Versions Compared

Old Version 68

changes.mady.by.user Raoul Teeuwen

Saved on

compared with

New Version 69

changes.mady.by.user Raoul Teeuwen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • It provides more reliability
    • As a service / resource you have certainty about the identity
    • If an employee leaves an organisation and may therefore no longer have access to a service / resource, federative authentication ensures that access is no longer possible.
  • It ensures scalability
    • As a service / resource you have no / less work on creating an account, supporting users who forget their password etc
  • It increases security
    • Users can use their (strong) settings institutional password and do not have 'another' account and password to manage
    • Users only have to enter their password on the institutional-login screen known to them (the fewer deviating screens ask for passwords, the less sensitive users are for phishing)
  • It ensures user-friendliness
    • Users don't need to manage extra user accounts and passwords, they can re-use the already known institutional account 

UK JISC has created a video about federated identity:

Image Added

The European AARC-project has a training-module on what a identity federation is and what its advantages are: 1. AAI Overview.pdf. More information can be found at these websites: Federation-101 and Training for service providers. See also the advantages for IdP's, SP's and users as listed for SURFconext.

...

Will this be a SURF service?

SURF is conducting the has conducted pilots to also answer this question. In this way, after the pilots, we can draw conclusions about the functionalities: does the SCZ actually solve these problems? We also have a better idea of the feasibility to offer this centrally and if so including the costs (in equipment and people) that are needed to offer such a central infrastructure. In the summer of 2019 we will decide on this based on the experiences with the pilots. Naturally, the pilot partners have considerable influence on this process. Should it be decided not to offer the SCZ as a service, we will enter into a phase-out process with each pilot partner, for example SURF can help transfer the infrastructure to a local copy an institution can run locally.

As we're always looking for an efficient way to deliver services, we keep a close eye on international developments. Due to our international relations and activities, we know GÉANT is gearing up a new service, eduTEAMS. Both our teams have been sharing a lot of knowledge, and there are a lot of similarities. We will investigate whether and how we can use eduTEAMS. A nice feature is eduTEAMS also offers Hexaa and Perun as alternative Membership Management Services to COmanage (GÉANT has a comparison of the 3 systems).

Mailinglist

We have a mailing list for this project. Feel free to sign up for that list via https://list.surfnet.nl/mailman/listinfo/projectscz-fiam . An archive of previously shared messages can be found via https://list.surfnet.nl/mailman/private/projectscz-fiam . Interested? Questions? Suggestions? Mail with Raoul Teeuwen ( raoul.teeuwen@surfnet.nl ). 

If you find the SURFnet SCZ mailinglist interesting, you might also be interested in the following:

"Following some community interest, a new (not COmanage specific) list has been established: cmp-discuss. This is a discussion group for any technologies, policies, or use cases associated with collaboration management platforms, and especially general (non-product specific) topics or topics crossing multiple technologies.

You can join and manage your subscription here: https://groups.google.com/forum/#!aboutgroup/cmp-discuss

(The list was set up as a Google Group to avoid associations with any particular project or community.)"

Planning / timeline / status

In June 2017 phase 1 of the project was completed, and phase 2 started. In phase 1, use cases were drawn up and coordinated with a number of cooperative organisations, an architecture was drawn up and needs were assessed. Phase 2, which runs from until the 2nd quarter of 2010, is dedicated to realising the various components and gaining experience through pilots.

SCZ phase 2 focuses on:

...

Building a largest-commoner service for use cases and pilots.

...

Building the SCZ technical infrastructure

...

Drafting the SCZ policy.

...

Testing the SCZ technical infrastructure and policy on the described use cases.

...

Acquiring experience with the SCZ through pilot projects with institutions

 In May 2019 representatives of institutions advised to develop SCZ into a production ready service. Due to our international relations and activities, we know GÉANT has been gearing up a new service, eduTEAMS. Both our teams have been sharing a lot of knowledge, and there are a lot of similarities. We intend to use eduTEAMS as part of our service offering to Dutch research collaborations. A nice feature is eduTEAMS also offers Hexaa and Perun as alternative Membership Management Services to COmanage (GÉANT has a comparison of the 3 systems).

Mailinglist

We have a mailing list for this project. Feel free to sign up for that list via https://list.surfnet.nl/mailman/listinfo/projectscz-fiam . An archive of previously shared messages can be found via https://list.surfnet.nl/mailman/private/projectscz-fiam . Interested? Questions? Suggestions? Mail with Raoul Teeuwen ( raoul.teeuwen@surfnet.nl ). 

If you find the SURFnet SCZ mailinglist interesting, you might also be interested in the following:

"Following some community interest, a new (not COmanage specific) list has been established: cmp-discuss. This is a discussion group for any technologies, policies, or use cases associated with collaboration management platforms, and especially general (non-product specific) topics or topics crossing multiple technologies.

You can join and manage your subscription here: https://groups.google.com/forum/#!aboutgroup/cmp-discuss

(The list was set up as a Google Group to avoid associations with any particular project or community.)"

Planning / timeline / status

In June 2017 phase 1 of the project was completed. Phase 2 ended in May 2019 with institutions advising to develop the result of project SCZ to a production ready service. In phase 1, use cases were drawn up and coordinated with a number of cooperative organisations, an architecture was drawn up and needs were assessed. In phase 2 was dedicated to realising the various components and gaining experience through pilots. 

SCZ phase 3 focuses on creating a production ready services, which includes deciding on a software stack, setting up that stack, contracting sub contractors, having experts conduct code audits/penetration tests, draft relevant contract texts/AUPs etc, design and implement support processes etc

...

Schedule

  • Aug / Sep 2017 - Establish pilot environment
  • Oct / Nov 2017 - Connecting backend systems
  • Oct / Nov 2017 - Set up and test deployment flows
  • Oct-Dec 2017 - Set up and fine-tune access for external people / guests / etc
  • Dec 2017 - Jun 2019 - Pilot with the pilot environment:
    • Access for "ordinary" (pilot) users
    • Finetuning flows
    • Connect more services
    • Develop the platform
  • Jun 2019 - mid 2020 - SCZ phase 3 (service development)

...