnova4onprogrammeunderGrantAgreementNo.653965(AARC).
h"ps://aarc-project.eu