SlideShare a Scribd company logo
1 of 58
Download to read offline
Parallel session K:
Trust and identity
Chair: Josh Howlett
Please switch your mobile phones to silent
12:45
No fire alarms scheduled. In the event of an
alarm, please follow directions of NCC staff
Networkshop closes.
Light lunch (including ‘grab bag’ option)
Update on
Jisc’s trust and
identity services
Simon Cooper, trust and identity operations group, Jisc
Agenda
»What services are trust and identity?
»The four services supported
» Update on services and new developments
13/04/2017 Jisc trust and identity services update
What services are trust and identity?
»The operations group supports:
› Assent
› Certificate service
› Domain registry service
› UK Access Management Federation
» 1,400 members and customers
»A new fifth service…
13/04/2017 Jisc trust and identity services update
Assent
»Underlying Moonshot technology - RADIUS and SAML
»Steady uptake
»National Pathfinder project and other big
research projects
»Developments:
› Support for Mac clients, UX development, Dynamic
Trust Router
»Future - hosting of trust and identity service infrastructures
13/04/2017 Jisc trust and identity services update
Certificate service
»10 year anniversary and 700 members
»Over 90,000 certs issued
»Service with QuoVadis since May 2015
› High assurance ExtendedValidation
› S/MIME for email signing
13/04/2017 Jisc trust and identity services update
Certificate service
13/04/2017 Jisc trust and identity services update
Certificate service
»Ten year anniversary and 700 members
»Over 90,000 certs issued
»Service with QuoVadis since May 2015
› High assurance extended validation
› S/MIME for email signing
»Stability - no procurement for at least 2 years
13/04/2017 Jisc trust and identity services update
Domain registry
»Registry for all .ac.uk and gov.uk domains
»Over 5,000 .ac.uk and 3,000 .gov.uk
»Online portal available for all domain owners
and registrars
»New portal functionality rolled out
»ICANN accreditation?
13/04/2017 Jisc trust and identity services update
UK Access Management Federation
»10 years of operation
»4,000 entities and 1,100 members
»What’s changed?
»What’s next?
› Technical enhancements e.g. MDQ and
Self-service portal
› Support of SIRTFY, CodeOfConduct and Research
and scholarship entity category
13/04/2017 Jisc trust and identity services update
Liberate – ManagedTrust and identity services IdP
»Integrates with Active Directory
»Lowers the barrier to adoption of UK AMF, eduroam
and Assent
»Timescales for launch
› piloting with public libraries
› beta service in early July
»Production service September 2017
»Further info http://ji.sc/managed-idp and
liberate@jisc.ac.uk
13/04/2017 Jisc trust and identity services update
Trust and identity services
»Where are we?
› Stable services in place, fully supported
› Continuous improvement
»How can we be better?
› Technical functionality?
› Policy?
› New products?
»Contact point:TrustAndIdentity@jisc.ac.uk
13/04/2017 Jisc trust and identity services update
jisc.ac.uk
Questions?
Simon Cooper
Trust & Identity Service Group Manager
Email: simon.cooper@jisc.ac.uk
Services:TrustAndIdentity@jisc.ac.uk
jisc.ac.uk/network/authentication
13/04/2017 Jisc trust and identity services update
National AAAI
pathfinder project
JeremyYates, UCL
The National AAAI
Pathfinder Pilot
A project funded by the Research Councils and JISC to
develop a simplified access and user management service for
the UK’s research computing community.
March 2017
Why are we doing this
• The UK National eInfrastructure is now in a position to greatly
simplify its access control infrastructure to a range of services such as
Cloud, data services, HPC and Grid computing
• Simplified sign-on reducing need for multiple credentials
• Flexible deployment models Assent can be deployed using any
model (centralised, distributed, Cloud).
• Minimal ongoing management and specific communities are able to
manage it themselves.
• Standards based – all protocols are international (IETF) standards
Benefits for research communities
• More applications and services to be accessed via a federated identity. Assent
extends the range of applications and services that can consume federated
identity and improves the security of your services by controlling access to
resources.
• Lower operational costs by using existing infrastructure to unify all of our trust
technologies and drive down operational costs. This reduces the cost and time to
create new services and minimises the administration associated with providing
secure user access to resources.
• Builds on existing technologies. Assent builds on the existing technologies that
underpin eduroam and the UK Access Management Federation services.
• The UK to federate efficiently with non-UK and International projects that use
other access control technologies such as X509 certificates. The need for
federated identity management to support research and promote collaborations
is widely recognised
Pathfinder AAAI Project - Sep 2016 to June 2017
Jisc’s Assent service, to provide
users with a common, single sign on
mechanism that integrates with
institutional identity management
systems to confirm a researcher’s
identity; and its peer systems
overseas.
Existing virtual organisation (VO) systems, such as the EPPC’s
SAFE management infrastructure.
A High Assurance Network and
two-factor authentication, where
appropriate, for secure data access
and transport e.g. JISC’s SafeShare
service. The outputs will be secure and very secure versions of a common
AAAI application which integrates Assent and SAFE. This will also
be able to federate with SAML and X.509 identity management
systems which is a requirement for international collaborations.
• A series of Pilots will produce common prototype applications and services that
facilitate the Authentication, Authorisation and Accounting Infrastructure (AAAI)
• These Pilots will demonstrate
• Successful use of a common AAAI in the field for Engineering, Physical
Sciences and Medical Health research
• Successful use of a common AAAI in the context of HEI service delivery
• Successful use of a common AAAI when federating with international
services and research projects
• This common AAAI will include services to facilitate secure data access for
health, government and business data.
• A technical architecture and business case will be produced to construct and
operate a National AAAI Service, which will facilitate a common AAAI for all NeI
Projects in the RCUK domain. It will enable secure access and use by third
parties such as Government and Business.
What is it made of?
• Users will be provided with a common interface and single-sign-on features.
• This will use institutional HR data to confirm a researcher’s identity
• This is the Jisc Assent Service.
• We are leveraging existing virtual organisation systems such as the National Service SAFE
management infrastructure.
• Data and resources can be securely shared between projects irrespective of researcher location.
• Where information security is paramount, such as health and government records, data are
automatically encrypted prior to transfer.
• This is the JISC Safe Share project.
• Opens door to integration of main NeI projects
• Single Sign on: Removes a major barrier to access for users
• Enables hardware to be shared across domains
• From a service provider perspective this encourages aggregation and pooling of resources
• Allows cloud and data services to work effectively, efficiency and appropriately
• You know who I am, what I can do, how I’ll be measured, and where I live
• In addition, the EPCC SAFE framework provides the complementary capabilities of accounting
and resource management of computing facilities. This makes it ideal for this pilot
• The related Jisc Safe Share project will soon provide a Higher Assurance Network and support
two-factor authentication for projects requiring additional security.
How Assent Works – think eduroam and radius
server…
Meet the team
• Josh Howlett, Jeremy Yates, Jacky Pallas, Kostas Kavoussanakis,
Stephen Booth, Richard Sanders, Gareth Francis, Stefan Paetow, Lydia
Heck, Stuart Rankin, David Fergusson, Bruno Silva, Stephen Young,
Dugan Witherick, Jens Jensen, Alan Real, Andrew Sansum, Mark
Parsons
• JISC, EPCC, RAL, Durham, eMedLab, Sanger, QMUL, Cambridge,
Oxford, Crick
Work Packages
1. Work package 1: Integration of SAFE with Assent
2. Work package 2: Local deployment pilot
3. Work package 3: Assent integration with Virtual Organisation
infrastructure
4. Work package 4: Productisation
Outputs
1. A pilot AAAI infrastructure comprising multiple sites and projects, built on
existing assets and capabilities, tested in the following production settings:
• A University HPC ecosystem – University of Oxford
• A Regional HPC ecosystem – N8
• A national HPC ecosystem – DiRAC
• A Secure Ecosystem – eMedLab
2. Demonstration of interoperability with other non-SAFE and non-Assent
technologies. This is necessary for gaining access to non-UK resources e.g.
wLCG, Elixir, EGI, EUDAT, PRACE.
3. A route towards productisation of the outputs and findings of the
pathfinder through a Technical Architecture and a Business Case for a
future national AAAI.
Milestones
Reporting Point:
Month End
Work Package Outputs
2 WP1.1 Setting up Assent for use at eMedLab, N8 and DiRAC
3 WP1.2 Identity Provider service prototype completed. Report on use at DiRAC site
2 WP1.3 Prototype Application that combines SAFE and Assent, Report on use at
eMedLab & N8
5 WP2 WP2: Report on Application of SAFE to managing projects at local HPC facilities
5 WP3.1 WP3.1: Prototype SAFE+Assent that can use SAML. This will allow Virtual
Organisations to manage authorisation for Assent-based authentication.
8 WP3.2 WP3.2: Construct a working API that will bridge Assent with other
authentication technologies, such as X.509.
Report on 3.1 and 3.2 progress.
Final Report 10 WP4.1 and
WP4.2
Technical Architecture and Business Case for proposed National AAAI Service
Progress (March 2017)
Work
Package
Progress What this means
WP 1.1 Completed Set up Assent at Durham and Edinburgh. Integrated SAFE and Assent and tested at Durham
WP 1.2 Completed Assent IdP set up by EPCC. Can generate attributes without reference to HEIs. Helpful for non
academic users
WP 1.3 Delayed Testing Assent and SAFE in a secure environment and on an OpenStack system; eMedLab, Crick,
QMUL, Sanger are installing Assent, OSP upgrade delayed testing until May 2017
WP 2 Will start in May 17 Use Assent and SAFE in a HEI environment
WP 3.1 Completed DiRAC SAFE can provide user attributes to Assent. OpenSAML attribute authority was linked to SAFE
database and can be linked to Assent
WP 3.2 Started March 24th Deliver a credential conversion service that enables users with
sufficiently high levels of assurance (through their Assent IdP) to obtain
a certificate from an IGTF CA
WP 4.1,
WP4.2
Started Consultation on business model with NeI PDG and HPC-SIG members
Other Opportunities
• Possible test project with Elixir (WP 3.2)
• Possible test project with the Hartree Centre (WP1.2)
• Possible test project with AWS (WP3.1)
• Possible test project with a second Openstack service (MRC CLIMB
WP3.1)
Proposed architecture
• A composite of three separate but complementary capabilities
• SafeShare
• Provides high assurance connectivity using encrypted tunnels
• Imminent launch of Jisc service
• Assent
• Provides secure federated authentication & attributes
• A Jisc service with 20 member organisations
• SAFE
• Provides accounting, reporting, and resource management
• Software provided by EPCC, some of it supported by funding from Jisc
• A composite service does not have composite users!
• How can we construct a coherent proposition, such that the different
stakeholders can deploy and use the respective services without resulting in
confusion?
Developing the Business Case
• SAFE delivery model
1. Would users of SAFE prefer to consume it as packaged software, or as Software as
a Service, or both?
• Ancillary capabilities
2. For each delivery model, what ancillary capabilities might be desirable?
• Packaged software: software development, deployment consultancy
• SaaS: ???
• Both: technical support, project management
• Sustainability
• Assent is currently funded by Jisc
• SafeShare will be funded by its users through a separate service subscription
• “SAFE as packaged software” probably implies some form of centralised funding;
“SAFE as SaaS” allows for a subscription model
3. How should a composite service be funded?
Summary
• Seven Research Councils and JISC have committed funding and
resource to a National AAAI Pathfinder Pilot
• Benefits to the research community include simplified sign-on (users)
and streamlined user management (infrastructure providers)
• The pilot integrates existing services and software and is testing this
in a range of environments
• University, regional resource, private cloud, industry, international links
• Scale-up and sustainability addressed through a robust evaluation of
a business case
jisc.ac.uk
JeremyYates
UCL
Better together!
Kiara Wierenga, Geant
13/04/2017Infrastructure Division Update
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
Parallel session: trust and identity
jisc.ac.uk
KlaasWierenga,
Geant
13/04/2017 Infrastructure Division Update

More Related Content

What's hot

Kit-Catalogue - Discovering the Value of Equipment Sharing - Universities UK ...
Kit-Catalogue - Discovering the Value of Equipment Sharing - Universities UK ...Kit-Catalogue - Discovering the Value of Equipment Sharing - Universities UK ...
Kit-Catalogue - Discovering the Value of Equipment Sharing - Universities UK ...Martin Hamilton
 
Directions in research data management - Jisc Digital Festival 2015
Directions in research data management - Jisc Digital Festival 2015Directions in research data management - Jisc Digital Festival 2015
Directions in research data management - Jisc Digital Festival 2015Jisc
 
Repository and preservation systems
Repository and preservation systemsRepository and preservation systems
Repository and preservation systemsJisc
 
Open access - a guide to Jisc's evolving offer to universities - Jisc Digital...
Open access - a guide to Jisc's evolving offer to universities - Jisc Digital...Open access - a guide to Jisc's evolving offer to universities - Jisc Digital...
Open access - a guide to Jisc's evolving offer to universities - Jisc Digital...Jisc
 
Stakeholder forum 2015 - The way forward together - Phil Richards
Stakeholder forum 2015 - The way forward together - Phil RichardsStakeholder forum 2015 - The way forward together - Phil Richards
Stakeholder forum 2015 - The way forward together - Phil RichardsJisc
 
End to end performance - Networkshop44
End to end performance -  Networkshop44End to end performance -  Networkshop44
End to end performance - Networkshop44Jisc
 
How have we done?
How have we done?How have we done?
How have we done?Jisc
 
Collaboration through technology: moving from possibility to practice - Marti...
Collaboration through technology: moving from possibility to practice - Marti...Collaboration through technology: moving from possibility to practice - Marti...
Collaboration through technology: moving from possibility to practice - Marti...Jisc
 
Application of Assent in the safe - Networkshop44
Application of Assent in the safe -  Networkshop44Application of Assent in the safe -  Networkshop44
Application of Assent in the safe - Networkshop44Jisc
 
Stakeholder strategic update 2021 - England
Stakeholder strategic update 2021 - EnglandStakeholder strategic update 2021 - England
Stakeholder strategic update 2021 - EnglandJisc
 
Stakeholder strategic update 2021 - Scotland
Stakeholder strategic update 2021 - ScotlandStakeholder strategic update 2021 - Scotland
Stakeholder strategic update 2021 - ScotlandJisc
 
The Kent PSN, govroam and HSCN
The Kent PSN, govroam and HSCNThe Kent PSN, govroam and HSCN
The Kent PSN, govroam and HSCNJisc
 
Closing plenary - John Wilkin and David Maguire
Closing plenary - John Wilkin and David MaguireClosing plenary - John Wilkin and David Maguire
Closing plenary - John Wilkin and David MaguireJisc
 
Why I love Jisc - presentation from Paul Bartholomew
Why I love Jisc - presentation from Paul BartholomewWhy I love Jisc - presentation from Paul Bartholomew
Why I love Jisc - presentation from Paul BartholomewJisc
 
The way forward together
The way forward togetherThe way forward together
The way forward togetherJisc
 
Whats new in ict law - Networkshop44
Whats new in ict law - Networkshop44Whats new in ict law - Networkshop44
Whats new in ict law - Networkshop44Jisc
 
Introduction to Networkshop - Networkshop44 2016
Introduction to Networkshop - Networkshop44 2016Introduction to Networkshop - Networkshop44 2016
Introduction to Networkshop - Networkshop44 2016Jisc
 
Collaboration through technology: moving from possibility to practice - Tim B...
Collaboration through technology: moving from possibility to practice - Tim B...Collaboration through technology: moving from possibility to practice - Tim B...
Collaboration through technology: moving from possibility to practice - Tim B...Jisc
 
Jisc Support for Asset Sharing - Kit-Catalogue National User Group November 2014
Jisc Support for Asset Sharing - Kit-Catalogue National User Group November 2014Jisc Support for Asset Sharing - Kit-Catalogue National User Group November 2014
Jisc Support for Asset Sharing - Kit-Catalogue National User Group November 2014Martin Hamilton
 
How compliant is your institution? Meeting RCUK and REF metadata and policy r...
How compliant is your institution? Meeting RCUK and REF metadata and policy r...How compliant is your institution? Meeting RCUK and REF metadata and policy r...
How compliant is your institution? Meeting RCUK and REF metadata and policy r...Jisc
 

What's hot (20)

Kit-Catalogue - Discovering the Value of Equipment Sharing - Universities UK ...
Kit-Catalogue - Discovering the Value of Equipment Sharing - Universities UK ...Kit-Catalogue - Discovering the Value of Equipment Sharing - Universities UK ...
Kit-Catalogue - Discovering the Value of Equipment Sharing - Universities UK ...
 
Directions in research data management - Jisc Digital Festival 2015
Directions in research data management - Jisc Digital Festival 2015Directions in research data management - Jisc Digital Festival 2015
Directions in research data management - Jisc Digital Festival 2015
 
Repository and preservation systems
Repository and preservation systemsRepository and preservation systems
Repository and preservation systems
 
Open access - a guide to Jisc's evolving offer to universities - Jisc Digital...
Open access - a guide to Jisc's evolving offer to universities - Jisc Digital...Open access - a guide to Jisc's evolving offer to universities - Jisc Digital...
Open access - a guide to Jisc's evolving offer to universities - Jisc Digital...
 
Stakeholder forum 2015 - The way forward together - Phil Richards
Stakeholder forum 2015 - The way forward together - Phil RichardsStakeholder forum 2015 - The way forward together - Phil Richards
Stakeholder forum 2015 - The way forward together - Phil Richards
 
End to end performance - Networkshop44
End to end performance -  Networkshop44End to end performance -  Networkshop44
End to end performance - Networkshop44
 
How have we done?
How have we done?How have we done?
How have we done?
 
Collaboration through technology: moving from possibility to practice - Marti...
Collaboration through technology: moving from possibility to practice - Marti...Collaboration through technology: moving from possibility to practice - Marti...
Collaboration through technology: moving from possibility to practice - Marti...
 
Application of Assent in the safe - Networkshop44
Application of Assent in the safe -  Networkshop44Application of Assent in the safe -  Networkshop44
Application of Assent in the safe - Networkshop44
 
Stakeholder strategic update 2021 - England
Stakeholder strategic update 2021 - EnglandStakeholder strategic update 2021 - England
Stakeholder strategic update 2021 - England
 
Stakeholder strategic update 2021 - Scotland
Stakeholder strategic update 2021 - ScotlandStakeholder strategic update 2021 - Scotland
Stakeholder strategic update 2021 - Scotland
 
The Kent PSN, govroam and HSCN
The Kent PSN, govroam and HSCNThe Kent PSN, govroam and HSCN
The Kent PSN, govroam and HSCN
 
Closing plenary - John Wilkin and David Maguire
Closing plenary - John Wilkin and David MaguireClosing plenary - John Wilkin and David Maguire
Closing plenary - John Wilkin and David Maguire
 
Why I love Jisc - presentation from Paul Bartholomew
Why I love Jisc - presentation from Paul BartholomewWhy I love Jisc - presentation from Paul Bartholomew
Why I love Jisc - presentation from Paul Bartholomew
 
The way forward together
The way forward togetherThe way forward together
The way forward together
 
Whats new in ict law - Networkshop44
Whats new in ict law - Networkshop44Whats new in ict law - Networkshop44
Whats new in ict law - Networkshop44
 
Introduction to Networkshop - Networkshop44 2016
Introduction to Networkshop - Networkshop44 2016Introduction to Networkshop - Networkshop44 2016
Introduction to Networkshop - Networkshop44 2016
 
Collaboration through technology: moving from possibility to practice - Tim B...
Collaboration through technology: moving from possibility to practice - Tim B...Collaboration through technology: moving from possibility to practice - Tim B...
Collaboration through technology: moving from possibility to practice - Tim B...
 
Jisc Support for Asset Sharing - Kit-Catalogue National User Group November 2014
Jisc Support for Asset Sharing - Kit-Catalogue National User Group November 2014Jisc Support for Asset Sharing - Kit-Catalogue National User Group November 2014
Jisc Support for Asset Sharing - Kit-Catalogue National User Group November 2014
 
How compliant is your institution? Meeting RCUK and REF metadata and policy r...
How compliant is your institution? Meeting RCUK and REF metadata and policy r...How compliant is your institution? Meeting RCUK and REF metadata and policy r...
How compliant is your institution? Meeting RCUK and REF metadata and policy r...
 

Similar to Parallel session: trust and identity

Csc Company Profile
Csc Company ProfileCsc Company Profile
Csc Company ProfileWader Zhang
 
Trust and identity
Trust and identityTrust and identity
Trust and identityJisc
 
SCF Partners' Day: ETSI Multi-Access Edge Computing
SCF Partners' Day: ETSI Multi-Access Edge ComputingSCF Partners' Day: ETSI Multi-Access Edge Computing
SCF Partners' Day: ETSI Multi-Access Edge ComputingSmall Cell Forum
 
Prompting an EOSC in Practice, Isabel Campos, CSIC & Member of the High Level...
Prompting an EOSC in Practice, Isabel Campos, CSIC & Member of the High Level...Prompting an EOSC in Practice, Isabel Campos, CSIC & Member of the High Level...
Prompting an EOSC in Practice, Isabel Campos, CSIC & Member of the High Level...EOSC-hub project
 
Eduserv cloud services
Eduserv cloud servicesEduserv cloud services
Eduserv cloud servicesEduserv
 
Transformation through Innovation: A Strategy for Service Provider Success
Transformation through Innovation:  A Strategy for Service Provider SuccessTransformation through Innovation:  A Strategy for Service Provider Success
Transformation through Innovation: A Strategy for Service Provider SuccessCisco Service Provider
 
Transformation Through Innovation: A Strategy For Service Provider Success
Transformation Through Innovation: A Strategy For Service Provider SuccessTransformation Through Innovation: A Strategy For Service Provider Success
Transformation Through Innovation: A Strategy For Service Provider SuccessCisco Service Provider
 
Shared services - the future of HPC and big data facilities for UK research
Shared services - the future of HPC and big data facilities for UK researchShared services - the future of HPC and big data facilities for UK research
Shared services - the future of HPC and big data facilities for UK researchMartin Hamilton
 
Seguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloudSeguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloudNextel S.A.
 
Dennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptxDennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptxFIWARE
 
SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5Zaighum Malik 赞谋
 
RDM shared services at IDCC
RDM shared services at IDCCRDM shared services at IDCC
RDM shared services at IDCCJisc RDM
 
Dennis Kehoe - ECO 15: Digital connectivity in healthcare
Dennis Kehoe - ECO 15: Digital connectivity in healthcareDennis Kehoe - ECO 15: Digital connectivity in healthcare
Dennis Kehoe - ECO 15: Digital connectivity in healthcareInnovation Agency
 
Jisc research data shared service overview IDCC 2016
Jisc research data shared service overview IDCC 2016Jisc research data shared service overview IDCC 2016
Jisc research data shared service overview IDCC 2016Jisc RDM
 
RD shared services and research data spring
RD shared services and research data springRD shared services and research data spring
RD shared services and research data springJisc RDM
 
Building a Blockchain-based Reputation Infrastructure for Open Research. Ca...
  Building a Blockchain-based Reputation Infrastructure for Open Research. Ca...  Building a Blockchain-based Reputation Infrastructure for Open Research. Ca...
Building a Blockchain-based Reputation Infrastructure for Open Research. Ca...Carmen Holotescu
 
Building a Blockchain-based Reputation Infrastructure for Open Research. Case...
Building a Blockchain-based Reputation Infrastructure for Open Research. Case...Building a Blockchain-based Reputation Infrastructure for Open Research. Case...
Building a Blockchain-based Reputation Infrastructure for Open Research. Case...Carmen Holotescu
 
CANARIE: Network Enabled Platforms
CANARIE: Network Enabled PlatformsCANARIE: Network Enabled Platforms
CANARIE: Network Enabled PlatformsCybera Inc.
 

Similar to Parallel session: trust and identity (20)

Csc Company Profile
Csc Company ProfileCsc Company Profile
Csc Company Profile
 
Trust and identity
Trust and identityTrust and identity
Trust and identity
 
SCF Partners' Day: ETSI Multi-Access Edge Computing
SCF Partners' Day: ETSI Multi-Access Edge ComputingSCF Partners' Day: ETSI Multi-Access Edge Computing
SCF Partners' Day: ETSI Multi-Access Edge Computing
 
Prompting an EOSC in Practice, Isabel Campos, CSIC & Member of the High Level...
Prompting an EOSC in Practice, Isabel Campos, CSIC & Member of the High Level...Prompting an EOSC in Practice, Isabel Campos, CSIC & Member of the High Level...
Prompting an EOSC in Practice, Isabel Campos, CSIC & Member of the High Level...
 
Eduserv cloud services
Eduserv cloud servicesEduserv cloud services
Eduserv cloud services
 
Transformation through Innovation: A Strategy for Service Provider Success
Transformation through Innovation:  A Strategy for Service Provider SuccessTransformation through Innovation:  A Strategy for Service Provider Success
Transformation through Innovation: A Strategy for Service Provider Success
 
Transformation Through Innovation: A Strategy For Service Provider Success
Transformation Through Innovation: A Strategy For Service Provider SuccessTransformation Through Innovation: A Strategy For Service Provider Success
Transformation Through Innovation: A Strategy For Service Provider Success
 
Simplify Operations
Simplify OperationsSimplify Operations
Simplify Operations
 
Shared services - the future of HPC and big data facilities for UK research
Shared services - the future of HPC and big data facilities for UK researchShared services - the future of HPC and big data facilities for UK research
Shared services - the future of HPC and big data facilities for UK research
 
Seguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloudSeguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloud
 
Dennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptxDennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptx
 
SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5
 
Membership Intro Presentation
Membership Intro PresentationMembership Intro Presentation
Membership Intro Presentation
 
RDM shared services at IDCC
RDM shared services at IDCCRDM shared services at IDCC
RDM shared services at IDCC
 
Dennis Kehoe - ECO 15: Digital connectivity in healthcare
Dennis Kehoe - ECO 15: Digital connectivity in healthcareDennis Kehoe - ECO 15: Digital connectivity in healthcare
Dennis Kehoe - ECO 15: Digital connectivity in healthcare
 
Jisc research data shared service overview IDCC 2016
Jisc research data shared service overview IDCC 2016Jisc research data shared service overview IDCC 2016
Jisc research data shared service overview IDCC 2016
 
RD shared services and research data spring
RD shared services and research data springRD shared services and research data spring
RD shared services and research data spring
 
Building a Blockchain-based Reputation Infrastructure for Open Research. Ca...
  Building a Blockchain-based Reputation Infrastructure for Open Research. Ca...  Building a Blockchain-based Reputation Infrastructure for Open Research. Ca...
Building a Blockchain-based Reputation Infrastructure for Open Research. Ca...
 
Building a Blockchain-based Reputation Infrastructure for Open Research. Case...
Building a Blockchain-based Reputation Infrastructure for Open Research. Case...Building a Blockchain-based Reputation Infrastructure for Open Research. Case...
Building a Blockchain-based Reputation Infrastructure for Open Research. Case...
 
CANARIE: Network Enabled Platforms
CANARIE: Network Enabled PlatformsCANARIE: Network Enabled Platforms
CANARIE: Network Enabled Platforms
 

More from Jisc

Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxJisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxJisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptxJisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxJisc
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxJisc
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxJisc
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJisc
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxJisc
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptxJisc
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptxJisc
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxJisc
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptxJisc
 
ExpertsknightOct23.pptx
ExpertsknightOct23.pptxExpertsknightOct23.pptx
ExpertsknightOct23.pptxJisc
 
BeyondBlended17Oct23.pptx
BeyondBlended17Oct23.pptxBeyondBlended17Oct23.pptx
BeyondBlended17Oct23.pptxJisc
 
Collective Funding Models for OA Books 3 - Thoth presentation.pptx
Collective Funding Models for OA Books 3 - Thoth presentation.pptxCollective Funding Models for OA Books 3 - Thoth presentation.pptx
Collective Funding Models for OA Books 3 - Thoth presentation.pptxJisc
 

More from Jisc (20)

Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptx
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptx
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptx
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptx
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptx
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptx
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptx
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptx
 
ExpertsknightOct23.pptx
ExpertsknightOct23.pptxExpertsknightOct23.pptx
ExpertsknightOct23.pptx
 
BeyondBlended17Oct23.pptx
BeyondBlended17Oct23.pptxBeyondBlended17Oct23.pptx
BeyondBlended17Oct23.pptx
 
Collective Funding Models for OA Books 3 - Thoth presentation.pptx
Collective Funding Models for OA Books 3 - Thoth presentation.pptxCollective Funding Models for OA Books 3 - Thoth presentation.pptx
Collective Funding Models for OA Books 3 - Thoth presentation.pptx
 

Recently uploaded

3.19.24 Urban Uprisings and the Chicago Freedom Movement.pptx
3.19.24 Urban Uprisings and the Chicago Freedom Movement.pptx3.19.24 Urban Uprisings and the Chicago Freedom Movement.pptx
3.19.24 Urban Uprisings and the Chicago Freedom Movement.pptxmary850239
 
General views of Histopathology and step
General views of Histopathology and stepGeneral views of Histopathology and step
General views of Histopathology and stepobaje godwin sunday
 
How to Solve Singleton Error in the Odoo 17
How to Solve Singleton Error in the  Odoo 17How to Solve Singleton Error in the  Odoo 17
How to Solve Singleton Error in the Odoo 17Celine George
 
How to Print Employee Resume in the Odoo 17
How to Print Employee Resume in the Odoo 17How to Print Employee Resume in the Odoo 17
How to Print Employee Resume in the Odoo 17Celine George
 
How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17Celine George
 
NOTES OF DRUGS ACTING ON NERVOUS SYSTEM .pdf
NOTES OF DRUGS ACTING ON NERVOUS SYSTEM .pdfNOTES OF DRUGS ACTING ON NERVOUS SYSTEM .pdf
NOTES OF DRUGS ACTING ON NERVOUS SYSTEM .pdfSumit Tiwari
 
UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?TechSoup
 
Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.raviapr7
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational PhilosophyShuvankar Madhu
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationMJDuyan
 
The Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsThe Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsEugene Lysak
 
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptxSandy Millin
 
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxAUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxiammrhaywood
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICESayali Powar
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfYu Kanazawa / Osaka University
 
How to Filter Blank Lines in Odoo 17 Accounting
How to Filter Blank Lines in Odoo 17 AccountingHow to Filter Blank Lines in Odoo 17 Accounting
How to Filter Blank Lines in Odoo 17 AccountingCeline George
 
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfMaximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfTechSoup
 
M-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptxM-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptxDr. Santhosh Kumar. N
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxKatherine Villaluna
 

Recently uploaded (20)

3.19.24 Urban Uprisings and the Chicago Freedom Movement.pptx
3.19.24 Urban Uprisings and the Chicago Freedom Movement.pptx3.19.24 Urban Uprisings and the Chicago Freedom Movement.pptx
3.19.24 Urban Uprisings and the Chicago Freedom Movement.pptx
 
General views of Histopathology and step
General views of Histopathology and stepGeneral views of Histopathology and step
General views of Histopathology and step
 
How to Solve Singleton Error in the Odoo 17
How to Solve Singleton Error in the  Odoo 17How to Solve Singleton Error in the  Odoo 17
How to Solve Singleton Error in the Odoo 17
 
How to Print Employee Resume in the Odoo 17
How to Print Employee Resume in the Odoo 17How to Print Employee Resume in the Odoo 17
How to Print Employee Resume in the Odoo 17
 
How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17
 
NOTES OF DRUGS ACTING ON NERVOUS SYSTEM .pdf
NOTES OF DRUGS ACTING ON NERVOUS SYSTEM .pdfNOTES OF DRUGS ACTING ON NERVOUS SYSTEM .pdf
NOTES OF DRUGS ACTING ON NERVOUS SYSTEM .pdf
 
UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?
 
Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational Philosophy
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive Education
 
The Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsThe Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George Wells
 
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
 
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxAUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICE
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
 
How to Filter Blank Lines in Odoo 17 Accounting
How to Filter Blank Lines in Odoo 17 AccountingHow to Filter Blank Lines in Odoo 17 Accounting
How to Filter Blank Lines in Odoo 17 Accounting
 
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfMaximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
 
M-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptxM-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptx
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptx
 

Parallel session: trust and identity

  • 1. Parallel session K: Trust and identity Chair: Josh Howlett
  • 2. Please switch your mobile phones to silent 12:45 No fire alarms scheduled. In the event of an alarm, please follow directions of NCC staff Networkshop closes. Light lunch (including ‘grab bag’ option)
  • 3. Update on Jisc’s trust and identity services Simon Cooper, trust and identity operations group, Jisc
  • 4. Agenda »What services are trust and identity? »The four services supported » Update on services and new developments 13/04/2017 Jisc trust and identity services update
  • 5. What services are trust and identity? »The operations group supports: › Assent › Certificate service › Domain registry service › UK Access Management Federation » 1,400 members and customers »A new fifth service… 13/04/2017 Jisc trust and identity services update
  • 6. Assent »Underlying Moonshot technology - RADIUS and SAML »Steady uptake »National Pathfinder project and other big research projects »Developments: › Support for Mac clients, UX development, Dynamic Trust Router »Future - hosting of trust and identity service infrastructures 13/04/2017 Jisc trust and identity services update
  • 7. Certificate service »10 year anniversary and 700 members »Over 90,000 certs issued »Service with QuoVadis since May 2015 › High assurance ExtendedValidation › S/MIME for email signing 13/04/2017 Jisc trust and identity services update
  • 8. Certificate service 13/04/2017 Jisc trust and identity services update
  • 9. Certificate service »Ten year anniversary and 700 members »Over 90,000 certs issued »Service with QuoVadis since May 2015 › High assurance extended validation › S/MIME for email signing »Stability - no procurement for at least 2 years 13/04/2017 Jisc trust and identity services update
  • 10. Domain registry »Registry for all .ac.uk and gov.uk domains »Over 5,000 .ac.uk and 3,000 .gov.uk »Online portal available for all domain owners and registrars »New portal functionality rolled out »ICANN accreditation? 13/04/2017 Jisc trust and identity services update
  • 11. UK Access Management Federation »10 years of operation »4,000 entities and 1,100 members »What’s changed? »What’s next? › Technical enhancements e.g. MDQ and Self-service portal › Support of SIRTFY, CodeOfConduct and Research and scholarship entity category 13/04/2017 Jisc trust and identity services update
  • 12. Liberate – ManagedTrust and identity services IdP »Integrates with Active Directory »Lowers the barrier to adoption of UK AMF, eduroam and Assent »Timescales for launch › piloting with public libraries › beta service in early July »Production service September 2017 »Further info http://ji.sc/managed-idp and liberate@jisc.ac.uk 13/04/2017 Jisc trust and identity services update
  • 13. Trust and identity services »Where are we? › Stable services in place, fully supported › Continuous improvement »How can we be better? › Technical functionality? › Policy? › New products? »Contact point:TrustAndIdentity@jisc.ac.uk 13/04/2017 Jisc trust and identity services update
  • 14. jisc.ac.uk Questions? Simon Cooper Trust & Identity Service Group Manager Email: simon.cooper@jisc.ac.uk Services:TrustAndIdentity@jisc.ac.uk jisc.ac.uk/network/authentication 13/04/2017 Jisc trust and identity services update
  • 16. The National AAAI Pathfinder Pilot A project funded by the Research Councils and JISC to develop a simplified access and user management service for the UK’s research computing community. March 2017
  • 17. Why are we doing this • The UK National eInfrastructure is now in a position to greatly simplify its access control infrastructure to a range of services such as Cloud, data services, HPC and Grid computing • Simplified sign-on reducing need for multiple credentials • Flexible deployment models Assent can be deployed using any model (centralised, distributed, Cloud). • Minimal ongoing management and specific communities are able to manage it themselves. • Standards based – all protocols are international (IETF) standards
  • 18. Benefits for research communities • More applications and services to be accessed via a federated identity. Assent extends the range of applications and services that can consume federated identity and improves the security of your services by controlling access to resources. • Lower operational costs by using existing infrastructure to unify all of our trust technologies and drive down operational costs. This reduces the cost and time to create new services and minimises the administration associated with providing secure user access to resources. • Builds on existing technologies. Assent builds on the existing technologies that underpin eduroam and the UK Access Management Federation services. • The UK to federate efficiently with non-UK and International projects that use other access control technologies such as X509 certificates. The need for federated identity management to support research and promote collaborations is widely recognised
  • 19. Pathfinder AAAI Project - Sep 2016 to June 2017 Jisc’s Assent service, to provide users with a common, single sign on mechanism that integrates with institutional identity management systems to confirm a researcher’s identity; and its peer systems overseas. Existing virtual organisation (VO) systems, such as the EPPC’s SAFE management infrastructure. A High Assurance Network and two-factor authentication, where appropriate, for secure data access and transport e.g. JISC’s SafeShare service. The outputs will be secure and very secure versions of a common AAAI application which integrates Assent and SAFE. This will also be able to federate with SAML and X.509 identity management systems which is a requirement for international collaborations.
  • 20. • A series of Pilots will produce common prototype applications and services that facilitate the Authentication, Authorisation and Accounting Infrastructure (AAAI) • These Pilots will demonstrate • Successful use of a common AAAI in the field for Engineering, Physical Sciences and Medical Health research • Successful use of a common AAAI in the context of HEI service delivery • Successful use of a common AAAI when federating with international services and research projects • This common AAAI will include services to facilitate secure data access for health, government and business data. • A technical architecture and business case will be produced to construct and operate a National AAAI Service, which will facilitate a common AAAI for all NeI Projects in the RCUK domain. It will enable secure access and use by third parties such as Government and Business.
  • 21. What is it made of? • Users will be provided with a common interface and single-sign-on features. • This will use institutional HR data to confirm a researcher’s identity • This is the Jisc Assent Service. • We are leveraging existing virtual organisation systems such as the National Service SAFE management infrastructure. • Data and resources can be securely shared between projects irrespective of researcher location. • Where information security is paramount, such as health and government records, data are automatically encrypted prior to transfer. • This is the JISC Safe Share project. • Opens door to integration of main NeI projects • Single Sign on: Removes a major barrier to access for users • Enables hardware to be shared across domains • From a service provider perspective this encourages aggregation and pooling of resources • Allows cloud and data services to work effectively, efficiency and appropriately • You know who I am, what I can do, how I’ll be measured, and where I live • In addition, the EPCC SAFE framework provides the complementary capabilities of accounting and resource management of computing facilities. This makes it ideal for this pilot • The related Jisc Safe Share project will soon provide a Higher Assurance Network and support two-factor authentication for projects requiring additional security.
  • 22. How Assent Works – think eduroam and radius server…
  • 23. Meet the team • Josh Howlett, Jeremy Yates, Jacky Pallas, Kostas Kavoussanakis, Stephen Booth, Richard Sanders, Gareth Francis, Stefan Paetow, Lydia Heck, Stuart Rankin, David Fergusson, Bruno Silva, Stephen Young, Dugan Witherick, Jens Jensen, Alan Real, Andrew Sansum, Mark Parsons • JISC, EPCC, RAL, Durham, eMedLab, Sanger, QMUL, Cambridge, Oxford, Crick
  • 24. Work Packages 1. Work package 1: Integration of SAFE with Assent 2. Work package 2: Local deployment pilot 3. Work package 3: Assent integration with Virtual Organisation infrastructure 4. Work package 4: Productisation
  • 25. Outputs 1. A pilot AAAI infrastructure comprising multiple sites and projects, built on existing assets and capabilities, tested in the following production settings: • A University HPC ecosystem – University of Oxford • A Regional HPC ecosystem – N8 • A national HPC ecosystem – DiRAC • A Secure Ecosystem – eMedLab 2. Demonstration of interoperability with other non-SAFE and non-Assent technologies. This is necessary for gaining access to non-UK resources e.g. wLCG, Elixir, EGI, EUDAT, PRACE. 3. A route towards productisation of the outputs and findings of the pathfinder through a Technical Architecture and a Business Case for a future national AAAI.
  • 26. Milestones Reporting Point: Month End Work Package Outputs 2 WP1.1 Setting up Assent for use at eMedLab, N8 and DiRAC 3 WP1.2 Identity Provider service prototype completed. Report on use at DiRAC site 2 WP1.3 Prototype Application that combines SAFE and Assent, Report on use at eMedLab & N8 5 WP2 WP2: Report on Application of SAFE to managing projects at local HPC facilities 5 WP3.1 WP3.1: Prototype SAFE+Assent that can use SAML. This will allow Virtual Organisations to manage authorisation for Assent-based authentication. 8 WP3.2 WP3.2: Construct a working API that will bridge Assent with other authentication technologies, such as X.509. Report on 3.1 and 3.2 progress. Final Report 10 WP4.1 and WP4.2 Technical Architecture and Business Case for proposed National AAAI Service
  • 27. Progress (March 2017) Work Package Progress What this means WP 1.1 Completed Set up Assent at Durham and Edinburgh. Integrated SAFE and Assent and tested at Durham WP 1.2 Completed Assent IdP set up by EPCC. Can generate attributes without reference to HEIs. Helpful for non academic users WP 1.3 Delayed Testing Assent and SAFE in a secure environment and on an OpenStack system; eMedLab, Crick, QMUL, Sanger are installing Assent, OSP upgrade delayed testing until May 2017 WP 2 Will start in May 17 Use Assent and SAFE in a HEI environment WP 3.1 Completed DiRAC SAFE can provide user attributes to Assent. OpenSAML attribute authority was linked to SAFE database and can be linked to Assent WP 3.2 Started March 24th Deliver a credential conversion service that enables users with sufficiently high levels of assurance (through their Assent IdP) to obtain a certificate from an IGTF CA WP 4.1, WP4.2 Started Consultation on business model with NeI PDG and HPC-SIG members
  • 28. Other Opportunities • Possible test project with Elixir (WP 3.2) • Possible test project with the Hartree Centre (WP1.2) • Possible test project with AWS (WP3.1) • Possible test project with a second Openstack service (MRC CLIMB WP3.1)
  • 29. Proposed architecture • A composite of three separate but complementary capabilities • SafeShare • Provides high assurance connectivity using encrypted tunnels • Imminent launch of Jisc service • Assent • Provides secure federated authentication & attributes • A Jisc service with 20 member organisations • SAFE • Provides accounting, reporting, and resource management • Software provided by EPCC, some of it supported by funding from Jisc • A composite service does not have composite users! • How can we construct a coherent proposition, such that the different stakeholders can deploy and use the respective services without resulting in confusion?
  • 30. Developing the Business Case • SAFE delivery model 1. Would users of SAFE prefer to consume it as packaged software, or as Software as a Service, or both? • Ancillary capabilities 2. For each delivery model, what ancillary capabilities might be desirable? • Packaged software: software development, deployment consultancy • SaaS: ??? • Both: technical support, project management • Sustainability • Assent is currently funded by Jisc • SafeShare will be funded by its users through a separate service subscription • “SAFE as packaged software” probably implies some form of centralised funding; “SAFE as SaaS” allows for a subscription model 3. How should a composite service be funded?
  • 31. Summary • Seven Research Councils and JISC have committed funding and resource to a National AAAI Pathfinder Pilot • Benefits to the research community include simplified sign-on (users) and streamlined user management (infrastructure providers) • The pilot integrates existing services and software and is testing this in a range of environments • University, regional resource, private cloud, industry, international links • Scale-up and sustainability addressed through a robust evaluation of a business case
  • 33. Better together! Kiara Wierenga, Geant 13/04/2017Infrastructure Division Update