Klaas Wierenga: Federated identity on a pan-European scale


View the presentation slides PDF (1 Mb)

Abstract

The Grid projects and especially the eduroam project for federated network access have paved the road for pan-European federations. Whereas Grids have so far been limited to a relative small group of researchers, eduroam has created a truly international trust infrastructure that spans most countries in Europe (as well as Australia and a number of other countries).

Until that time many countries had been experimenting with or deploying identity federations for access to web-based applications, but always on a national scale. The success of eduroam has resulted in a activity within the EU-funded Geant2 project to create a pan-European 'confederation', a federation of federations spanning most European countries, called eduGAIN.

One of the challenges has been the fact that the federations in the various countries were based on different technologies: A-Select in the Netherlands, PAPI in Spain, FEIDE in Norway and Shibboleth in a number of other countries. Software has been developed to bridge these technologies. Fortunately these technologies are converging towards SAML2.0 prmising to make the exchange of authentication and authorisation information much easier. What remains is the mapping towards the Microsoft set of federation protocols and the policy concerns with respect to the exchange of attributes across federation boundaries.

Another problem that is being tackled is the use of identity federations for restricting access to non-webbased applications, including Grid-infrastructures.
A special case of this is the integration of the existing eduroam infrastructure, that is rather limited in authorisation possibilities, into this pan-European confederation.

The presentation will give an overview of the work that has been done to support research and education federations in these areas and the current state of affairs.

About the speaker

Klaas Wierenga works for Cisco as Consulting Engineer in the office of the CTO. Prior to joining Cisco, Klaas has worked for over 12 years at SURFnet, the Dutch Research and Education Network focusing on mobility and identity and access management. He is the creator of eduroam and one of the creators of the A-Select single sign-on solution. Klaas is chair of the TERENA (association of European NRENs) taskforce on Mobility as well as a member of ECAM, TERENA’s middleware coordination group. At Cisco he continues to work in the same interest areas, and with the NREN community.

 
Copyright 2010 The University of Queensland
Authorised by: eResearch Committee
Maintained by: eresearch2010@eresearch.edu.au
Updated: Oct 17, 2008