Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Exchanging Metadata on a Global Scale                                        1
Me•   UK Access Management Focus;•   Advisor to UK federation;•   REFEDS Coordinator;•   PEER Project Manager;•   Shibbole...
R&E Federations Status (1)                             3
R&E Federations Status (2)•   27 Federations plus 2 interfederations.•   4753 entities within those federations.•   1815 I...
So it’s all working, right?                              5
For SPs, Federation Sucks I know because I wrote a paper on it!                                         6
Barriers•   Multiple registry (and publication) of entity data.•   Multiple legal documents.•   One-off clauses.•   Interp...
Registering Entity Data• Federations are just big metadata (xml) files.• Entity = your chunk of that data.• It goes a bit ...
How does it work?Federation AFederation B                        YouFederation C                                   9
What we need is a place where this can be centrally registered and                then called on by federations…          ...
PEERhttp://beta.terena-peer.yaco.es/                                          11
PEER (2)• Allows for one time registration of entity data.• Federations collect from central pool.• Federations transform ...
Full Interfederation• The ability of federations to exchange metadata about their  entities.• Normally an additional legal...
eduGain (1)www.edugain.org                               14
eduGain (2) – Drawbacks• At least one of the federations you are a member of needs  to have signed up for eduGain.• Opt-in...
eduGain (3) Benefits• Only have to have a relationship with 1 federation.• Technically, as an SP, you can chose which fede...
Value Proposition• Metadata Exchange (MDX) means a bigger pool of  metadata for all;• Broadens reach of existing federatio...
So, how do we manage this stuff?• My entity descriptor doesn’t look like your entity descriptor.• You want me to put this ...
Export OptionsWe could give you….• Our production aggregate (you filter);• An export aggregate per partner federation;• Co...
Import OptionsAdding to our metadata:• End entity loads from multiple federations (you sort it  out);• Republish multiple ...
Shibboleth Metadata Aggregator                                 21
In Summary• It’s hard;• There are multiple ways - both technical and legal;• Standards aren’t enough, we need common pract...
Thanks for listening                       23
Prochain SlideShare
Chargement dans…5
×

Exchanging Metadata on a Global Scale

1 826 vues

Publié le

Presentation on metadata exchange to EIC2012

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Exchanging Metadata on a Global Scale

  1. 1. Exchanging Metadata on a Global Scale 1
  2. 2. Me• UK Access Management Focus;• Advisor to UK federation;• REFEDS Coordinator;• PEER Project Manager;• Shibboleth Consortium Manager;• Generally opinionated about access and identity. 2
  3. 3. R&E Federations Status (1) 3
  4. 4. R&E Federations Status (2)• 27 Federations plus 2 interfederations.• 4753 entities within those federations.• 1815 Identity Providers.• 2755 Service Providers.• Plus several ‘others’ (don’t worry about it). (September 2011) (I haven’t counted for a while)…but many of those entities are the same!• Microsoft registered with 14 federations.• Elsevier, 12 federations. 4
  5. 5. So it’s all working, right? 5
  6. 6. For SPs, Federation Sucks I know because I wrote a paper on it! 6
  7. 7. Barriers• Multiple registry (and publication) of entity data.• Multiple legal documents.• One-off clauses.• Interpretation of data protection.• Sponsorship letters.• Fees.• Technical Barriers.https://refeds.terena.org/index.php/Barriers_for_Service_Providers 7
  8. 8. Registering Entity Data• Federations are just big metadata (xml) files.• Entity = your chunk of that data.• It goes a bit like this: 8
  9. 9. How does it work?Federation AFederation B YouFederation C 9
  10. 10. What we need is a place where this can be centrally registered and then called on by federations… 10
  11. 11. PEERhttp://beta.terena-peer.yaco.es/ 11
  12. 12. PEER (2)• Allows for one time registration of entity data.• Federations collect from central pool.• Federations transform and adapt entity data according to their requirements.• Technical trust only.• Ongoing legal requirements at federations? 12
  13. 13. Full Interfederation• The ability of federations to exchange metadata about their entities.• Normally an additional legal agreement between the 2 federations.• Full technical and policy integration. 13
  14. 14. eduGain (1)www.edugain.org 14
  15. 15. eduGain (2) – Drawbacks• At least one of the federations you are a member of needs to have signed up for eduGain.• Opt-in: you have to ask to be included in an aggregate.• Not always clear which entities are interfederated – are your customers there? 15
  16. 16. eduGain (3) Benefits• Only have to have a relationship with 1 federation.• Technically, as an SP, you can chose which federation that is. 16
  17. 17. Value Proposition• Metadata Exchange (MDX) means a bigger pool of metadata for all;• Broadens reach of existing federations;• Increases value of federated login in general;• Reduced friction for entities who work internationally;• Reduced cost of acquisition for metadata;• (balanced against revenue loss if you charge). 17
  18. 18. So, how do we manage this stuff?• My entity descriptor doesn’t look like your entity descriptor.• You want me to put this foreign stuff in my nice clean metadata export?• Your metadata comes with weird requirements (copyright notice). 18
  19. 19. Export OptionsWe could give you….• Our production aggregate (you filter);• An export aggregate per partner federation;• Common export aggregate. 19
  20. 20. Import OptionsAdding to our metadata:• End entity loads from multiple federations (you sort it out);• Republish multiple exported aggregates (which do you consume?);• Republish consolidated exported aggregate;• Republish within production aggregate; – as flat aggregate; – as hierarchical aggregate. 20
  21. 21. Shibboleth Metadata Aggregator 21
  22. 22. In Summary• It’s hard;• There are multiple ways - both technical and legal;• Standards aren’t enough, we need common practise;• It’s confusing to explain to the people who need it;• We need to adopt new tools to make this happen. 22
  23. 23. Thanks for listening 23

×