introducing the zoo of paper beasts
play

Introducing the zoo of paper beasts David Simonsen, WAYF, - PowerPoint PPT Presentation

Mar 30, 2024 •541 likes •1.47k views

Introducing the zoo of paper beasts David Simonsen, WAYF, david@wayf.dk Todays walk in the zoo Todays walk in the zoo Federation policy and interfederation policies Todays walk in the zoo Federation policy and interfederation

  1. Introducing the zoo of paper beasts David Simonsen, WAYF, david@wayf.dk

  2. Today’s walk in the zoo

  3. Today’s walk in the zoo • Federation policy and interfederation policies

  4. Today’s walk in the zoo • Federation policy and interfederation policies • Agreements

  5. Today’s walk in the zoo • Federation policy and interfederation policies • Agreements • Contracts and contractual relations

  6. Today’s walk in the zoo • Federation policy and interfederation policies • Agreements • Contracts and contractual relations • Users’ consent

  7. Today’s walk in the zoo • Federation policy and interfederation policies • Agreements • Contracts and contractual relations • Users’ consent • Attribute Release Policies (ARP’s)

  8. Today’s walk in the zoo • Federation policy and interfederation policies • Agreements • Contracts and contractual relations • Users’ consent • Attribute Release Policies (ARP’s) • Memorandums of Understanding (MoU’s)

  9. Today’s walk in the zoo • Federation policy and interfederation policies • Agreements • Contracts and contractual relations • Users’ consent • Attribute Release Policies (ARP’s) • Memorandums of Understanding (MoU’s) • Charters

  10. What is a federation?

  11. A circle of trust

  12. What is an IdP? (identity provider) Authentication and attribute releasing entity

  13. What is an SP? (service provider) Attribute consuming entity

  14. Federation goals

  15. Federation goals • Scalable and better access management

  16. Federation goals • Scalable and better access management • Scalable better identity management

  17. Federation goals • Scalable and better access management • Scalable better identity management • More services to the users - and vv.

  18. Federation goals • Scalable and better access management • Scalable better identity management • More services to the users - and vv. • Better services

  19. (USA) FØD. (AU)

  20. Basic concept Service Institution WAYF ----- ----- 1 2 1 X 3 LOGIN

  21. Basic concept Service Institution WAYF Authorisation ----- ----- 1 2 1 X 3 LOGIN

  22. Loosely coupled, Shibboleth Institutions Services CENTRAL WAYF CONSENT Service Shib- Shib-SP IdP login WAYF CONSENT Service Shib- Shib-SP IdP login WAYF

  23. Loosely coupled, Shibboleth Institutions Services CENTRAL WAYF CONSENT Service Shib- Shib-SP IdP login WAYF CONSENT Service Shib- Shib-SP IdP login WAYF

  24. POLICY Institutions Services CENTRAL WAYF CONSENT Service Shib- Shib-SP IdP login WAYF CONSENT Service Shib- Shib-SP IdP login WAYF

  25. Contracts

  26. Contracts • Bi-lateral, between legal bodies

  27. Contracts • Bi-lateral, between legal bodies • Defines responsabilities, duties, court, etc.

  28. Contracts • Bi-lateral, between legal bodies • Defines responsabilities, duties, court, etc. • What is your legal entity? • for the institutions • for the federation?

  29. Contracts • Bi-lateral, between legal bodies • Defines responsabilities, duties, court, etc. • What is your legal entity? • for the institutions • for the federation? • All Swedish universities is ONE legal entity?

  30. Loosely coupled, Shibboleth Institutions Services CENTRAL WAYF CONSENT Service Shib- Shib-SP IdP login WAYF CONSENT Service Shib- Shib-SP IdP login WAYF

  31. POLICY Institutions Services CENTRAL WAYF CONSENT Service Shib- Shib-SP IdP login WAYF CONSENT Service Shib- Shib-SP IdP login WAYF

  32. POLICY Institutions Services CENTRAL WAYF CONSENT Service Shib- Shib-SP IdP login WAYF CONSENT Service Shib- Shib-SP IdP login WAYF

  33. Central login Services Institutions 1 X LDAP 2 Y SAML2 LOGIN LDAP LDAP 3 Z

  34. Central login Services Institutions 1 X LDAP 2 Y SAML2 LOGIN LDAP LDAP 3 Z

  35. Central login Services Institutions 1 X e l b LDAP i s n o p s e r 2 Y a SAML2 t LOGIN LDAP a D LDAP 3 Z

  36. Central login Services Institutions Contracts 1 X e l b LDAP i s n o p s e r 2 Y a SAML2 t LOGIN LDAP a D LDAP 3 Z

  37. Decentral login Services Institutions LOGIN X 1 Trusted 3rd party LOGIN 2 Y LOGIN UN/Passwd Z 3 X.509 Possible OTP agreement

  38. Decentral login Services Institutions LOGIN X 1 Trusted 3rd party LOGIN 2 Y LOGIN UN/Passwd Z 3 X.509 Possible OTP agreement

  39. Decentral login Services Institutions LOGIN X 1 Trusted 3rd party LOGIN 2 Y LOGIN UN/Passwd Z 3 X.509 Possible OTP agreement

  40. Decentral login Services Institutions Data processor LOGIN X 1 Trusted 3rd party LOGIN 2 Y LOGIN UN/Passwd Z 3 X.509 Possible OTP agreement

  41. Decentral login Services Institutions Data processor LOGIN X 1 Trusted 3rd party LOGIN 2 Y LOGIN Contracts UN/Passwd Z 3 X.509 Possible OTP agreement

  42. Attribute Release Policies The personal information the service gets

  43. Attribute Release Policies The personal information the service gets Metadata distribution WAYF CONSENT Shib- Shib-SP IdP WAYF CONSENT Shib- Shib-SP IdP WAYF

  44. Attribute Release Policies The personal information the service gets Metadata distribution ARP (one-size) WAYF CONSENT X 1 Shib- Shib-SP IdP WAYF 2 Y CONSENT Z 3 Shib- Shib-SP IdP WAYF

  45. Users’ informed consent to exchange of personal data

  46. Users’ informed consent to exchange of personal data

  47. EU directive Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data

  48. EU directive It conserns us all... Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data

  49. Principles for data exchange

  50. Principles for data exchange Transparency

  51. Principles for data exchange Transparency Legitimate purpose

  52. Principles for data exchange Transparency Legitimate purpose Proportionality

  53. The consent must be...

  54. The consent must be... Volentary (no arm-twisting)

  55. The consent must be... Volentary (no arm-twisting) Specific (one purpose)

  56. The consent must be... Volentary (no arm-twisting) Specific (one purpose) Informed (understandable)

  57. Volentary If you do not consent we will say ‘NI’

  58. Volentary WRONG If you do not consent we will say ‘NI’

  59. Volentary WRONG If you do not consent we will say ‘NI’ Do you consent to sending a personal pseudonym (non-identifiable pointer) to Microsoft?

  60. Volentary WRONG If you do not consent we will say ‘NI’ t h g i Do you consent to sending a personal pseudonym R (non-identifiable pointer) to Microsoft?

  61. Specific All services may recieve your email-adress

  62. Specific WRONG All services may recieve your email-adress

  63. Specific WRONG All services may recieve your email-adress BBC will recieve your email-adress

  64. Specific WRONG All services may recieve your email-adress t h g i R BBC will recieve your email-adress

  65. Informed If you do not consent we will not not decline from not delivering no services

  66. Informed WRONG If you do not consent we will not not decline from not delivering no services

  67. Informed WRONG If you do not consent we will not not decline from not delivering no services If you do not consent you will not get access

  68. Informed WRONG If you do not consent we will not not decline from not delivering no services t h g i R If you do not consent you will not get access

  69. Consent in a Shib-føderation WAYF T N E S N O Shib- C Shib-SP IdP WAYF T N E S N O C Shib- Shib-SP IdP WAYF

  70. Hub-and-spoke Services Institutions X 1 2 Y Z 3

  71. Interfederation

  72. (USA) FØD. Interfederation (AU)

  73. (USA) FØD. Interfederation (AU)

  74. (USA) FØD. Interfederation (AU)

  75. (USA) FØD. Interfederation (AU)

  76. (USA) FØD. Interfederation (AU)

  77. Connecting federations

  78. Connecting federations Confederate

  79. Connecting federations Confederate Cross federate

  80. Connecting federations Confederate Cross federate Interfederate

  81. Connecting federations Confederate Cross federate Interfederate Unite

  82. Connecting federations Confederate Cross federate Interfederate Unite

  83. Connecting federations Confederate Cross federate Interfederate Unite

  84. Connecting federations Confederate Cross federate Interfederate Unite

  87. Recommendations

  88. Recommendations Use (expensive) lawyers (do not let the lawyers write your code - and don’t write their code)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Catastrophic Unplanned Success Pete Stevens Mythic Beasts Ltd mythic beasts Ancient History

Catastrophic Unplanned Success Pete Stevens Mythic Beasts Ltd mythic beasts Ancient History

Catastrophic Unplanned Success Pete Stevens Mythic Beasts Ltd mythic beasts Ancient History mythic beasts Chris Lightfoot Within mySociety he was involved right from the start through the development of WriteT oThem,

308 views • 26 slides
IPv6 Only Hosting Pete Stevens Mythic Beasts Ltd mythic beasts What's wrong with IPv4?

IPv6 Only Hosting Pete Stevens Mythic Beasts Ltd mythic beasts What's wrong with IPv4?

IPv6 Only Hosting Pete Stevens Mythic Beasts Ltd mythic beasts What's wrong with IPv4? 2005: One IP per server. 2010: One IP per VM. Single server now requires ~ 50 IPs. 2015: Ideally one IP per container. Single VM now requires

593 views • 24 slides
Paper to Read Introducing Noah Friedkin, Department of Sociology, University of California,

Paper to Read Introducing Noah Friedkin, Department of Sociology, University of California,

Paper to Read Introducing Noah Friedkin, Department of Sociology, University of California, Santa Barbara Title: Spine segments in small world networks Social Networks, Volume 33, Issue 1 (January 2011), pp.8897 Thesis of paper

390 views • 15 slides
Creation Perverted Genesis 3:15 Now the serpent was more subtle than any of the beasts of

Creation Perverted Genesis 3:15 Now the serpent was more subtle than any of the beasts of

Creation Perverted Genesis 3:15 Now the serpent was more subtle than any of the beasts of the earth which the Lord God had made. And he said to the woman: Why hath God commanded you, that you should not eat of every tree of paradise?

372 views • 8 slides
And God made the beasts of the earth according to their kinds and the livestock according to their

And God made the beasts of the earth according to their kinds and the livestock according to their

And God made the beasts of the earth according to their kinds and the livestock according to their kinds, and everything that creeps on the ground according to its kind. And God saw that it was good. (Gen 1:16) So God created man in his own image,

468 views • 25 slides
Evolving The Daily Beasts User Cohorts A Little About Us WHERE NEWS MEETS CULTURE NEWS

Evolving The Daily Beasts User Cohorts A Little About Us WHERE NEWS MEETS CULTURE NEWS

Evolving The Daily Beasts User Cohorts A Little About Us WHERE NEWS MEETS CULTURE NEWS CULTURE ENTERTAINMENT | POLITICS | WORLD NEWS | HALF FULL | CULTURE | U.S. NEWS | INNOVATION | SCOUTED | TRAVEL OUR VERTICALS 2 Year 1: What We Knew

195 views • 15 slides
Beyond the beasts: engagement in the environmental domain Graham Kerley Two faces of the

Beyond the beasts: engagement in the environmental domain Graham Kerley Two faces of the

Beyond the beasts: engagement in the environmental domain Graham Kerley Two faces of the environment Supporting Society Threatening Society Environmental Engagement will be key to supporting societal well-being Grysbok Environmental

333 views • 18 slides
Writing a Paper & Research Career Paths CS 197 | Stanford University | Michael Bernstein

Writing a Paper & Research Career Paths CS 197 | Stanford University | Michael Bernstein

Writing a Paper & Research Career Paths CS 197 | Stanford University | Michael Bernstein Todays goals We have a bunch of things we tried, some of them worked, some of them didnt how do we write a paper about this? Introducing the

490 views • 36 slides
Introducing .. .. Introducing HIT- -4G 4G HIT 03/09/2018 03/09/2018

Introducing .. .. Introducing HIT- -4G 4G HIT 03/09/2018 03/09/2018

Hoffer Flow Controls, Inc. Introducing .. .. Introducing HIT- -4G 4G HIT 03/09/2018 03/09/2018 Fully-Compensating Gas Flow Rate Indicator/Dual Totalizer with Modbus and Data Logging HIT- -4G Key Features 4G Key Features HIT 12

463 views • 32 slides
The STARS Paper The Paper and the Process Part 2 The Paper Components of the Paper Abstract:

The STARS Paper The Paper and the Process Part 2 The Paper Components of the Paper Abstract:

The STARS Paper The Paper and the Process Part 2 The Paper Components of the Paper Abstract: Typically 100-250 words. Consists of purpose, method, results and conclusion. Introduction: Introduces topic and issue. Summarizes relevant

1.13k views • 11 slides
Introducing more people Introducing more people Introducing more people Introducing more people

Introducing more people Introducing more people Introducing more people Introducing more people

Introducing more people Introducing more people Introducing more people Introducing more people Cricket Wales Board to the power of cricket to the power of cricket to the power of cricket to the power of cricket December 2018 1. Marketing

351 views • 22 slides
INTRODUCING INTRODUCING Self-propelled aerial work platforms PM Oil&Ste e l Asia Pte L td

INTRODUCING INTRODUCING Self-propelled aerial work platforms PM Oil&Ste e l Asia Pte L td

INTRODUCING INTRODUCING Self-propelled aerial work platforms PM Oil&Ste e l Asia Pte L td - 24 Raffle s Plac e # 07-02 - Cliffo rd Ce ntre - Singapo re 048621 Mo b: +65 9021 2476 - E fax: +39 059 5970371 - Re gistratio n Numbe r:

489 views • 21 slides
Introducing EXPLORER 710 Slide 2 - the bar is raised Cobham plc 2 Introducing the EXPLORER 710

Introducing EXPLORER 710 Slide 2 - the bar is raised Cobham plc 2 Introducing the EXPLORER 710

Introducing EXPLORER 710 Slide 2 - the bar is raised Cobham plc 2 Introducing the EXPLORER 710 A state of the art BGAN setting new standards in terms of speed, size and features. Radical improvement in video quality - the first and

110 views • 8 slides
Introducing Asp.Net Ing. Gabriele Zannoni gabriele.zannoni@unibo.it Introducing Asp.Net 1

Introducing Asp.Net Ing. Gabriele Zannoni gabriele.zannoni@unibo.it Introducing Asp.Net 1

Introducing Asp.Net Ing. Gabriele Zannoni gabriele.zannoni@unibo.it Introducing Asp.Net 1 Cos? La risposta Microsoft alle esigenze del server side (leggi JSP) Levoluzione (rivoluzione) di ASP La tecnologia per la scrittura

856 views • 42 slides
The STARS Paper Summer 2017 The Paper and the Process Part 2 The Paper Components of the Paper

The STARS Paper Summer 2017 The Paper and the Process Part 2 The Paper Components of the Paper

The STARS Paper Summer 2017 The Paper and the Process Part 2 The Paper Components of the Paper Abstract: Typically 100-250 words. Consists of purpose, method, results and conclusion. Introduction: Introduces topic and issue. Summarizes

409 views • 11 slides
2014 PRODUCTION TOOLS 5. INTRODUCING SURVEY TOOLS FUNDAMENTAL OF LANDSCAPE ARCHITECTURE ARL200

2014 PRODUCTION TOOLS 5. INTRODUCING SURVEY TOOLS FUNDAMENTAL OF LANDSCAPE ARCHITECTURE ARL200

16/09/2015 PRACTICAL 6 1. INTRODUCING DRAWING MEDIA INTRODUCTION OF PRODUCTION 2. INTRODUCING DRAWING TOOLS MEDIA IN LANDSCAPE 3. INTRODUCING GRAPHIC ARCHITECTURE WORK COMPUTER TOOLS 4. INTRODUCING MAQUETTE ( MOCKUP ) 2014 PRODUCTION TOOLS

971 views • 18 slides
Cyber@UC Meeting 82 ICMP and ARP exploits If Youre New! Join our Slack:

Cyber@UC Meeting 82 ICMP and ARP exploits If Youre New! Join our Slack:

Cyber@UC Meeting 82 ICMP and ARP exploits If Youre New! Join our Slack: cyberatuc.slack.com Check out our website: cyberatuc.org Organization Resources on our Wiki: wiki.cyberatuc.org (Slackbot will post the link in

280 views • 7 slides
* Kurose and Ross, Computer Networking

* Kurose and Ross, Computer Networking

185 views • 17 slides
CIS 81 Protocol Scenarios for Layers 2 and 3 Beta Date: 9/1/05 Written by Rick Graziani Cabrillo

CIS 81 Protocol Scenarios for Layers 2 and 3 Beta Date: 9/1/05 Written by Rick Graziani Cabrillo

CIS 81 Protocol Scenarios for Layers 2 and 3 Beta Date: 9/1/05 Written by Rick Graziani Cabrillo College graziani@cabrillo.edu I have tried to catch as many of the typos and other issues (the joy of copy and paste within the document,

885 views • 37 slides
ELEC / COMP 177 Fall 2011 Some slides from Kurose

ELEC / COMP 177 Fall 2011 Some slides from Kurose

ELEC / COMP 177 Fall 2011 Some slides from Kurose and Ross, Computer Networking , 5 th Edition Thursday, Nov 3 rd Homework #4 Due

560 views • 22 slides
Generating Efficient Execution Plans for Vertically Partitioned XML Databases Patrick Kling, M.

Generating Efficient Execution Plans for Vertically Partitioned XML Databases Patrick Kling, M.

Generating Efficient Execution Plans for Vertically Partitioned XML Databases Patrick Kling, M. Tamer Ozsu, and Khuzaima Daudjee University of Waterloo David R. Cheriton School of Computer Science VLDB 2011 1 The Problem Centralized

1.05k views • 72 slides
Radio transients in the starburst galaxy Arp 220 Lund 2015-02-09 Eskil Varenius, John Conway,

Radio transients in the starburst galaxy Arp 220 Lund 2015-02-09 Eskil Varenius, John Conway,

Radio transients in the starburst galaxy Arp 220 Lund 2015-02-09 Eskil Varenius, John Conway, Ivan Mart-Vidal, Fabien Batejat, Miguel Perez-Torres et. al Chalmers / Onsala Space Observatory Outline Arp 220 and the L-D relation

561 views • 17 slides
The AMS-IX switching platform APRICOT KYOTO February 2005 Henk Steenman Topics The

The AMS-IX switching platform APRICOT KYOTO February 2005 Henk Steenman Topics The

The AMS-IX switching platform APRICOT KYOTO February 2005 Henk Steenman Topics The parameters defining the AMS-IX switching platform The Ethernet switching platform Maintaining port hygiene Photonic switching

402 views • 14 slides
National Energy Research Scientific Computing Center (NERSC) Highly Scalable Networking

National Energy Research Scientific Computing Center (NERSC) Highly Scalable Networking

National Energy Research Scientific Computing Center (NERSC) Highly Scalable Networking Configuration Management For Highly Scalable Systems Nicholas P. Cardo NERSC Center Division, LBNL CUG 2008, Helsinki N ATIONAL E NERGY R ESEARCH S

877 views • 14 slides

More recommend