InCommon Grows Up

advertisement
www.incommon.org
InCommon Grows Up
www.incommon.org
Kevin M. Morooney
Vice Provost for Information Technology
Penn State
2010 Chair, InCommon
Jack Suess
Vice Provost for Information Technology
UMBC
2010 Vice Chair, InCommon
www.incommon.org
How we’ll use the time
• InCommon...
– ...101 & Background
– ...Community
– ...On campus
– ...Beyond campus
– ...The Futures Report - Our blueprint
– ...Hot topics
2
www.incommon.org
Who is here?
3
www.incommon.org
The InCommon Basic Value Propositions
(v1.0)
•For the campus: InCommon enables campuses to leverage
their identity management systems to allow the use of one
set of credentials to access multiple resources.
•For the provider: Online service providers no longer need to
maintain user accounts. Identity providers manage the levels
of their users' privacy and information exchange.
•For everyone: InCommon uses SAML-based authentication
and authorization systems (such as Shibboleth®) to enable
scalable, trusted collaborations among its community of
participants.
www.incommon.org
...another way to say it....
www.incommon.org
InCommon Federation Value Proposition
(v1.1)
Provides the trust framework for access to online resources
• Single sign-on with higher education credentials
• Enhanced security with fewer data spills
• Privacy – release of only those attributes necessary
• Access – Service provider makes decision based on
attributes
• Scalable – Once implemented, federated access relatively
simple to extend
www.incommon.org
...another way to say it....
www.incommon.org
Before Federation
After Federation
www.incommon.org
InCommon Community
9
InCommon Participants Year-by-Year
1
www.incommon.org
Growth of InCommon
Principle
50M Elvis fans
can’t be wrong
Arizona State University
Hampden-Sydney College
Texas A & M University
University of Northern Colorado
Augsburg College
Humboldt State University
University at Buffalo, SUNY
University of Northwestern Ohio
Baylor University
Indiana University
University of Alabama at Birmingham
University of Oregon
Brown University
Iowa State University
University of Alaska Statewide System
University of Pennsylvania
California Institute of Technology
James Madison University
University of Arizona
University of Pittsburgh
California Maritime Academy
Johns Hopkins
University of Arkansas for Medical Sciences
University of Richmond
California Polytechnic State University, San Luis
Obispo
California State Polytechnic University, Pomona
Lafayette College
University of California, Berkeley
University of Rochester
Liberty University
University of California, Davis
University of South Carolina
California State University, Bakersfield
Louisiana State University
University of California, Irvine
University of South Dakota
California State University, Channel Islands
Loyola University Chicago
University of California, Los Angeles
Massachusetts Institute of Technology
University of California, Merced
University of Southern California
Medical University of South Carolina
University of California, Office of the President
University of Texas at Arlington
Miami University
University of California, Riverside
University of Texas at Austin
Michigan State University
University of California, San Diego
University of Texas At Brownsville
Michigan Technological University
University of California, San Francisco
University of Texas at Dallas
New York University
University of California, Santa Cruz
University of Texas at El Paso
North Carolina State University
University of Chicago
University of Texas at San Antonio
Northern Arizona University
University of Cincinnati
University of Texas At Tyler
Northern Michigan University
University of Colorado at Boulder
Northwestern University
University of Dayton
University of Texas Health Science Center At
Houston
University of Texas Health Science Center At San
Ohio State University
University of Delaware
Ohio University
University of Denver
Antonio
University of Texas M. D. Anderson Cancer
Center
University of Texas Medical Branch at Galveston
Oklahoma State University
University of Findlay
University of Texas of the Permian Basin
Old Dominion University
University of Florida
Oregon Health & Science University
University of Houston-Downtown
University of Texas Southwestern Medical Center
at
Dallas of Texas System
University
Penn State
University of Illinois at Chicago
University of Texas-Pan American
Princeton University
University of Illinois at Urbana-Champaign
University of Utah
Purdue University
University of Iowa
University of Vermont
Coconino Community College
s
e
l
r
e
p
v
o
i
y
l
e
i
n
p
a
U
d
n
4
o
i
l
5
s
l
i
1
n
o
m
i
t
r
4
e
r
s
e
s
v
a
O
f
o
s
n
lil io
M
University of South Florida
Ramapo College of New Jersey
University of Mary Washington
University of Virginia
College of William and Mary
Rutgers, The State University of New Jersey
University of Maryland
University of Washington
Colorado State University
San Diego State University
University of Maryland Baltimore County
University of Wisconsin - Madison
Columbia University
San Francisco State University
University of Maryland, Baltimore
University of Wisconsin - Whitewater
Cornell University
San Jose State University
University of Massachusetts Amherst
Vanderbilt University
Dartmouth
Seattle Central Community College
University of Michigan
Virginia Commonwealth University
Duke University
Sonoma State University
University of Minnesota
Virginia Polytechnic Institute and State University
Emory University
Stanford University
University of Missouri System
Virginia State University
Fairfield University
Stark State College of Technology
University of Nebraska - Lincoln
Wake Tech Community College
Florida State University
Stevens Institute of Technology
University of Nevada, Reno
Washington University in St. Louis
George Mason University
Stony Brook University
University of North Carolina at Chapel Hill
Whitman College
Georgetown University
Sweet Briar College
University of North Carolina at Greensboro
California State University, Chico
California State University, Dominguez Hills
California State University, East Bay
California State University, Fresno
California State University, Fullerton
California State University, Long Beach
California State University, Monterey Bay
California State University, Northridge
California State University, Office of the
Chancellor
California State University, Sacramento
California State University, San Bernardino
California State University, San Marcos
California State University, Stanislaus
Carleton College
Carnegie Mellon University
Case Western Reserve University
Central Piedmont Community College
Clemson University
s
e
ti i
Absolute Software, Inc.
Apple - iTunes U
Atlas Systems, Inc.
BioOne, Inc.
Blatant Media Corporation
Burton Group
Cengage Learning, Inc.
Colorado Alliance of Research Libraries
Davie County Schools
Digital Measures
e-academy, Inc.
e2Campus by Omnilert, LLC
Ebook Library - EBL
EBSCO Publishing
EDUCAUSE
Elsevier
EnergyCAP, Inc.
Houston Academy of Medicine - Texas Medical Center
Library
Identit-e
Internet2
JSTOR
Kuali Foundation
Learn.com
Leepfrog Technologies, Inc.
lynda.com
MCNC
Microsoft
National Student Clearinghouse
NC Live
NG Web Solutions
North Carolina Department of Public Instruction
OCLC
OhioLink - The Ohio Library & Information Network
Outside The Classroom
PeopleAdmin, Inc.
ProQuest LLC
ProtectNetwork
Qualtrics
RefWorks, LLC
Rockingham County Schools
Safari Books Online
Students Only Inc.
SumTotal Systems Inc.
Symplicity Corporation
The H.W. Wilson Company
Thomson Reuters
Travel Solutions, Inc.
Trondent Development Corp.
Turnitin
University of Texas Health Science Center At Tyler
UniversityTickets
WebAssign
Argonne National Laboratory
Energy Sciences Network (ESNet)
Lawrence Berkeley National Laboratory
Moss Landing Marine Laboratories
National Institutes of Health
National Science Foundation
TeraGrid
www.incommon.org
InCommon Leadership-Steering Committee
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Steve Cawley, University of Minnesota – Treasurer
Joel Cooper, Carleton College – Secretary
Mark Crase, California State University
Chris Holmes, Baylor University
Ken Klingenstein, Internet2 (ex officio)
Tracy Mitrano, Cornell University
Kevin Morooney, Penn State – Chair
John O'Keefe, Lafayette College
Stephanie Reel, Johns Hopkins University
Jack Suess, University of Maryland, Baltimore County – Vice-Chair
Chris Shillum, Elsevier
Shel Waggener, UC Berkeley
Advisers:
Renee Frost, Internet2, University of Michigan
Rodney Petersen, EDUCAUSE (ex officio)
David Wasley, retired, UCOP
www.incommon.org
InCommon Leadership-Technical Advisory Committee
•
•
•
•
•
•
•
•
•
•
•
•
•
RL "Bob" Morgan, University of Washington – Co-Chair
Renee Shuey, Penn State – Co-Chair
Tom Barton, University of Chicago
Jim Basney, Teragrid
Scott Cantor, The Ohio State University
Steven Carmody, Brown University
Paul Caskey, University of Texas System
Michael Gettes, Massachusetts Institute of Technology
Keith Hazelton, University of Wisconsin - Madison
Ken Klingenstein, InCommon Steering Committee
Mike LaHaye, Internet2
David Walker, University of California Davis
David Wasley, retired, UCOP
www.incommon.org
InCommon is Community Driven
• evangelize new vendors
• analyze service opportunities
• develop technical strategies
• do interoperability testing, etc.
www.incommon.org
InCommon learning opportunities
www.incommon.org
InCommon learning opportunities
www.incommon.org
InCommon learning opportunities
www.incommon.org
InCommon On Campus
22
www.incommon.org
InCommon:
Federating as Horizontal and Vertical Integration
www.incommon.org
Horizontal Integration
Multiple services all over campus
www.incommon.org
InCommon Beyond Campus
25
www.incommon.org
Vertical Integration
Multiple services in one area (library)
etc., etc.
R&E Federations
•Substantial deployments in many countries, including UK,
Norway, Switzerland, Sweden, Japan, Australia, France,
Denmark, Finland, Spain, Germany, Netherlands, etc.
Coverage in a number of countries is now 100%.
• Uses include roaming access, grid credentials, digital
content access, wiki controls
kjk@internet2.edu
www.incommon.org
The InCommon Futures Task Force Report
Our blueprint for the future
28
www.incommon.org
The Task Force
Amy Philipson, Pacific NW Gigapop, (Internet2 AMSAC)
Chris Shillum, Elsevier, (InCommon Steering)
Clair Goldsmith, UT System, (InCommon Steering)
Cliff Lynch, CNI, (Internet2 RAC)
Doug Van Houweling, Internet2 CEO
Jack Suess, UMBC, (InCommon Steering, Internet2 AMSAC)
John Krienke, Internet2, InCommon
Ken Klingenstein, Internet2, U Colorado, (InCommon Steering)
Kevin Morooney, Penn State, (InCommon Steering)
Lois Brooks, Stanford, (InCommon Steering)
Richard Katz, EDUCAUSE
Rosio Alvarez, Lawrence Berkeley Labs, (Internet2 RAC)
Ray Ford, U Montana, (Internet2 AMSAC)
RL 'Bob' Morgan, U Washington, (MACE, InCommon TAC -Technical Advisory Committee)
Rick Summerhill, Internet2 CTO
Sally Jackson, U Illinois, (Internet2 AMSAC)
29
www.incommon.org
What they were asked to do
•
Task Force launched and charged, January 2009
•
Final report submitted to Internet2 board, July 2009
•
http://bit.ly/InCommonFuturesReport
30
www.incommon.org
The Recommendations
•
Structure
•
Governance
•
Membership
•
Specifics
31
www.incommon.org
Structure
•
•
Trust services platform
•
Increase offerings
•
Become financially self-sufficient
A foundation
•
endeavor to become a place or coordinating point for R&D,
development of I2MI and like efforts
32
www.incommon.org
Governance
•
Set a path towards financial independence
•
Establish a Board of Directors to whom the Executive
Director of InCommon reports
33
www.incommon.org
Membership
•
Continue to focus on U.S. higher education
•
Actively pursure technical and political relationships with
U.S. federal government (notably NSF, NIH, DoE), statebased federations and consortia, companies and
organizations that provide services to education
34
www.incommon.org
Specific Recommendations
•
Q2 2010, mission and funding plan
•
Secure Internet2’s continued support for 3 years
•
Internet2 to fund additional positions
•
Internet2 continues to provide admin services
•
Internet2 commitment to drive InCommon membership to
75% of Internet2 membership
35
www.incommon.org
Specific Recommendations
•
•
•
•
•
InCommon to continue to analyze and plan for new trust
services
InCommon, with additional support, to develop training
and promotional programs
InCommon, with additional support, to develop formal
outreach programs
Bronze and Silver profiles to be released at spring I2MM
Develop new, tiered pricing plan by 2011
36
www.incommon.org
InCommon Hot Topics
37
www.incommon.org
Shaping activities, new directions
•Level of Assurance: Bronze,Silver,Gold
•Personal privacy management: uApprove,
SWITCHaai
•Interfederation
•It’s all about the attributes
•Internet of Things
•Trust, Identity, and the Internet
•Certificate Service
www.incommon.org
Shaping activities, new directions
•Level of Assurance: Bronze,Silver,Gold
•Personal privacy management: uApprove,
SWITCHaai
•Interfederation
•It’s all about the attributes
•Internet of Things
•Trust, Identity, and the Internet
•Certificate Service
InCommon LOA (Level of Assurance)
•InCommon – today’s federation
•Bronze (LOA 1)- A campus researcher uses their
campus account to access an NIH clinical trial wiki
•Silver (LOA 2) – A sponsored research accountant
uses their secure campus account to modify
documents on NSF Fastlane
•Gold (LOA 3) - A campus security officer could use
their local two factor authentication to participate in
a Teragrid security incident
kjk@internet2.edu
www.incommon.org
Shaping activities, new directions
•Level of Assurance: Bronze,Silver,Gold
•Personal privacy management:
uApprove, SWITCHaai
•Interfederation
•It’s all about the attributes
•Internet of Things
•Trust, Identity, and the Internet
•Certificate Service
kjk@internet2.edu
kjk@internet2.edu
kjk@internet2.edu
www.incommon.org
Shaping activities, new directions
•Level of Assurance: Bronze,Silver,Gold
•Personal privacy management: uApprove,
SWITCHaai
•Interfederation
•It’s all about the attributes
•Internet of Things
•Trust, Identity, and the Internet
•Certificate Service
Interfederation
•Connecting autonomous federations
•Critical for global scaling, accommodating state
and local federations, integration across sectors
•Has technical, financial and policy dimensions
•Elegant technical solution being developed in
the eduGAIN project of Geant
•Policy activities in Kalmar2 Union, Geant,
Kantara, Terena
kjk@internet2.edu
www.incommon.org
Shaping activities, new directions
•Level of Assurance: Bronze,Silver,Gold
•Personal privacy management: uApprove,
SWITCHaai
•Interfederation
•It’s all about the attributes
•Internet of Things
•Trust, Identity, and the Internet
•Certificate Service
The Attribute Ecosystem
•Authentication is very important, but identity is just
one of many attributes
•And attributes provide scalable access control,
privacy, customization, linked identities, federated
roles and more
•We now have our first transport mechanisms to
move attributes around – SAML and federations
•There will be many sources of attributes, many
consumers of attributes, query languages and other
transport mechanisms
kjk@internet2.edu
Federated Identity, Attributes and
Access Control
•For the last ten years we’ve been promoting federated
identity
•But the real agenda was to manage access control…
•And the scalable, privacy-preserving way to do access
control is attributes
•And group membership is a necessary and sufficient
attribute for access control
kjk@internet2.edu
www.incommon.org
Shaping activities, new directions
•Level of Assurance: Bronze,Silver,Gold
•Personal privacy management: uApprove,
SWITCHaai
•Interfederation
•It’s all about the attributes
•Internet of Things
•Trust, Identity, and the Internet
•Certificate Service
The Internet of things
•We have built the Internet of computers and now the
Internet of people and identity; next is things.
•Federation is a powerful model – it provides a degree
of local freedom but a scalable infrastructure; with
interfederation it can reach Internet scale.
•Devices need to have identity, attributes, access
control privileges, etc that tend to federate and also
need to interact with identity federation.
•Next generation Internet work has many types of
federations of circuits, of firewalls, of routers, etc.
kjk@internet2.edu
www.incommon.org
Shaping activities, new directions
•Level of Assurance: Bronze,Silver,Gold
•Personal privacy management: uApprove,
SWITCHaai
•Interfederation
•It’s all about the attributes
•Internet of Things
•Trust, Identity, and the Internet
•Certificate Service
Trust, Identity and the Internet
•The Internet was built for friendly behavior; that is not
the current situation
•ISOC initiative to introduce trust and identity-leveraged
capabilities to many RFC’s and protocols
•http://www.isoc.org/isoc/mission/initiative/trust.shtml
•First target area is DKIM; subsequent targets include
SIP and firewall traversal (trust-mediated transparency)
•FCC - Broadband Strategy
•FTC - National Strategy for Secure Online Transactions
kjk@internet2.edu
www.incommon.org
Shaping activities, new directions
•Level of Assurance: Bronze,Silver,Gold
•Personal privacy management: uApprove,
SWITCHaai
•Interfederation
•It’s all about the attributes
•Internet of Things
•Trust, Identity, and the Internet
•Certificate Service
InCommon
•Certificate Service
55
kjk@internet2.edu
Q&A
56
kjk@internet2.edu
Download