shared it solutions: the secret sauce for research collaboration
DESCRIPTION
A presentation for the Shared Services for Post-Secondaries session at the 2014 Cyber Summit by Wendy Petersen, Program Manager, Canadian Access Federation, at CANARIE.TRANSCRIPT
C Y B E R S U M M I T S E P T E M B E R 2 4 , 2 0 1 4
W E N D Y P E T E R S E N
P R O G R A M M A N A G E R , C A N A D I A N A C C E S S F E D E R A T I O N ( C A F )
Shared IT Solutions: The Secret Sauce for Research Collaboration
Research Collaborations at Scale
BigBrain 340 Researchers 20 Teams
8000 Citizen scientists 180 Countries
17 Countries
LIGO 50 Institutions 1000 Researchers
Collaboration Challenges
• Need secure, scalable authentication and authorization solution • Data accuracy • Users want SSO
Solution: Identity Federation
Federated Identity Model
Institutions / Identity Providers Service Providers
Users
6
Making CAF Work for Your Researchers 7
1. Get ready for CAF 2. Join CAF 3. Create an IdP server, connect it to internal IDM
system 4. Release user attributes
Personal Data in Exchange for Online Services
Personal data: contains information relating to an identified or identifiable natural person (e.g. name, email, affiliation) � Used to grant or deny access to an online service � “Who you are” is not as important as “what you are entitled
to” � “Attribute” is a piece of personal data (e.g. first name)
Why Release User Attributes?
Attributes released
Line at which releasing more attributes no longer increases service value!
Preparing for CAF
ü Executive sponsorship ü Reliable IDM interface ü Privacy policy ü User attribute release
policy and approval process
ü Resources available
Join CAF
Submit 1. CAF Application 2. Participation Agreement 3. Trust Assertion Document
Set-up an IdP Server
Your IDM Environment
CAF IdP Server
• Install and configure Shibboleth IdP software (Use IdP Installer tool from CANARIE)
IdP Installer Tool
Features � Choose to connect to eduroam, Federated SSO or
both � Questionnaire at the beginning of the installation � Create new configuration or import existing
configuration Benefits • Faster IdP server setup • Hides technical complexity
Challenge for Research Collaboration Teams
ü User authenticated X No attributes sent
X No attributes = no access
Now what?? Who do I call? Result: add user directly to research platform
Making CAF Work for Researchers
� Release user attributes ¡ Pre-approve a minimum attribute set for all services
¡ Attribute release policy per service category
¡ Attribute release approval process
¡ Communicate to researchers