Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
-
Upload
dinah-henry -
Category
Documents
-
view
213 -
download
1
Transcript of Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Belnet FederationBelnet – Loriau Nicolas
Brussels – 12th of June 2014
Agenda
• Presentation of Belnet R&E federation
• IdPs / SPs / DS
• Technical framework
• eduGAIN
• Belnet Federation services• Antispam Pro
• Mconf
• Filesender
• Viabel.net
• Personal Certificate
12/06/2014 Workshop Belnet R&E Federation 2
Belnet R&E Federation
4
Belnet R&E Federation
What is a federation?
Why a federation?
“Evolving to streamlined access for web services”
12/06/2014 Workshop Belnet R&E Federation 4
What is a federation?
“A federation is an association of organizations that use a common
set of attributes, practices and policies to exchange information
about their users and resources in order to enable collaboration
and transactions”
(www.Incommon.org, Internet2, 2012)
12/06/2014 Workshop Belnet R&E Federation 5
6
What is Belnet R&E Federation
Identity & Access Management
Research &Education
Community
IdentityProviders
Federated Partners CommercialNon-profit
GovernmentAgencies
OtherFederations
ServiceProviders
12/06/2014 Workshop Belnet R&E Federation 6
7
What is Belnet R&E Federation
7
Identity & Access Management
Research &Education
Community
IdentityProviders
Federated Partners
ServiceProviders
Administration?
Legal?
Technical?
TrustedMediator
12/06/2014 Workshop Belnet R&E Federation 7
8
What is Belnet R&E Federation
8
Identity & Access Management
Research &Education
Community
IdentityProviders
Federated Partners
ServiceProviders
TrustedMediator
12/06/2014 Workshop Belnet R&E Federation 8
9
Why use a federation? - Philosophy
- Technical aspect
Let us briefly go back in time, when:- users were still new to the network
- security & privacy concerns were minimal
Why: Belnet R&E Federation
12/06/2014 Workshop Belnet R&E Federation 9
LAN
10
Why: Belnet R&E Federation
User = johnPwd = abc123
User = janePwd = abc456
User = jdoe1Pwd = def123
User = jdoe2Pwd = def456
User = johndoePwd = ghi123
User = jd456Pwd = jkl123
User = john456Pwd = mno123
User = jd123Pwd = pqr123
User = jdoePwd = ghi456
User = jd123Pwd = jkl456
User = jane123Pwd = mno456
User = jd456Pwd = pqr456
1991
12/06/2014 Workshop Belnet R&E Federation 10
11
Why: Belnet R&E Federation
User = johnPwd = abc123Birth dateHome address…
User = jdoePwd = def123Birth dateHome address…
User = johnPwd = abc123Birth dateHome address
User = jdoePwd = def123Birth dateHome address
User = jdoePwd = def123Birth date
User = johnPwd = abc123Birth date
12/06/2014 Workshop Belnet R&E Federation 11
12
Why: Belnet R&E Federation
2001
12/06/2014 Workshop Belnet R&E Federation 12
13
Why: Belnet R&E Federation
Identity & Access Management
Role-BasedAccesControl
Add Mod Del
One account& passwordper user
2001
12/06/2014 Workshop Belnet R&E Federation 13
The Cloud
14
Why: Belnet R&E Federation
SoftwareasaService
20142014 or
1991?User = john
Pwd = abc123
User = janePwd = abc456
User = jdoe1Pwd = def123
User = jdoe2Pwd = def456
User = johndoePwd = ghi123
User = jd456Pwd = jkl123
User = john456Pwd = mno123
User = jd123Pwd = pqr123
User = jdoePwd = ghi456
User = jd123Pwd = jkl456
User = jane123Pwd = mno456
User = jd456Pwd = pqr456
12/06/2014 Workshop Belnet R&E Federation 14
15
Why: Belnet R&E Federation
15
Identity & Access Management
ServiceProvider 1
ServiceProvider 2
IdentityProvider 1
IdentityProvider 2
One agreement
One language:SAML2
1-timesetup
1-timesetup
“Evolving to streamlined access for web services”
One account& passwordper user
Identity & Access
Management
Identity & Access
Management
12/06/2014 Workshop Belnet R&E Federation 15
Actors of a federation
Identity Providers
Workshop Belnet R&E Federation12/06/2014 19
Service Providers
Workshop Belnet R&E Federation12/06/2014 21
Discovery service
Workshop Belnet R&E Federation12/06/2014 22
Benefits
• For IdP:• Access to wider range of services than available locally
• No extra administrative burden if you are already participating in a
federation
• One user name and password
• For SP:• Grow your audience
• Lower costs per user
• No local user database
12/06/2014 Workshop Belnet R&E Federation 23
Technical framework
Software Components
Identity Provider– Hosted on systems of organisation
– Shibboleth IdP
– simpleSAMLphp
– Verifies user’s credentials (username/password):Bridge between Federation and user database
– Knows user attributes, implements the attribute release policy
12/06/2014 Workshop Belnet R&E Federation 25
Software Components
Service Provider– Shibboleth SP
– simpleSAMLphp
– Integrates with IIS and/or Apache
12/06/2014 Workshop Belnet R&E Federation 26
Attributes
All relevant information about user:− Name, First name, date of birth, …
− Role (student, staff, alumni, …)
− Email address, anonymized ID, …
Stored on LDAP or AD
Attribute Release Policy− Only a few attributes required to join the Federation
− The IdP decides how and to whom to release attributes
− Respect of the privacy of users
12/06/2014 Workshop Belnet R&E Federation 27
Authentication process
Identity Provider Service Provider
User
1
2
34
5
6
7
8
12/06/2014 Workshop Belnet R&E Federation 28
Metadata
• What's in the metadata− Mandatory!
− Who are the IdPs?
− Who are the SPs?
− What are their URLs and certificates
− Organisation and Technical Contact
12/06/2014 Workshop Belnet R&E Federation 32
Metadata
• Entity metadata vs. Federation metadata − Entity metadata:
− for single IdP or SP
− Federation metadata:− aggregation of entity metadata
− for all IdPs and SPs in the Federation
12/06/2014 Workshop Belnet R&E Federation 33
eduGAIN
eduGAIN
12/06/2014 Workshop Belnet R&E Federation 35
eduGAIN
• Interconnecting federations
• Metadata Service : aggregates and pushes
12/06/2014 Workshop Belnet R&E Federation 36
eduGAIN
• Extends the portfolio of services
• Extends the audience
• To get access to eduGAIN, you need to request it
12/06/2014 Workshop Belnet R&E Federation 37
Belnet Federation services
Antispam Pro
12/06/2014 Workshop Belnet R&E Federation 39
Antispam Pro
Cloud-based– Data/servers are in Belgium @ Belnet
(trust)
Flexible– Easy user management and delegation
– Customizable
Complete– Inbound and outbound
– Antispam and Antivirus
– Reporting
12/06/2014 Workshop Belnet R&E Federation 40
Mconf
Collaborative web interface with public/private space.
Recently added to the Federation
Go ahead and use it
12/06/2014 Workshop Belnet R&E Federation 41
Mconf @ Belnet
12/06/2014 Workshop Belnet R&E Federation 42
Mconf
Give us your feedback via [email protected]
Not a Belnet service
Limited support
12/06/2014 Workshop Belnet R&E Federation 43
FileSender
• Sends e-mail with big files attached
• From the members of the R&E Federation
• To any recipient
12/06/2014 Workshop Belnet R&E Federation 44
FileSender
12/06/2014 Workshop Belnet R&E Federation 45
Viabel.net
12/06/2014 Workshop Belnet R&E Federation 46
Personal Certificates
12/06/2014 Workshop Belnet R&E Federation 47
Q&A