EuroCAMP Summary (in 15 mins) Diego We are at the teenager stage of - PowerPoint PPT Presentation

EuroCAMP Summary (in 15 mins)

Diego • We are at the teenager stage of IDM • IDM is maturing • Welcome to the schema Onion

• Jasmina • Welcome to LDAP [the syntax] • Flat tends to be better than hierarchical • Feed your LDAP automatically • No manual LDAP updates Miroslav • Welcome to LDAP [semantics] • Don’t re-purpose a schema

Victoriano • Can you trust the applications that your users enter passwords into? • Don’t let your users enter passwords into applications outside your control

Roland (rhubarb, rhubarb, rhubarb) • How to do LDAP properly – Attribute extensions • How to do IDM properly • Sun’s 10 best practices (see also Cameron’s 7 laws of identity) • Get sponsorship for your strategy, and aim for quick wins.

• Challenges • Hopes Gerard

Roland (rhubarb, rhubarb, rhubarb) • Cutting edge homebrew IDM system based on standards. • Sweden’s Universities are one legal entity

• Jasmina • Guest accounts • Make sure you deprovision • Make sure you know who the guest is

Panel • Don't come up with your own schema if an existing standard can be used • Don't put sensitive data in your directory, – Unless you are prepared to meet the regulatory obligations • The standard schemas may not be enough

Kevin • Management view • What is a user, person • Level Of Assurance • If your do a good job, your IDM system will become authorative

David • The Zoo of beasts • Intro to federation – Conventional – Hub-spoke • Legal – MoU’s • Engage lawyers, don't write each others code – Contracts • Talk to your date and consumer protection agencies • Define your federations legal body (NREN or otherwise) – charters • Read the JISC legal document on federation policies – Consent

Victoriano • eduPerson – Good starting point – Pseudononymous id • SCHAC – Designed for specific European uses

Jacob • WAYF.dk Style SSO – CAS – SAML, – LDAP. • The scary fish <SimpleSAMLphp> – Simple – Simple – simple

Kevin • Making the case with a killer app – efficiency – collaboration – compliance – new business model • Business case for federation is the same as the case you would use for an IDM, but with the context that goes beyond the cam • More services off your ID the better for your ID • More services in your federation, the better for IdP (and thus IDM). The more your accounts are used, the better ) •

Miro • eduroam – RADIUS – Monitoring • as a means to show that your service is valuable – Tools • to show that you can troubleshoot – Future plans • GN3-SA3(t2) & JRA3

Diego SIR • Why PAPI? – (years+) – Connectors to lower the entry barrier for institutions, so not just PAPI • Simple Policy – To lower the entry barrier – Explicit description of data protec... • Interconnected with – OpenID – eduGAIN • SAML Services – External, managed, outer, outsourced • Regional Federations

Victoriano, Rok, Michal SAML with non-web SAML with kerberos Entitlements