View
47
Download
0
Category
Tags:
Preview:
DESCRIPTION
Europe Latin America Collaborative e‑Infrastructure for Research Activities A Model for Federated Services. Brook Schofield, TERENA ● Sofia, Bulgaria ● 20 th June 2014. A family of services. Worldwide eduroam status…. e duroam in production eduroam pilot Missing eduroam. Overview. - PowerPoint PPT Presentation
Citation preview
Europe Latin America Collaborative e Infrastructure for Research Activities‑
A Model for Federated Services
Brook Schofield, TERENA ● Sofia, Bulgaria ● 20th June 2014
A family of services
Worldwide eduroam status…
eduroam in productioneduroam pilot Missing eduroam
Overview
Partners• CLARA, GARR, RNP, TERENA, RedIRIS
Focus:
– Promoting and consolidating the foundations for creating a framework for authentication and authorization in Latin America, and facilitate the integration with the European initiatives under TERENA activities such as TF-EMC2 and REFEDS, and will make the necessary arrangements to join the GÉANT service eduGAIN
eduroam in Latin America
Before the Project1 production deployments
– Brazil, Peru
Zero pilot deployments
eduroam in Latin America
Year 1 of the Project3 production deployments
– Brazil, Peru, Chile
9 pilot deployments– Argentina, Colombia,
Costa Rica, Ecuador, El Salvador, Mexico, Nicaragua, Uruguay, Venezuela
eduroam in Latin America
Current progress…8 production deployments
– Argentina, Brazil, Chile, Colombia, Costa Rica, Ecuador, Mexico, Peru
4 pilot deployments– El Salvador, Nicaragua,
Uruguay, Venezuela6 Missing
– Bolivia, Guatemala, Honduras, Panama, Paraguay, Guyana
eduroam statement signed
Federation Development
Campus• Username/Password Store for AuthN
IdP• Expose Campus IdM via SAML/RADIUS
Federation• Aggregates IdPs & SPs; Builds Trust
Inter-Federation
• Aggregates Federations
Key steps
• eduroam at TICAL 2012– Regional Conference, Assess who has eduroam
and who uses it– Repeat at TICAL 2013 and TICAL 2014
• Offer services via federated access/eduGAIN– FileSender, Video Conference Portal,
RedCLARA Portal• Collaboration with GÉANT
Federation Development Criteria
Pilot• Name, Webpage, Metadata Feed
Production• Policy for IdPs & SPs
Candidate• Metadata Registration Practice Statement
eduGAIN• Declaration Signed, Metadata Feed Validated
Identity Federations and Latin America
Year 1• eduGAIN Participant
– Brazil (CAFe)• eduGAIN Candidate
– Chile (COFRe)• Pilot Federation
– Peru• MoU Federations
– Argentina, Colombia, Costa Rica, Mexico eduGAIN Member
Joining eduGAINCandidate FederationPilot FederationMoU Signed
Worldwide eduGAIN status…
CAFeCOFRe
eduGAIN MemberJoining eduGAINCandidate FederationPilot FederationMoU Signed
Identity Federations and Latin America
Current• eduGAIN Participant
– Brazil (CAFe)– Chile (COFRe)
• eduGAIN Candidate– Colombia (COLFIRE)
• Pilot/MoU Federations– Argentina, Costa Rica,
Ecuador, Mexico, PerueduGAIN MemberJoining eduGAINCandidate FederationPilot FederationMoU Signed with ELCIRA
Problems and Concerns
• Policy often more difficult then technical issues - Chile was 1st world wide to adopt Policy Template from GÉANT/REFEDS;
• Different models of sustainability in the NRENs in Latin America;
• Few technical people involved in the project;• NREN commitment/focus in setting up
eduroam infrastructure ahead of AAI.
* MATE (Argentina)
• MATE run by INNOVA|REDMarco para el Acceso a la Tecnología y la Educación (MATE)Model for Access to Technology and Education (MATE)
• Started operation in late 2013• Joined eduGAIN in early-2014 ;-)
• *This is NOT their logo (nor their name)!!
What to focus on?
• Federating your campus systems– Talk to your researchers, staff & students
• Investigate key services– Intranet and Website– Webmail
• Google Apps for Education, Microsoft 365– e-Learning – Moodle– Talk to your librarian about Journal Access– Find your own “killer app”.
• simpleSAMLphp– PHP– Multi-lingual support
• Shibboleth– IdP is Java, SP is C/mod_shib– Runs within Apache Tomcat
• PySAML2 – Python
• Many plug-ins or modules available for common tools.• Benefits are greater than using LDAP.
More that one choice is good…
Federation Development
Technology
Policy
Federation Development
Technology== Pilot
Policy==Production
Federation Development
Technology=>Campus
Policy=>NREN
Technology == Pilot
• Federation Core Services– “Routing”– Discovery
• Federation “Entities” (IdPs/SPs)– Shibboleth– simpleSAMLphp– PySAML– ADFS
Technology == Pilot
• NREN as Federation Operator– “Routing”– Discovery
• Campus, Content Providers, Research Infrastructures– Shibboleth– simpleSAMLphp– PySAML– ADFS
What to NOT focus on?
• Policy over business case/justification– What’s important for your campus’
• Waiting until …– your federation in “production” or in eduGAIN– …a “killer app” is found.
• “Other” or Future Federation Technologies– OpenID Connect + OAuth are being explored.– Hub&Spoke gateways already exist.
Identity FederationsWorld Wide
31 Production Federations
17 Pilot FederationsLast update May 2014
eduroam – roam across borders
26insert logo
eduroamPilot:-(
eduGAIN & Federations
24 eduGAIN Members 7 Joining eduGAIN
0 Candidate Federation16 Other Federations
15 April 2014
Next steps…
• Deploy eduroam Use it at TICAL2015• Pick a campus federation technology &
Deploy an IdP– PySAML2, simpleSAMLphp, Shibboleth– FreeRADIUS, Microsoft NPS, other…
• Connect with your NREN/Fed Operator• Connect with the community
– Country, EAP/CEENet, Europe and Globally• Federate your services
<!—Comments & Questions
-->Brook Schofield
schofield@terena.org
Recommended