Federated identity system for scientific collaborations

9 Jun 2011, 13:00 → 10 Jun 2011, 14:40 Europe/Zurich

IT Auditorium (CERN)

Bob Jones (CERN)

The goal is to explore the requirements for federated identity management across the different disciplines, compare the functionality, operational constraints and state of deployment of current technologies, and formulate a roadmap for how we could establish such a service in the future.

Minutes fed_id_workshop_summary_CERN_June_2011.pdf

Thursday 9 June

user requirements

Federated identity from the user community point of view. Here different scientific user communities will present their needs & expectations, current usage and future directions.

1 Welcome

Speaker: Frederic Hemmer (CERN)

Slides 2011-06-09_-_Identity_Management_Workshop_-_Welcome.pdf 2011-06-09_-_Identity_Management_Workshop_-_Welcome.pptx

2 Introduction

Speaker: Bob Jones (CERN)

3 European photon/neutron facilities

Speaker: Heinz J Weyer (PSI)

Slides CERNFEdIdentityJun2010k.pdf CERNFEdIdentityJun2010k.ppt

4 CLARIN and the humanities

The CLARIN project is one of the five Humanities Research Infrastructures on the ESFRI roadmap. In the preparatory phase solutions for AAI requirements were researched and implemented and are now used within the national CLARIN initiatives that have begun and are starting in the Netherlands, Germany, Denmark, Finland and several other European countries. A new European project "DASISH" is being started and will unite all the ESFRI Humanities RI projects in building a common AAI infrastructure based on experiences of CLARIN and the other project's preparatory phase findings

Speaker: Mr Daan Broeder

biography Daan_Broeder_bio.docx Daan_Broeder_bio.pdf

Slides CLARIN-FedIdManagement.pdf CLARIN-FedIdManagement.pptx

5 WLCG

Speaker: Mr Romain Wartel (CERN)

Slides Wartel-IdentityFederationWS.pdf

6 Earth Science (Climate)

Speaker: Philip Kershaw (STFC)

Paper Federated_Identity_in_the_Earth_Science_Domain.pdf

Slides Federated_Identity_in_the_Earth_Science_Domain.pdf Federated_Identity_in_the_Earth_Science_Domain.pptx

7 Life Science (ELIXIR)

Speaker: Ugis Sarkans (EBI)

Abstract abstract.docx abstract.pdf

Biography biogr.docx biogr.pdf

Slides identity.pdf identity.pptx

16:00 Coffee break

existing infrastructure

Services offered by major e-infrastructure providers. International infrastructures offer a number of services related to federated identity management. Presentations from these e-infrastructures will outline these services and forthcoming developments.

8 EGI

Speaker: Steven Newhouse

Slides

• EGI-IMv1.pdf
• EGI-IMv1.pptx
• EGI-IMv2.pdf
• EGI-IMv2.pptx

9 Identity Management in Open Science Grid: Challenges, Needs, and Future Directions

Speaker: Mine ALTUNAY (FNAL)

Slides CernIDMgmt_06_2011_v2.pdf CernIDMgmt_06_2011_v2.pptx

10 DEISA/PRACE

Since 2004, the High-Performance Computing (HPC) community has organized itself in Europe through two major EU funded projects : DEISA (Distributed European Infrastructure for Supercomputing Applications, 2004-20011) and PRACE (Partnership for Advanced Computing in Europe) which started in 2008. The HPC ecosystem has been consolidated with the definition of a “pyramidal model” which clarifies the relations between the different actors. This work led to the creation in 2010 of PRACE-RI, a persistent pan-European infrastructure with its headquarter seated in Brussels and established as a non-profit association of European government representative organizations responsible for HPC. Identity management has always been considered as a critical activity and it has been a constant goal to maintain a robust solution both secured and not discouraging for the end users. For this reason, technical teams have done their best to design and implement a robust and easy-to-use solution. The trust model adopted is based on X509 certificates and uses when possible the Single Sign-On (SSO) approach. A fine grained authorization system as well as a distributed accounting database are also included. Even if the current model is fully operational, PRACE is investigating how it could evolve to integrate identity federation solutions. The main reason motivating this approach is a strong wish to enable interoperability with other international projects. Therefore, PRACE follows closely as part of its technology evaluation program the efforts carried out in this field. Following open standards based solutions is essential to reach interoperability, however there are also other criteria that must not be forgotten such as the identification of trustful credential providers, common understanding of the meaning of attributes and the compliance of applications with the solutions.

Speaker: Mr Vincent Ribaillier (IDRIS)

Bio bio.txt

Slides 20110609-DEISA-PRACE-Vincent_Ribaillier.pdf 20110609-DEISA-PRACE-Vincent_Ribaillier.pptx

11 CILogon: Federated Access to US CyberInfrastructure

Speaker: Mr Jim Basney (NCSA)

Abstract 201106-basney-cern-abstract.pdf

Slides 201106-cilogon-cern.pdf

12 GEANT

Speaker: Mr Joshua Howlett (JANET)

Slides The GEANT eduGAIN service connects users to services by interconnecting the European Identity Federations. Following a successful pilot phase, in which 13 of Europe's 19 federations participated, the service has now entered production. As with the existing federations, the GEANT eduGAIN service currently only supports Web-based applications. The goal of Project Moonshot, an initiative led by JANET(UK) and supported by GEANT and others, is to extend the benefits of federated identity to any application or service -- not just Web applications. The Moonshot technology has been successfully demonstrated with a range of applications, including OpenSSH, OpenLDAP, MyProxy, Firefox and Apache. On the basis of these results, JANET(UK) has recently proposed that a Common Global Access Management System should be established, building on Moonshot and existing federated identity systems, that would provide a AAA infrastructure for almost any application and service.

13 Terena Certificate Service

Speaker: David Groep (NIKHEF-Unknown-Unknown)

Slides TCS-presentation-Jun2011-DG.pdf TCS-presentation-Jun2011-DG.ppt

14 EMI

Speaker: John White White (Helsinki Institute of Physics HIP)

Slides 110609-EMI-AAI.pdf 110609-EMI-AAI.ppt

18:20 Aperitif in Restaurant 2

Friday 10 June

policy

Policy and security aspects. Interventions addressing questions such as which communities, individuals and institutes should be seen as part of the federated identity management system, what is the decision making process for inclusion/exclusion, legal aspects, interoperability with commercial identity providers and social networking tools.

15 International Grid Trust Federation

Speaker: David Groep (Nikhef)

Slides EEF-IdM-workshop-IGTF-building-20110610.pdf EEF-IdM-workshop-IGTF-building-20110610.pptx

16 SURFfederatie

Speakers: Remco Poourtinga (SURFnet), Van Wijnen (SURFnet)

Slides CERN-fed-id-mgt-SURFnet.pdf CERN-fed-id-mgt-SURFnet.ppt

17 UK Access Management Federation

Speaker: Matthew Dovey (JISC)

Slides cern.pdf cern.ppt

18 SWITCHaai: The Identity Federation of the Swiss Higher Education Sector

Speaker: Christoph Witzig (Eidgenossische Technische Hochschule Zurich/ETH (ETH))

Slides 110610_switch_witzig.pdf 110610_switch_witzig.ppt

19 Operational Security

Speaker: Leif Nixon (NSC)

Slides opsec.pdf

20 CERN’s experience with federated Single Sign On

Speaker: Emmanuel Ormancey (CERN)

Slides 20110609_-_Federation_Workshop_-_CERN’s_experience_with_federated_Single_Sign_On.pdf 20110609_-_Federation_Workshop_-_CERN’s_experience_with_federated_Single_Sign_On.pptx

10:30 Cofffe break

towards a roadmap for a federated identity management system

Towards a roadmap for a federated identity management system. Panel discussion focussed on proposing a set of steps that could lead to convergence on a federated identity management system for scientific collaborations

21 Panel chaired by Stefan Lueders with Mike Helm, Dave Kelsey, Alan Sill and others

chair: Stefan Lueders Dave Kelsey Mike Helm Alan Sill others

Speakers: Alan Sill (Texas Tech University), Dr David Kelsey (RAL), Mike Helm (Science Identity Federation), Other panelists TBC, Dr Stefan Lueders (CERN)

Slides

• CERN_2011_Federated_Identity_Workshop_Summary_-_Sill.pdf
• DK.pdf
• DK.pptx
• MH-SIF_for_US_Science.pdf
• MH-SIF_for_US_Science.ppt
• SL-food_for_thoughts.pdf
• SL-food_for_thoughts.pptx

22 Summary and Conclusions

The session chairmen will give brief summaries of the outcome of each session.

Speakers: Bob Jones (CERN), Mr Romain Wartel (CERN), Tim Bell (CERN)

Slides

• 2011-06-10_-_Identity_Management_Workshop_-_Next_Steps.pdf
• 2011-06-10_-_Identity_Management_Workshop_-_Next_Steps.pptx
• 2011-06-10_-_Identity_Management_Workshop_-_Policy_Summary.pdf
• 2011-06-10_-_Identity_Management_Workshop_-_Policy_Summary.pptx
• 2011-06-10_-_Identity_Management_Workshop_-_User_Requirements_Summary.pdf
• 2011-06-10_-_Identity_Management_Workshop_-_User_Requirements_Summary.pptx
• Existing_Infrastructures.pdf