refeds met, peer and mdui presentation
DESCRIPTION
Presentation to REFEDS Bof at APAN33 by Nicole Harris.TRANSCRIPT
![Page 1: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/1.jpg)
What is REFEDS Interested In?
Nicole Harris UK Access Management Focus, JISC Advance
@nicoleharrisSlides: http://www.slideshare.net/nicolevharris
![Page 2: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/2.jpg)
Me
• UK Access Management Focus;• Advisor to UK federation;• REFEDS Coordinator;• PEER Project Manager;• Shibboleth Consortium Manager;• Generally opinionated about access and identity.
![Page 3: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/3.jpg)
What does the R&E Federation space look like?
![Page 4: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/4.jpg)
R&E Federations Status (1)
![Page 5: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/5.jpg)
R&E Federations Status (2)
• 27 Federations plus 2 confederations.• 4753 entities within those federations.• 1815 Identity Providers. • 2755 Service Providers. • Plus several ‘others’ (don’t worry about it).
(November 2011)
![Page 6: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/6.jpg)
Top resources?
• In 14 federations: – Czech Medical Atlas and Microsoft Dreamspark.
• In 12: – Web of Knowledge, Scopus, ScienceDirect.
• In 11: – IEEE, EBSCO.
• In 10: – Springer, OVID.
![Page 7: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/7.jpg)
So it’s all working, right?
![Page 8: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/8.jpg)
For SPs, Federation SucksI know because I wrote a paper on it!
![Page 9: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/9.jpg)
Barriers
• Multiple registry of entity data. • Multiple legal documents. • One-off clauses.• Interpretation of data protection. • Sponsorship letters.• Fees.• Technical Barriers.
https://refeds.terena.org/index.php/Barriers_for_Service_Providers
![Page 10: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/10.jpg)
Registering Entity Data
• Federations are just big metadata (xml) files.• Entity = your chunk of that data. • It goes a bit like this:
![Page 11: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/11.jpg)
How does it work?
Federation A
Federation B
Federation C
You
![Page 12: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/12.jpg)
What we need is a place where this can be centrally registered and then called on by federations…
![Page 13: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/13.jpg)
PEER
http://beta.terena-peer.yaco.es/
![Page 14: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/14.jpg)
Legal Contracts
![Page 15: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/15.jpg)
Wouldn’t it be great if these were standardised and simplified?
![Page 16: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/16.jpg)
REFEDs Policy Review
• Painstakingly taking apart every clause in every federation policy.
• Mapping these to generic content ‘blocks’ and ‘elements’ within each block.
• Making recommendations about structure and unnecessary language.
• NOT a legal review.
![Page 17: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/17.jpg)
Isn’t there an easier way?
![Page 18: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/18.jpg)
Full Interfederation
• The ability of federations to exchange metadata about their entities.
• Normally an additional legal agreement between the 2 federations.
• Full technical and policy integration. • Bi-lateral (UK and Edugate) or via groups
(eduGain and Kalmar2).
![Page 19: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/19.jpg)
eduGain (1)
www.edugain.org
![Page 20: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/20.jpg)
eduGain (2) – Drawbacks
• At least one of the federations you are a member of needs to have signed up for eduGain.
• Opt-in: you have to ask to be included in an aggregate.
• Not always clear which entities are interfederated – are your customers there?
![Page 21: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/21.jpg)
eduGain (3) Benefits
• Only have to have a relationship with 1 federation.
• Technically, as an SP, you can chose with federation that is.
![Page 22: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/22.jpg)
A quick note on Barriers to Users
![Page 23: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/23.jpg)
Login Interfaces Suck I know this because I’ve tried to use them
![Page 24: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/24.jpg)
How Bad?
![Page 25: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/25.jpg)
New UK federation WAYF
![Page 26: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/26.jpg)
Foodle and DiscoJuice
![Page 27: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/27.jpg)
MDUI
• Currently being used by DiscoJuice and Shibboleth Embedded Discovery Service / Central Discovery Service.
• OASIS Standard for IdP Discovery: – http://docs.oasis-open.org/security/saml/
Post2.0/sstc-saml-idp-discovery.pdf.
![Page 28: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/28.jpg)
MDUI for SPs (Shibboleth Recs)
Non Logo elements• <mdui:DisplayName>Recommended required
<mdui:Description>Recommended 100 chars max • <mdui:Keywords> Not used • <mdui:InformationURL> Available • <mdui:PrivacyStatementURL> Available
Logo elements• Shibboleth - must be specified using an HTTPS URL • Shibboleth - logo size should be between 64px by 350px wide and 64px by
146px high • Shibboleth - logos should have transparent backgrounds • Shibboleth - logos look better if they have a landscape rather than a
portrait aspect ratio
https://refeds.terena.org/index.php/MDUI_-_Software_recommendations
![Page 29: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/29.jpg)
MDUI for IdPs (Shibboleth Recs)
Non Logo elements<mdui:DisplayName>Recommended, 33 chars max Strongly recomended <mdui:Description> Supporting the Display Name function with more details<mdui:Keywords> Used Used for incremental search <mdui:InformationURL> Not used at present<mdui:PrivacyStatementURL>Not used at present – see Attribute WG recs <mdui:IPHint>Not used Planned for future release <mdui:DomainHint> Not used Planned for future release <mdui:GeolocationHint> Not used Heavily used. Strongly recomended.
Logo elements• Shibboleth - The URL specifying the logo must be https protected. • Shibboleth - One logo should be provided of size approximately 80px(width) by 60px (height). A larger
logo may be provided but the aspect ratio should be maintained (logos are selected based on apsect ration).
• Shibboleth - One logo should be provided of size 16px by 16px. • Shibboleth - Logo backgrounds should be transparent.
https://refeds.terena.org/index.php/MDUI_-_Software_recommendations
![Page 30: REFEDS MET, PEER and MDUI Presentation](https://reader035.vdocument.in/reader035/viewer/2022070302/5483d27db4af9fcd6b8b45ba/html5/thumbnails/30.jpg)
Thank you for listening