CHALLENGES AND
OPPORTUNITIES FOR
RESEARCHERS
APAN 41 – TF-IAM
27 January 2016
Why Does Federated Identity
Management Matter to Researchers?
• Researchers need to collaborate globally as part of Virtual
Organizations (VOs)
• Funding may come from around the world
• Solving the “Buried Scholar” problem
• Improve the reputation of both the campus and the researcher by
having a campus-branded identity
• More efficiently allocate resources by having federated identity as a
campus service, rather than having individual research
departments build this on their own
• Researchers are asking for this!
Research on Researcher Needs
• Original FIM4R paper in 2012 described a set of
recommendations to the research communities,
technology providers, and funding agencies
• The core use cases came from large research organizations with
funding
https://cdsweb.cern.ch/record/1442597
• The “Advancing Technologies and Federated
Communities”, also in 2012, described a set of
recommendations around technology, policy, funding, and
legal issues.
• A more generalized approach than the FIM paper, but the
recommendations are largely the same
https://www.terena.org/publications/files/2012-AAA-Study-report-final.pdf
Findings Summarized
• Federated technologies are good. Take advantage of
them.
• The infrastructure needs to be improved to take
advantage of federated technologies. Do it.
• Relying on the older models of local account creation and
IP-based ACLs is easier. This is a very limited view. Stop
it.
• If you can’t fix it all yourself (and you can’t), facilitate the
efforts of groups that can. Build relationships, target your
spending or funding to make the biggest impact.
Researchers and VOs
• Researchers often collaborate as part of larger non-legal
entities
• Those non-legal entities, VOs, have few resources to
support full identity management systems
• VOs are looking to depend on federated identity, with
researcher information managed at the researcher’s
home institution
Problems Persist
• Progress is slow in addressing the findings of FIM4R
• Remember:
• a VO is often not a legal entity in and of itself – so who could sign any
kind of legal agreement to participate in a federation?
• implementing federation involves a learning curve to properly
implement things like single sign on (SSO) – who handles that within
the VO?
• not all participants will even be a member of an institution that is part
of a federation – how can they be brought on-board?
• VOs are the test case that expands into discussing federation
outside of academia.
• Need to make the story of federation more compelling to VOs.
Campuses can start by establishing identity management
systems, joining federations, and RELEASING ATTRIBUTES.
Tools and Services
• Collaboration Management Systems
• Perun – http://perun.cesnet.cz/web/
• OpenConext – https://www.openconext.org
• COmanage – http://www.internet2.edu/products-services/trust-identitymiddleware/comanage/
• Video conferencing with support for SAML
• BigBlueButton - http://bigbluebutton.org/
• WebEx – http://www.webex.com
• Jitsi Meet - https://jitsi.org/Projects/JitsiMeet
• Wikis with support for SAML
• Confluence - https://www.atlassian.com/software/confluence
• Dokuwiki - https://www.dokuwiki.org/dokuwiki
• Trac - http://trac.edgewall.org/wiki/TracWiki
• Software Development
• Jenkins - https://wiki.jenkins-ci.org/display/JENKINS/Meet+Jenkins
• JFrog Artifactory https://www.jfrog.com/confluence/display/RTF/Welcome+to+Artifactory
• GitHub – https://www.github.com
• There are more. Lots more. Progress is being made here.
• But remember, all these tools and services require attributes...