• info@asren.net
  • +962 6 437 0369

Building Federated Identity Infrastructure

Building Federated Identity Infrastructure

Posted on: 13 Dec, 2023

Aim of the workshop

This hands-on course is aimed at enabling NRENs and Campuses to setup Federated Identity Infrastructure in their own environment, and how to best pass that knowledge to their broader constituencies in their own language.
Historically, IP-based authentication has been a common mechanism for accessing external resources but denies a user access when working off campus. Shared accounts have solved the off campus issue but don't allow personalization of a resource.  These approaches are simplistic and fail when staff, students and researchers are off-campus, need to access collaborative resources intended for an individual user or want to use a resource intended for a specific group of users.
Federated Identity Infrastructure allows campus authentication systems to integrate with a wide variety of services on campus, within your country and beyond. 
 
Targeted Audience

This technical training event will be of interest to:

  • Campus IT and Library Resource teams looking for solutions to effectively manage and scale their identity providing and consuming services;
  • NRENs (National Research and Education Networks) exploring identity federation infrastructure for their country and wanting to promote identity federation to their connected campuses.
Workshop Outlines
This hands-on training event focused on the tools and skills necessary to deploy identity infrastructure for your library, campus and country. Including:
  • How to safely and securely expose the identities of your user community within your organization and beyond.
  • How to offer (as well as access) services and resources in a federated community.
  • The implication of deploying different federation architectures at the campus and national level.
  • The resources to write a federation policy to define the trust and technologies within your environment.
  • How the to use metadata management tools to manage membership of your federation.
The desired outcomes include
  • Recognize the pros and cons of different federated infrastructure, such as mesh, hub & spoke and centralized login.
  • Practical skills in deploying federated identity and service provider services using simple SAMLphp and Shibboleth.
  • Understanding of the operation hub & spoke identity infrastructure at the campus level.
  • Experience the benefits of federated identity infrastructure by accessing and sharing resources beyond your administrative domain.
  • Knowledge to set the direction for library, campus and country identity federation activities.
  • Skills to write a federation policy that will allow inter federation with the global research and education community.

Required Equipment

  • Laptop
  • 1GB of free RAM.
  • Ethernet port.
  • A Virtual Machine tool (such as VirtualBox, VMware or Parallels).
  • Two (2) web browsers installed (such as Firefox, Safari, Opera or Chrome).
Program
First day: Introduction and Getting Started
  • Introduction to Identity Federations
  • Getting Started...
  • simpleSAMLphp as an Identity Provider

Second day: Service Providers

  • Setting up a Shibboleth Service Provider Attributes and Access Control
  • Metadata Management
  • Service Discovery
  • simpleSAMLphp as a Bridge

Third day: Identity Federation and Interfederation Policy

  • Policy for Identity Federations
  • Extending your Federation
  • Concluding Federation Topics and Services
  • Comodo - Endpoint Security Manager Introduction
  • Comodo - Certificate Lifecycle management
  • CHAIN-REDS Science Gateway
  • Demonstration on ASREN's IDP
  • Wrap-up & Networking

Materials

Trainers

Brook Schofield, Project Development Officer, TERENA

 
 
 
 
 
 
 
 
Brook Schofield joined TERENA in May 2009 as one of the Project Development Officers, to support TERENA's task forces and contribute to technical projects.

He is responsible for a portfolio of middleware activities within TERENA, including acting as secretary for the Task Force on Mobility and Network Middleware and the Task Force on European Middleware Coordination and Collaboration (EMC2). Within the GN3 (GÉANT) Project, Brook is the task leader for the eduGAIN interfederation service and member of the operational team for eduroam.

Brook organises EuroCAMP (European Campus Architecture and Middleware Planning) which promotes the use of middleware & federated technologies and policy for the campus and organisational level.

Brook graduated from the University of Tasmania in 1998 with an honours degree in computing. He has worked for an Internet Service Provider, a variety of universities in Australia (UTAS, UQ, Griffith, UniSA) and the JISC RSC in the South West of England. As chair of the AARNet eduroam Project Group he helped in the expansion of eduroam in Australia and the Asia Pacific region. This brought him to Europe and TERENA.

Glenn Wearen, Middleware Specialist, HEAnet
 
 
 
 
 
 
 
 
Glenn Wearen joined HEAnet in 2007 with responsibility for federated access. Prior to joining HEAnet, Glenn held a number of positions focusing on single-sign-on, federated access, and identity lifecycle management with HP, Baltimore Technologies and Fidelity Investments.


Glenn holds a Bachelor of Science Degree in Computer Applications (Software Engineering) from DCU and is an ISC2 Certified Information Systems Security Professional (CISSP) and ICS Certified Data Protection Practitioner.

 

 

Share This


Comments (0)

No Comment Found

Post Your Comment