EuroCAMP Summary (in 15 mins) Diego We are at the teenager stage of - - PowerPoint PPT Presentation

eurocamp summary
SMART_READER_LITE
LIVE PREVIEW

EuroCAMP Summary (in 15 mins) Diego We are at the teenager stage of - - PowerPoint PPT Presentation

Oct 25, 2023 126 likes •301 views

EuroCAMP Summary (in 15 mins) Diego We are at the teenager stage of IDM IDM is maturing Welcome to the schema Onion Jasmina Welcome to LDAP [the syntax] Flat tends to be better than hierarchical Feed your LDAP

slide-1
SLIDE 1

EuroCAMP Summary

(in 15 mins)

slide-2
SLIDE 2

Diego

  • We are at the teenager stage of IDM
  • IDM is maturing
  • Welcome to the schema Onion
slide-3
SLIDE 3
  • Jasmina
  • Welcome to LDAP [the syntax]
  • Flat tends to be better than

hierarchical

  • Feed your LDAP automatically
  • No manual LDAP updates

Miroslav

  • Welcome to LDAP [semantics]
  • Don’t re-purpose a schema
slide-4
SLIDE 4

Victoriano

  • Can you trust the applications that

your users enter passwords into?

  • Don’t let your users enter

passwords into applications outside your control

slide-5
SLIDE 5

Roland (rhubarb, rhubarb, rhubarb)

  • How to do LDAP properly

– Attribute extensions

  • How to do IDM properly
  • Sun’s 10 best practices (see also

Cameron’s 7 laws of identity)

  • Get sponsorship for your strategy,

and aim for quick wins.

slide-6
SLIDE 6

Gerard

  • Challenges
  • Hopes
slide-7
SLIDE 7

Roland (rhubarb, rhubarb, rhubarb)

  • Cutting edge homebrew IDM system

based on standards.

  • Sweden’s Universities are one legal

entity

slide-8
SLIDE 8
  • Jasmina
  • Guest accounts
  • Make sure you deprovision
  • Make sure you know who the guest is
slide-9
SLIDE 9

Panel

  • Don't come up with your own schema

if an existing standard can be used

  • Don't put sensitive data in your

directory,

– Unless you are prepared to meet the regulatory obligations

  • The standard schemas may not be

enough

slide-10
SLIDE 10

Kevin

  • Management view
  • What is a user, person
  • Level Of Assurance
  • If your do a good job, your IDM

system will become authorative

slide-11
SLIDE 11

David

  • The Zoo of beasts
  • Intro to federation

– Conventional – Hub-spoke

  • Legal

– MoU’s – Contracts – charters – Consent

  • Engage lawyers, don't write each others code
  • Talk to your date and consumer protection agencies
  • Define your federations legal body (NREN or otherwise)
  • Read the JISC legal document on federation policies
slide-12
SLIDE 12

Victoriano

  • eduPerson

– Good starting point – Pseudononymous id

  • SCHAC

– Designed for specific European uses

slide-13
SLIDE 13

Jacob

  • WAYF.dk Style SSO

– CAS – SAML, – LDAP.

  • The scary fish <SimpleSAMLphp>

– Simple – Simple – simple

slide-14
SLIDE 14
  • Making the case with a killer app

–efficiency –collaboration –compliance –new business model

  • Business case for federation is the same

as the case you would use for an IDM, but with the context that goes beyond the cam

  • More services off your ID the better for your ID
  • More services in your federation, the better for

IdP (and thus IDM).

  • The more your accounts are used, the better)

Kevin

slide-15
SLIDE 15

Miro

  • eduroam

– RADIUS – Monitoring

  • as a means to show that your service is

valuable

– Tools

  • to show that you can troubleshoot

– Future plans

  • GN3-SA3(t2) & JRA3
slide-16
SLIDE 16

Diego

SIR

  • Why PAPI?

– (years+) – Connectors to lower the entry barrier for institutions, so not just PAPI

  • Simple Policy

– To lower the entry barrier – Explicit description of data protec...

  • Interconnected with

– OpenID – eduGAIN

  • SAML Services

– External, managed, outer, outsourced

  • Regional Federations
slide-17
SLIDE 17

Victoriano, Rok, Michal

SAML with non-web SAML with kerberos Entitlements