SlideShare ist ein Scribd-Unternehmen logo

CANARIE Canadian Access Federation Update @ Internet2 Identity Week 2013

Chris Phillips
Chris Phillips

CANARIE operates the Canadian Access Federation, a program with a set of services delivering Federated Single Sign On (FedSSO), and eduroam as services. This presentation at REFED.org's day at Internet2 identity week is a high level view of what CAF is engaged in and interested in.

BusinessTechnologie
1 von 24
Downloaden Sie, um offline zu lesen
REFEDS Update on Canadian Access Federation Chris Phillips | Nov11,2013 | Internet2 idweek2013 | San Francisco www.canarie.ca
About CANARIE Operates Canada’s ultrahigh-bandwidth research network •  Connects one million users at 1,100 institutions, “big science” facilities like TRIUMF, NEPTUNE, CLS, SNOLAB, and to Compute Canada HPC consortia •  19,000km of fibre with a 40 Gbps backbone •  Funds programs that enable greater access to research data, tools and peers and to stimulate the ICT sector Operator of the Canadian Access Federation •  SAML federation based on Shibboleth •  Canadian Eduroam 802.1x wireless roaming operator •  eduGAIN participant Primary investment from Government of Canada - $480 M since 1993 Map date: 29 May 2012 www.canarie.ca 2
About CANARIE Operates Canada’s ultrahigh-bandwidth research network •  Connects one million users at 1,100 institutions, “big science” facilities like TRIUMF, NEPTUNE, CLS, SNOLAB, and to Compute Canada HPC consortia •  19,000km of fibre with a 40 Gbps backbone •  Funds programs that enable greater access to research data, tools and peers and to stimulate the ICT sector Additional Programs Operator of the Canadian DAIR - Digital Accelerator for Innovation and Research Access Federation An on-demand, advanced R&D cloud environment that supports Canada’s •  SAML federation based on Shibboleth tech innovators. Openstack based, with 2 regions (Alberta, Quebec). •  Canadian Eduroam 802.1x wireless roaming operator RPI - Research Platform Infrastructure •  eduGAIN participant An investment in middleware by CANARIE that leverages existing platforms & Primary investment is the evolution of the NEP program. Reduces duplication, increases re-use from Government of and collaboration between programs. http://science.canarie.ca/ Canada - $480 M since 1993 NEP - Network Enabled Platforms Similar in nature to GEANT opencall. Research initiatives showing innovative uses of the network. Has evolved to be even more collaborative and generates new interfaces/ RPI services to be reused between projects. Map date: 29 May 2012 www.canarie.ca 3
This is what it feels like trying to collaborate…. Image: Phil Roeder - Flickr www.canarie.ca 4
This is how we want it to feel. www.canarie.ca 5
How? Facilitate collaboration at the largest scale possible. www.canarie.ca
How? t st bu Easie ! d ruste t v Facilitate collaboration at the largest scale possible. ! lessly Seam v www.canarie.ca
Roaming wireless •  •  •  •  International wireless roaming Ability to automatically sign on using your home credential Reduces barriers to mobile users Worldwide and expanding coverage: •  Canada: 64 sites •  65 countries worldwide Successful Logins 2,000,000 1,500,000 1,000,000 500,000 - •  •  •  •  International Canada ~3M logins Sept 2013 2.5x traffic growth in 1yr 48 sites ~50% universities in Canada 40% growth in sites in 1yr Federated identity •  Federated Single Sign On for services •  Web and non web sign on •  Authentication •  Authorization •  Attribute release •  Across different security domains Interfederation •  International wireless roaming •  • eduGAIN to automatically sign on Ability as primary, exploring other direct relationships using your home credential •  • Bridge to internationalto mobile Reduces barriers community •  Enables CAF participants to: users •  Accept identities inbound •  Worldwide and expanding from outside Canada to coverage: • Canadian services Canada: 48 sites •  • Use Canadian identities in 60 countries worldwide services outside Canada Total CAF enabled users – SAML & eduroam 1,040,000 1,020,000 1,000,000 980,000 960,000 940,000 920,000 900,000 880,000 1,011,793 1,020,387 986,765 937,000 •  24 Service Providers – 160% increase in 1yr •  21 Identity Providers www.canarie.ca •  Int’l NREN CEO Forum placed eduGAIN as a key effort •  CAF was early adopter - joined last year when there were 8, and eduGAIN now has 20 countries
A Glimpse at eduroam traffic eduroam Successful Logins - up to Oct 30,2013 4,000,000 25.00% 3,500,000 20.00% 2,500,000 15.00% 2,000,000 10.00% 1,500,000 1,000,000 5.00% 500,000 - 0.00% www.canarie.ca % No Reply from Server Successful Log ins 3,000,000 International Canada
Closing the gap •  Eduroam evidence of success àWhy not same for FSSO? •  Talked to new & old participants, other federations •  Analyzed over a years worth of data http://www.flickr.com/photos/asparagus_hunter/483841638/ asparagus hunter www.canarie.ca
Regular Approach Identity Appliance Choose RADIUS server Install & Configure Test & Connect Supported Server installed Pre-configured Tested & Connected Choose platform Install & Configure Test & Connect Supported platform installed Pre-Configured Tested & Connected Why? •  •  •  •  Evolved approach to better match campus IT reality Reduced cost/effort to be CAF participant Simplifies CAF installation experience Easier day to day operations http://www.flickr.com/photos/madison_guy/3386919046/sizes/o/in/photostream/ Madison Guy www.canarie.ca
Regular Approach Identity Appliance Choose RADIUS server Install & Configure Test & Connect Supported Server installed Pre-configured Tested & Connected Choose platform Install & Configure Test & Connect Supported platform installed Pre-Configured Tested & Connected Why? Deeper A Bit •  •  •  •  •  •  •  Reviewed many styles, better match doing both eduroam Evolved approach tobut no one really campus IT reality AND Federated cost/effort to Reduced SSO w/SAML be CAF participant Inspired by many DevOps style approaches, adopted installer Simplifies CAF installation experience based model (SWAMID approach, others influencial too) Easier dayalpha now, FedSSO going through test cycles eduroam in to day operations •  Sites will be connected to both eduroam & eduGAIN http://www.flickr.com/photos/madison_guy/3386919046/sizes/o/in/photostream/ Madison Guy www.canarie.ca
Inter-federation •  In use and business as usual •  Eduroam Configuration Assistant Tool(CAT) driving current IdPs •  Appliance approach will see sites joining eduGAIN when they join CAF. www.canarie.ca
Eduroam CAT service (accessed via eduGAIN) •  Builds & hosts profile installers for all platforms and devices(MSFT,App le, Linux) •  Profile = specific configuration on your device to connect to the network www.canarie.ca
Signing on to Manage Your eduroam Site •  Access is only for site admins •  Requires Federated Single Sign On + invitation one time link •  Can create multiple admins •  Can create multiple ‘profiles’ for testing prior to release. •  Production Profiles can be downloaded via CAT www.canarie.ca
Once Signed in Snapshot of eduroam CAT •  •  •  •  # of federations with at least 1 production Idp: 30 Total idps registered: 391 IdPs which enabled public download interface: 264 End User Downloads of installersso far : 162,289 www.canarie.ca
Sub-national Topic •  Different groups across Canada expressed interest in ‘CAF+ . . .’ •  Needs were diverse yet common: additional schema, workflow for special sets of entities only, allow entities to be members of multiple sets, notify about joining set. •  View is that it can be done centrally through CAF, but tools & processes need improvements www.canarie.ca
Unified Collaboration & Interconnection CAF SP SP SP Idp Idp Idp Special Interest Trust Groups SP SP Idp Higher Assurance Local Fed Idp SP SP Local Fed Idp SP SP •  Efficient, least effort for SP/IdP •  Local fed incubates federation aware apps •  SITG can leverage common infrastructure, and overlay special attribute sets & specific policies Idp www.canarie.ca
Improving Tools •  Federation Operations needed to rise to the challenge •  Federation Registry tools space has very rich offerings (AAF: Fed’n Mgr, HEANET: Resource Registry, REEP to name a few) •  Tough to choose because of the great work out there •  Gravitated to HEANET RR http://www.flickr.com/photos/chazferret/2075442918/ www.canarie.ca
Skating to where the puck will be •  Our usual ‘customers’ are changing, we need to as well. •  Centralized services with delegation functionality avoid duplication of effort in the community and saves time and effort for sites http://www.flickr.com/photos/mag3737/1997114236/ mag3737 www.canarie.ca
Seed Topics for the ACAMP •  Effective Attribute release from IdPs •  Centralized authorization and user preferences being sought – should we run an instance of grouper or CoManage? •  Non web SAML for restful webservices, looking for some interesting approaches •  Interested in any mobile plays for Fed. SSO on smartphones. http://www.flickr.com/photos/the_yes_man/4648999621/sizes/l/in/photostream/ www.canarie.ca
www.canarie.ca
Additional Material www.canarie.ca
Digital Accelerator for Innovation and Research (DAIR) An on-demand, advanced R&D environment that supports Canada’s tech innovators and entrepreneurs in designing, prototyping, validating and demonstrating their new technology apps, products and services. www.canarie.ca/en/dair INTERNET Cloud Computing and Storage + Optical Regional Advanced Networks (ORANs) Réseaux optiques régionaux évolués (ROREs) www.canarie.ca Infonuagique et stockage

Empfohlen

ARIN on the Road
ARIN on the RoadARIN on the Road
ARIN on the RoadARIN
 
APNIC's role in stability and security - 4th APT Cybersecurity Forum
APNIC's role in stability and security - 4th APT Cybersecurity ForumAPNIC's role in stability and security - 4th APT Cybersecurity Forum
APNIC's role in stability and security - 4th APT Cybersecurity ForumAPNIC
 
LEA Workshop dated 09052013
LEA Workshop dated 09052013LEA Workshop dated 09052013
LEA Workshop dated 09052013APNIC
 
Euro IT Group
Euro IT GroupEuro IT Group
Euro IT GroupBen Oakford
 
Hp aspera-big data cloud-v2
Hp aspera-big data cloud-v2Hp aspera-big data cloud-v2
Hp aspera-big data cloud-v2dkumiaspera
 
Virtual SAP Upgrade Tools in the Cloud
Virtual SAP Upgrade Tools in the CloudVirtual SAP Upgrade Tools in the Cloud
Virtual SAP Upgrade Tools in the Cloudsaumw89402
 
RAMCO AMS Presentation
RAMCO AMS PresentationRAMCO AMS Presentation
RAMCO AMS Presentationramcoams
 
IBM Aspera - Moving the world’s data at maximum speed
IBM Aspera - Moving the world’s data at maximum speedIBM Aspera - Moving the world’s data at maximum speed
IBM Aspera - Moving the world’s data at maximum speedMohamed Morsi
 

Empfohlen

ARIN on the Road
ARIN on the RoadARIN on the Road
ARIN on the RoadARIN
 
APNIC's role in stability and security - 4th APT Cybersecurity Forum
APNIC's role in stability and security - 4th APT Cybersecurity ForumAPNIC's role in stability and security - 4th APT Cybersecurity Forum
APNIC's role in stability and security - 4th APT Cybersecurity ForumAPNIC
 
LEA Workshop dated 09052013
LEA Workshop dated 09052013LEA Workshop dated 09052013
LEA Workshop dated 09052013APNIC
 
Euro IT Group
Euro IT GroupEuro IT Group
Euro IT GroupBen Oakford
 
Hp aspera-big data cloud-v2
Hp aspera-big data cloud-v2Hp aspera-big data cloud-v2
Hp aspera-big data cloud-v2dkumiaspera
 
Virtual SAP Upgrade Tools in the Cloud
Virtual SAP Upgrade Tools in the CloudVirtual SAP Upgrade Tools in the Cloud
Virtual SAP Upgrade Tools in the Cloudsaumw89402
 
RAMCO AMS Presentation
RAMCO AMS PresentationRAMCO AMS Presentation
RAMCO AMS Presentationramcoams
 
IBM Aspera - Moving the world’s data at maximum speed
IBM Aspera - Moving the world’s data at maximum speedIBM Aspera - Moving the world’s data at maximum speed
IBM Aspera - Moving the world’s data at maximum speedMohamed Morsi
 
Webinar: Is the Cloud Right for You 2016-10-18
Webinar: Is the Cloud Right for You 2016-10-18Webinar: Is the Cloud Right for You 2016-10-18
Webinar: Is the Cloud Right for You 2016-10-18TechSoup
 
CAF Workshop BCNet2014
CAF Workshop BCNet2014CAF Workshop BCNet2014
CAF Workshop BCNet2014Chris Phillips
 
DAIR programme and relevance for FIRE
DAIR programme and relevance for FIREDAIR programme and relevance for FIRE
DAIR programme and relevance for FIREFuture Internet Research and Experimentation - FIRE
 
Eduroam: A current view of the worldwide service
Eduroam: A current view of the worldwide serviceEduroam: A current view of the worldwide service
Eduroam: A current view of the worldwide serviceChris Phillips
 
Gab Genai Cloudera - Going Beyond Traditional Analytic
Gab Genai Cloudera - Going Beyond Traditional Analytic Gab Genai Cloudera - Going Beyond Traditional Analytic
Gab Genai Cloudera - Going Beyond Traditional Analytic IntelAPAC
 
All Things eduroam
All Things eduroamAll Things eduroam
All Things eduroamChris Phillips
 
ION Costa Rica Opening Slides
ION Costa Rica Opening SlidesION Costa Rica Opening Slides
ION Costa Rica Opening SlidesDeploy360 Programme (Internet Society)
 
Superfast Business - Moving to the Cloud
Superfast Business - Moving to the CloudSuperfast Business - Moving to the Cloud
Superfast Business - Moving to the CloudSuperfast Business
 
Ready, Set, SD-WAN: Best Practices for Assuring Branch Readiness
Ready, Set, SD-WAN: Best Practices for Assuring Branch ReadinessReady, Set, SD-WAN: Best Practices for Assuring Branch Readiness
Ready, Set, SD-WAN: Best Practices for Assuring Branch ReadinessThousandEyes
 
SD-WAN & Hybrid-WAN Solutions for CSPs
SD-WAN & Hybrid-WAN Solutions for CSPsSD-WAN & Hybrid-WAN Solutions for CSPs
SD-WAN & Hybrid-WAN Solutions for CSPsRicky Pierson
 
Building Successful API Programs in Higher Education
Building Successful API Programs in Higher EducationBuilding Successful API Programs in Higher Education
Building Successful API Programs in Higher Education3scale
 
Jisc trust and identity update
Jisc trust and identity updateJisc trust and identity update
Jisc trust and identity updateJisc
 
Rdfa semtech2011
Rdfa semtech2011Rdfa semtech2011
Rdfa semtech2011Barbara Starr
 
Qtility software ltd
Qtility software ltdQtility software ltd
Qtility software ltdclarkems
 
20190523 archiver fim
20190523 archiver fim20190523 archiver fim
20190523 archiver fimArchiver
 
From Monoliths to Services: Paying Your Technical Debt
From Monoliths to Services: Paying Your Technical DebtFrom Monoliths to Services: Paying Your Technical Debt
From Monoliths to Services: Paying Your Technical DebtTechWell
 
The New Frontier: Optimizing Big Data Exploration
The New Frontier: Optimizing Big Data ExplorationThe New Frontier: Optimizing Big Data Exploration
The New Frontier: Optimizing Big Data ExplorationInside Analysis
 
Solution Centric Architectural Presentation - A Journey from Data Paralysis t...
Solution Centric Architectural Presentation - A Journey from Data Paralysis t...Solution Centric Architectural Presentation - A Journey from Data Paralysis t...
Solution Centric Architectural Presentation - A Journey from Data Paralysis t...Denodo
 
How to Leverage SAFe 5.0 for Your Enterprise Cloud Strategy
How to Leverage SAFe 5.0 for Your Enterprise Cloud StrategyHow to Leverage SAFe 5.0 for Your Enterprise Cloud Strategy
How to Leverage SAFe 5.0 for Your Enterprise Cloud StrategyCprime
 
A non-technical introduction to Cloud Computing
A non-technical introduction to Cloud ComputingA non-technical introduction to Cloud Computing
A non-technical introduction to Cloud ComputingWilliam Pourmajidi
 
TNC2014 Think Globally act locally: Simplifying Federated technologies
TNC2014 Think Globally act locally: Simplifying Federated technologiesTNC2014 Think Globally act locally: Simplifying Federated technologies
TNC2014 Think Globally act locally: Simplifying Federated technologiesChris Phillips
 
National Federation Perspectives & Insights
National Federation Perspectives & InsightsNational Federation Perspectives & Insights
National Federation Perspectives & InsightsChris Phillips
 

Weitere ähnliche Inhalte

Ähnlich wie CANARIE Canadian Access Federation Update @ Internet2 Identity Week 2013

Webinar: Is the Cloud Right for You 2016-10-18
Webinar: Is the Cloud Right for You 2016-10-18Webinar: Is the Cloud Right for You 2016-10-18
Webinar: Is the Cloud Right for You 2016-10-18TechSoup
 
CAF Workshop BCNet2014
CAF Workshop BCNet2014CAF Workshop BCNet2014
CAF Workshop BCNet2014Chris Phillips
 
Eduroam: A current view of the worldwide service
Eduroam: A current view of the worldwide serviceEduroam: A current view of the worldwide service
Eduroam: A current view of the worldwide serviceChris Phillips
 
Gab Genai Cloudera - Going Beyond Traditional Analytic
Gab Genai Cloudera - Going Beyond Traditional Analytic Gab Genai Cloudera - Going Beyond Traditional Analytic
Gab Genai Cloudera - Going Beyond Traditional Analytic IntelAPAC
 
Superfast Business - Moving to the Cloud
Superfast Business - Moving to the CloudSuperfast Business - Moving to the Cloud
Superfast Business - Moving to the CloudSuperfast Business
 
Ready, Set, SD-WAN: Best Practices for Assuring Branch Readiness
Ready, Set, SD-WAN: Best Practices for Assuring Branch ReadinessReady, Set, SD-WAN: Best Practices for Assuring Branch Readiness
Ready, Set, SD-WAN: Best Practices for Assuring Branch ReadinessThousandEyes
 
SD-WAN & Hybrid-WAN Solutions for CSPs
SD-WAN & Hybrid-WAN Solutions for CSPsSD-WAN & Hybrid-WAN Solutions for CSPs
SD-WAN & Hybrid-WAN Solutions for CSPsRicky Pierson
 
Building Successful API Programs in Higher Education
Building Successful API Programs in Higher EducationBuilding Successful API Programs in Higher Education
Building Successful API Programs in Higher Education3scale
 
Jisc trust and identity update
Jisc trust and identity updateJisc trust and identity update
Jisc trust and identity updateJisc
 
Qtility software ltd
Qtility software ltdQtility software ltd
Qtility software ltdclarkems
 
20190523 archiver fim
20190523 archiver fim20190523 archiver fim
20190523 archiver fimArchiver
 
From Monoliths to Services: Paying Your Technical Debt
From Monoliths to Services: Paying Your Technical DebtFrom Monoliths to Services: Paying Your Technical Debt
From Monoliths to Services: Paying Your Technical DebtTechWell
 
The New Frontier: Optimizing Big Data Exploration
The New Frontier: Optimizing Big Data ExplorationThe New Frontier: Optimizing Big Data Exploration
The New Frontier: Optimizing Big Data ExplorationInside Analysis
 
Solution Centric Architectural Presentation - A Journey from Data Paralysis t...
Solution Centric Architectural Presentation - A Journey from Data Paralysis t...Solution Centric Architectural Presentation - A Journey from Data Paralysis t...
Solution Centric Architectural Presentation - A Journey from Data Paralysis t...Denodo
 
How to Leverage SAFe 5.0 for Your Enterprise Cloud Strategy
How to Leverage SAFe 5.0 for Your Enterprise Cloud StrategyHow to Leverage SAFe 5.0 for Your Enterprise Cloud Strategy
How to Leverage SAFe 5.0 for Your Enterprise Cloud StrategyCprime
 
A non-technical introduction to Cloud Computing
A non-technical introduction to Cloud ComputingA non-technical introduction to Cloud Computing
A non-technical introduction to Cloud ComputingWilliam Pourmajidi
 

Ähnlich wie CANARIE Canadian Access Federation Update @ Internet2 Identity Week 2013 (20)

Webinar: Is the Cloud Right for You 2016-10-18
Webinar: Is the Cloud Right for You 2016-10-18Webinar: Is the Cloud Right for You 2016-10-18
Webinar: Is the Cloud Right for You 2016-10-18
 
CAF Workshop BCNet2014
CAF Workshop BCNet2014CAF Workshop BCNet2014
CAF Workshop BCNet2014
 
DAIR programme and relevance for FIRE
DAIR programme and relevance for FIREDAIR programme and relevance for FIRE
DAIR programme and relevance for FIRE
 
Eduroam: A current view of the worldwide service
Eduroam: A current view of the worldwide serviceEduroam: A current view of the worldwide service
Eduroam: A current view of the worldwide service
 
Gab Genai Cloudera - Going Beyond Traditional Analytic
Gab Genai Cloudera - Going Beyond Traditional Analytic Gab Genai Cloudera - Going Beyond Traditional Analytic
Gab Genai Cloudera - Going Beyond Traditional Analytic
 
All Things eduroam
All Things eduroamAll Things eduroam
All Things eduroam
 
ION Costa Rica Opening Slides
ION Costa Rica Opening SlidesION Costa Rica Opening Slides
ION Costa Rica Opening Slides
 
Superfast Business - Moving to the Cloud
Superfast Business - Moving to the CloudSuperfast Business - Moving to the Cloud
Superfast Business - Moving to the Cloud
 
Ready, Set, SD-WAN: Best Practices for Assuring Branch Readiness
Ready, Set, SD-WAN: Best Practices for Assuring Branch ReadinessReady, Set, SD-WAN: Best Practices for Assuring Branch Readiness
Ready, Set, SD-WAN: Best Practices for Assuring Branch Readiness
 
SD-WAN & Hybrid-WAN Solutions for CSPs
SD-WAN & Hybrid-WAN Solutions for CSPsSD-WAN & Hybrid-WAN Solutions for CSPs
SD-WAN & Hybrid-WAN Solutions for CSPs
 
Building Successful API Programs in Higher Education
Building Successful API Programs in Higher EducationBuilding Successful API Programs in Higher Education
Building Successful API Programs in Higher Education
 
Jisc trust and identity update
Jisc trust and identity updateJisc trust and identity update
Jisc trust and identity update
 
Rdfa semtech2011
Rdfa semtech2011Rdfa semtech2011
Rdfa semtech2011
 
Qtility software ltd
Qtility software ltdQtility software ltd
Qtility software ltd
 
20190523 archiver fim
20190523 archiver fim20190523 archiver fim
20190523 archiver fim
 
From Monoliths to Services: Paying Your Technical Debt
From Monoliths to Services: Paying Your Technical DebtFrom Monoliths to Services: Paying Your Technical Debt
From Monoliths to Services: Paying Your Technical Debt
 
The New Frontier: Optimizing Big Data Exploration
The New Frontier: Optimizing Big Data ExplorationThe New Frontier: Optimizing Big Data Exploration
The New Frontier: Optimizing Big Data Exploration
 
Solution Centric Architectural Presentation - A Journey from Data Paralysis t...
Solution Centric Architectural Presentation - A Journey from Data Paralysis t...Solution Centric Architectural Presentation - A Journey from Data Paralysis t...
Solution Centric Architectural Presentation - A Journey from Data Paralysis t...
 
How to Leverage SAFe 5.0 for Your Enterprise Cloud Strategy
How to Leverage SAFe 5.0 for Your Enterprise Cloud StrategyHow to Leverage SAFe 5.0 for Your Enterprise Cloud Strategy
How to Leverage SAFe 5.0 for Your Enterprise Cloud Strategy
 
A non-technical introduction to Cloud Computing
A non-technical introduction to Cloud ComputingA non-technical introduction to Cloud Computing
A non-technical introduction to Cloud Computing
 

Mehr von Chris Phillips

TNC2014 Think Globally act locally: Simplifying Federated technologies
TNC2014 Think Globally act locally: Simplifying Federated technologiesTNC2014 Think Globally act locally: Simplifying Federated technologies
TNC2014 Think Globally act locally: Simplifying Federated technologiesChris Phillips
 
National Federation Perspectives & Insights
National Federation Perspectives & InsightsNational Federation Perspectives & Insights
National Federation Perspectives & InsightsChris Phillips
 
Scim2012 q1update chrisphillips
Scim2012 q1update chrisphillipsScim2012 q1update chrisphillips
Scim2012 q1update chrisphillipsChris Phillips
 
Chris Phillips SCIM Mace-Dir Internet2 Fall Member Meeting Refresh
Chris Phillips SCIM Mace-Dir Internet2 Fall Member Meeting RefreshChris Phillips SCIM Mace-Dir Internet2 Fall Member Meeting Refresh
Chris Phillips SCIM Mace-Dir Internet2 Fall Member Meeting RefreshChris Phillips
 
Canarie Federated Non Web Signon
Canarie Federated Non Web SignonCanarie Federated Non Web Signon
Canarie Federated Non Web SignonChris Phillips
 
Canarie CAF-eduroam Technical Workshop
Canarie CAF-eduroam Technical WorkshopCanarie CAF-eduroam Technical Workshop
Canarie CAF-eduroam Technical WorkshopChris Phillips
 
Canarie CAF- Shibboleth Workshop Topics
Canarie CAF- Shibboleth Workshop TopicsCanarie CAF- Shibboleth Workshop Topics
Canarie CAF- Shibboleth Workshop TopicsChris Phillips
 
Moonshot Brainstorming Strawman
Moonshot Brainstorming StrawmanMoonshot Brainstorming Strawman
Moonshot Brainstorming StrawmanChris Phillips
 
Moonshot Brainstorming Strawman
Moonshot Brainstorming StrawmanMoonshot Brainstorming Strawman
Moonshot Brainstorming StrawmanChris Phillips
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethChris Phillips
 
CANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interestCANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interestChris Phillips
 

Mehr von Chris Phillips (11)

TNC2014 Think Globally act locally: Simplifying Federated technologies
TNC2014 Think Globally act locally: Simplifying Federated technologiesTNC2014 Think Globally act locally: Simplifying Federated technologies
TNC2014 Think Globally act locally: Simplifying Federated technologies
 
National Federation Perspectives & Insights
National Federation Perspectives & InsightsNational Federation Perspectives & Insights
National Federation Perspectives & Insights
 
Scim2012 q1update chrisphillips
Scim2012 q1update chrisphillipsScim2012 q1update chrisphillips
Scim2012 q1update chrisphillips
 
Chris Phillips SCIM Mace-Dir Internet2 Fall Member Meeting Refresh
Chris Phillips SCIM Mace-Dir Internet2 Fall Member Meeting RefreshChris Phillips SCIM Mace-Dir Internet2 Fall Member Meeting Refresh
Chris Phillips SCIM Mace-Dir Internet2 Fall Member Meeting Refresh
 
Canarie Federated Non Web Signon
Canarie Federated Non Web SignonCanarie Federated Non Web Signon
Canarie Federated Non Web Signon
 
Canarie CAF-eduroam Technical Workshop
Canarie CAF-eduroam Technical WorkshopCanarie CAF-eduroam Technical Workshop
Canarie CAF-eduroam Technical Workshop
 
Canarie CAF- Shibboleth Workshop Topics
Canarie CAF- Shibboleth Workshop TopicsCanarie CAF- Shibboleth Workshop Topics
Canarie CAF- Shibboleth Workshop Topics
 
Moonshot Brainstorming Strawman
Moonshot Brainstorming StrawmanMoonshot Brainstorming Strawman
Moonshot Brainstorming Strawman
 
Moonshot Brainstorming Strawman
Moonshot Brainstorming StrawmanMoonshot Brainstorming Strawman
Moonshot Brainstorming Strawman
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
 
CANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interestCANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interest
 

Kürzlich hochgeladen

Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchirictsugar
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
Chapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditChapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditNhtLNguyn9
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxmbikashkanyari
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 

Kürzlich hochgeladen (20)

Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchir
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Chapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditChapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal audit
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 

CANARIE Canadian Access Federation Update @ Internet2 Identity Week 2013

  • 1. REFEDS Update on Canadian Access Federation Chris Phillips | Nov11,2013 | Internet2 idweek2013 | San Francisco www.canarie.ca
  • 2. About CANARIE Operates Canada’s ultrahigh-bandwidth research network •  Connects one million users at 1,100 institutions, “big science” facilities like TRIUMF, NEPTUNE, CLS, SNOLAB, and to Compute Canada HPC consortia •  19,000km of fibre with a 40 Gbps backbone •  Funds programs that enable greater access to research data, tools and peers and to stimulate the ICT sector Operator of the Canadian Access Federation •  SAML federation based on Shibboleth •  Canadian Eduroam 802.1x wireless roaming operator •  eduGAIN participant Primary investment from Government of Canada - $480 M since 1993 Map date: 29 May 2012 www.canarie.ca 2
  • 3. About CANARIE Operates Canada’s ultrahigh-bandwidth research network •  Connects one million users at 1,100 institutions, “big science” facilities like TRIUMF, NEPTUNE, CLS, SNOLAB, and to Compute Canada HPC consortia •  19,000km of fibre with a 40 Gbps backbone •  Funds programs that enable greater access to research data, tools and peers and to stimulate the ICT sector Additional Programs Operator of the Canadian DAIR - Digital Accelerator for Innovation and Research Access Federation An on-demand, advanced R&D cloud environment that supports Canada’s •  SAML federation based on Shibboleth tech innovators. Openstack based, with 2 regions (Alberta, Quebec). •  Canadian Eduroam 802.1x wireless roaming operator RPI - Research Platform Infrastructure •  eduGAIN participant An investment in middleware by CANARIE that leverages existing platforms & Primary investment is the evolution of the NEP program. Reduces duplication, increases re-use from Government of and collaboration between programs. http://science.canarie.ca/ Canada - $480 M since 1993 NEP - Network Enabled Platforms Similar in nature to GEANT opencall. Research initiatives showing innovative uses of the network. Has evolved to be even more collaborative and generates new interfaces/ RPI services to be reused between projects. Map date: 29 May 2012 www.canarie.ca 3
  • 4. This is what it feels like trying to collaborate…. Image: Phil Roeder - Flickr www.canarie.ca 4
  • 5. This is how we want it to feel. www.canarie.ca 5
  • 6. How? Facilitate collaboration at the largest scale possible. www.canarie.ca
  • 7. How? t st bu Easie ! d ruste t v Facilitate collaboration at the largest scale possible. ! lessly Seam v www.canarie.ca
  • 8. Roaming wireless •  •  •  •  International wireless roaming Ability to automatically sign on using your home credential Reduces barriers to mobile users Worldwide and expanding coverage: •  Canada: 64 sites •  65 countries worldwide Successful Logins 2,000,000 1,500,000 1,000,000 500,000 - •  •  •  •  International Canada ~3M logins Sept 2013 2.5x traffic growth in 1yr 48 sites ~50% universities in Canada 40% growth in sites in 1yr Federated identity •  Federated Single Sign On for services •  Web and non web sign on •  Authentication •  Authorization •  Attribute release •  Across different security domains Interfederation •  International wireless roaming •  • eduGAIN to automatically sign on Ability as primary, exploring other direct relationships using your home credential •  • Bridge to internationalto mobile Reduces barriers community •  Enables CAF participants to: users •  Accept identities inbound •  Worldwide and expanding from outside Canada to coverage: • Canadian services Canada: 48 sites •  • Use Canadian identities in 60 countries worldwide services outside Canada Total CAF enabled users – SAML & eduroam 1,040,000 1,020,000 1,000,000 980,000 960,000 940,000 920,000 900,000 880,000 1,011,793 1,020,387 986,765 937,000 •  24 Service Providers – 160% increase in 1yr •  21 Identity Providers www.canarie.ca •  Int’l NREN CEO Forum placed eduGAIN as a key effort •  CAF was early adopter - joined last year when there were 8, and eduGAIN now has 20 countries
  • 9. A Glimpse at eduroam traffic eduroam Successful Logins - up to Oct 30,2013 4,000,000 25.00% 3,500,000 20.00% 2,500,000 15.00% 2,000,000 10.00% 1,500,000 1,000,000 5.00% 500,000 - 0.00% www.canarie.ca % No Reply from Server Successful Log ins 3,000,000 International Canada
  • 10. Closing the gap •  Eduroam evidence of success àWhy not same for FSSO? •  Talked to new & old participants, other federations •  Analyzed over a years worth of data http://www.flickr.com/photos/asparagus_hunter/483841638/ asparagus hunter www.canarie.ca
  • 11. Regular Approach Identity Appliance Choose RADIUS server Install & Configure Test & Connect Supported Server installed Pre-configured Tested & Connected Choose platform Install & Configure Test & Connect Supported platform installed Pre-Configured Tested & Connected Why? •  •  •  •  Evolved approach to better match campus IT reality Reduced cost/effort to be CAF participant Simplifies CAF installation experience Easier day to day operations http://www.flickr.com/photos/madison_guy/3386919046/sizes/o/in/photostream/ Madison Guy www.canarie.ca
  • 12. Regular Approach Identity Appliance Choose RADIUS server Install & Configure Test & Connect Supported Server installed Pre-configured Tested & Connected Choose platform Install & Configure Test & Connect Supported platform installed Pre-Configured Tested & Connected Why? Deeper A Bit •  •  •  •  •  •  •  Reviewed many styles, better match doing both eduroam Evolved approach tobut no one really campus IT reality AND Federated cost/effort to Reduced SSO w/SAML be CAF participant Inspired by many DevOps style approaches, adopted installer Simplifies CAF installation experience based model (SWAMID approach, others influencial too) Easier dayalpha now, FedSSO going through test cycles eduroam in to day operations •  Sites will be connected to both eduroam & eduGAIN http://www.flickr.com/photos/madison_guy/3386919046/sizes/o/in/photostream/ Madison Guy www.canarie.ca
  • 13. Inter-federation •  In use and business as usual •  Eduroam Configuration Assistant Tool(CAT) driving current IdPs •  Appliance approach will see sites joining eduGAIN when they join CAF. www.canarie.ca
  • 14. Eduroam CAT service (accessed via eduGAIN) •  Builds & hosts profile installers for all platforms and devices(MSFT,App le, Linux) •  Profile = specific configuration on your device to connect to the network www.canarie.ca
  • 15. Signing on to Manage Your eduroam Site •  Access is only for site admins •  Requires Federated Single Sign On + invitation one time link •  Can create multiple admins •  Can create multiple ‘profiles’ for testing prior to release. •  Production Profiles can be downloaded via CAT www.canarie.ca
  • 16. Once Signed in Snapshot of eduroam CAT •  •  •  •  # of federations with at least 1 production Idp: 30 Total idps registered: 391 IdPs which enabled public download interface: 264 End User Downloads of installersso far : 162,289 www.canarie.ca
  • 17. Sub-national Topic •  Different groups across Canada expressed interest in ‘CAF+ . . .’ •  Needs were diverse yet common: additional schema, workflow for special sets of entities only, allow entities to be members of multiple sets, notify about joining set. •  View is that it can be done centrally through CAF, but tools & processes need improvements www.canarie.ca
  • 18. Unified Collaboration & Interconnection CAF SP SP SP Idp Idp Idp Special Interest Trust Groups SP SP Idp Higher Assurance Local Fed Idp SP SP Local Fed Idp SP SP •  Efficient, least effort for SP/IdP •  Local fed incubates federation aware apps •  SITG can leverage common infrastructure, and overlay special attribute sets & specific policies Idp www.canarie.ca
  • 19. Improving Tools •  Federation Operations needed to rise to the challenge •  Federation Registry tools space has very rich offerings (AAF: Fed’n Mgr, HEANET: Resource Registry, REEP to name a few) •  Tough to choose because of the great work out there •  Gravitated to HEANET RR http://www.flickr.com/photos/chazferret/2075442918/ www.canarie.ca
  • 20. Skating to where the puck will be •  Our usual ‘customers’ are changing, we need to as well. •  Centralized services with delegation functionality avoid duplication of effort in the community and saves time and effort for sites http://www.flickr.com/photos/mag3737/1997114236/ mag3737 www.canarie.ca
  • 21. Seed Topics for the ACAMP •  Effective Attribute release from IdPs •  Centralized authorization and user preferences being sought – should we run an instance of grouper or CoManage? •  Non web SAML for restful webservices, looking for some interesting approaches •  Interested in any mobile plays for Fed. SSO on smartphones. http://www.flickr.com/photos/the_yes_man/4648999621/sizes/l/in/photostream/ www.canarie.ca
  • 24. Digital Accelerator for Innovation and Research (DAIR) An on-demand, advanced R&D environment that supports Canada’s tech innovators and entrepreneurs in designing, prototyping, validating and demonstrating their new technology apps, products and services. www.canarie.ca/en/dair INTERNET Cloud Computing and Storage + Optical Regional Advanced Networks (ORANs) Réseaux optiques régionaux évolués (ROREs) www.canarie.ca Infonuagique et stockage