www.canarie.ca
National Federation Perspectives & Insights
Chris Phillips | October 1st, 2012 | Internet2 Fall Member Meeting | Philadelphia
www.canarie.cawww.canarie.ca
About CANARIE
Map date: 29 May 2012
Operates Canada’s ultra-high-bandwidth research network• Connects one million users at
1,100 institutions, “big science” facilities like TRIUMF, NEPTUNE, CLS, SNOLAB, and to Compute Canada HPC consortia
• 19,000km of fibre with a 40 Gbps backbone
• Funds programs that enable greater access to research data, tools and peers and to stimulate the ICT sector
Operator of the Canadian Access Federation• SAML federation based on
Shibboleth• Canadian Eduroam 802.1x
wireless roaming operator• eduGAIN participant
Primary investment from Government of Canada - $480 M since 1993
2
www.canarie.cawww.canarie.ca
Current CAF Services
SAML via
• For web and non web Authentication Authorization Attribute release
802.1x via
3
• For wireless authentication
20-Jul 16-AugFY12Q4 FY13Q1 FY13Q2 FY13Q2
860000880000900000920000940000960000980000
1000000
902737
937000957766
976200
CAF enabled Users(SAML & eduroam)
1/1
1
3/1
1
5/1
1
7/1
1
9/1
1
11/
11
1/1
2
3/1
2
05-2
012
07-2
012
-
200,000
400,000
600,000
800,000
eduroam Successful Logins
Other Canada
www.canarie.cawww.canarie.ca
Vision for CAF
To be the preferred access management service for electronic resources in the Canadian innovation ecosystem in support of Research and Education (R&E) Guiding Principles
Increase Reach
• Users & Technology adoption
• Communities of Practice
• Geographical
Increase Services
• # of Service Providers
• Service Types
Technical Leadership
• Operational Excellence
• Next Gen topics
www.canarie.ca
This is what it feels like trying to collaborate…. 5
Image: Phil Roeder - Flickr
www.canarie.caThis is how we want it to feel.
6
www.canarie.cawww.canarie.ca
How?
Facilitate collaboration at the largest scale possible.
www.canarie.cawww.canarie.ca
How?
Facilitate collaboration at the largest scale possible.
Easiest
but
trustedv
Seamlessl
y
v
www.canarie.ca
Benefits
• For the End User– Less credentials to remember, but stronger ones– Easier access to resources/data, but in the right way– Alignment of identity across systems– Ability to collaborate internationally (both inward & outward)
• For Operations– Least
• Development effort• Support costs• Risk
– Most• Secure• Accurate• Auditable
– Benefit from various network effects• You don’t have to do all the integration effort, but when you do, it’s
easier• You benefit from others adding services important to them
9
www.canarie.ca
Areas of Interest
• Cloud Identity Provider– Reduce complexity for coming into federation– Eases overall effort
• Guest IdP• Gateway IdP via Social2SAML gateway• Non web sign on (SAML, Moonshot/abfab)• Self service interfaces for SP/IdPs (Australian Federation
Manager)• Attribute sets
www.canarie.cawww.canarie.ca
Non Web Signon
SAML Hybrid SAML+802.1x
11
• SAML Enhanced Client SASL and GSS-API Mechanisms[1]
• Application Bridging for Federated Access Beyond web (abfab) aka Moonshot[2]
[1] http://datatracker.ietf.org/doc/draft-ietf-kitten-sasl-saml-ec/[2] http://datatracker.ietf.org/doc/draft-ietf-abfab-aaa-saml/
Common To Both:• Underway in IETF standards body• Require touch points at the client & server• A (big) part of a larger environment
www.canarie.ca 12www.canarie.ca
International Linkages are Critical
www.canarie.ca
International Federation Landscape
13
www.canarie.ca
How Federations Interconnect
14
www.canarie.ca
The Big Picture:Collaboration & Interconnection
CAF
Local FedIdp SP
SP
Local Fed
Idp SP
SP Idp
SP
Special Interest Trust Groups
IdpIdp
Idp
• Efficient, least effort for SP/IdP• Local fed incubates federation
aware apps• SITG can leverage common
infrastructure, and overlay special attribute sets & specific policies
SPSP
SP
SP Idp
Higher Assurance
www.canarie.ca
Top Related