![Page 1: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/1.jpg)
Belnet FederationBelnet – Loriau Nicolas
Brussels – 12th of June 2014
![Page 2: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/2.jpg)
Agenda
• Presentation of Belnet R&E federation
• IdPs / SPs / DS
• Technical framework
• eduGAIN
• Belnet Federation services• Antispam Pro
• Mconf
• Filesender
• Viabel.net
• Personal Certificate
12/06/2014 Workshop Belnet R&E Federation 2
![Page 3: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/3.jpg)
Belnet R&E Federation
![Page 4: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/4.jpg)
4
Belnet R&E Federation
What is a federation?
Why a federation?
“Evolving to streamlined access for web services”
12/06/2014 Workshop Belnet R&E Federation 4
![Page 5: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/5.jpg)
What is a federation?
“A federation is an association of organizations that use a common
set of attributes, practices and policies to exchange information
about their users and resources in order to enable collaboration
and transactions”
(www.Incommon.org, Internet2, 2012)
12/06/2014 Workshop Belnet R&E Federation 5
![Page 6: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/6.jpg)
6
What is Belnet R&E Federation
Identity & Access Management
Research &Education
Community
IdentityProviders
Federated Partners CommercialNon-profit
GovernmentAgencies
OtherFederations
ServiceProviders
12/06/2014 Workshop Belnet R&E Federation 6
![Page 7: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/7.jpg)
7
What is Belnet R&E Federation
7
Identity & Access Management
Research &Education
Community
IdentityProviders
Federated Partners
ServiceProviders
Administration?
Legal?
Technical?
TrustedMediator
12/06/2014 Workshop Belnet R&E Federation 7
![Page 8: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/8.jpg)
8
What is Belnet R&E Federation
8
Identity & Access Management
Research &Education
Community
IdentityProviders
Federated Partners
ServiceProviders
TrustedMediator
12/06/2014 Workshop Belnet R&E Federation 8
![Page 9: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/9.jpg)
9
Why use a federation? - Philosophy
- Technical aspect
Let us briefly go back in time, when:- users were still new to the network
- security & privacy concerns were minimal
Why: Belnet R&E Federation
12/06/2014 Workshop Belnet R&E Federation 9
![Page 10: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/10.jpg)
LAN
10
Why: Belnet R&E Federation
User = johnPwd = abc123
User = janePwd = abc456
User = jdoe1Pwd = def123
User = jdoe2Pwd = def456
User = johndoePwd = ghi123
User = jd456Pwd = jkl123
User = john456Pwd = mno123
User = jd123Pwd = pqr123
User = jdoePwd = ghi456
User = jd123Pwd = jkl456
User = jane123Pwd = mno456
User = jd456Pwd = pqr456
1991
12/06/2014 Workshop Belnet R&E Federation 10
![Page 11: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/11.jpg)
11
Why: Belnet R&E Federation
User = johnPwd = abc123Birth dateHome address…
User = jdoePwd = def123Birth dateHome address…
User = johnPwd = abc123Birth dateHome address
User = jdoePwd = def123Birth dateHome address
User = jdoePwd = def123Birth date
User = johnPwd = abc123Birth date
12/06/2014 Workshop Belnet R&E Federation 11
![Page 12: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/12.jpg)
12
Why: Belnet R&E Federation
2001
12/06/2014 Workshop Belnet R&E Federation 12
![Page 13: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/13.jpg)
13
Why: Belnet R&E Federation
Identity & Access Management
Role-BasedAccesControl
Add Mod Del
One account& passwordper user
2001
12/06/2014 Workshop Belnet R&E Federation 13
![Page 14: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/14.jpg)
The Cloud
14
Why: Belnet R&E Federation
SoftwareasaService
20142014 or
1991?User = john
Pwd = abc123
User = janePwd = abc456
User = jdoe1Pwd = def123
User = jdoe2Pwd = def456
User = johndoePwd = ghi123
User = jd456Pwd = jkl123
User = john456Pwd = mno123
User = jd123Pwd = pqr123
User = jdoePwd = ghi456
User = jd123Pwd = jkl456
User = jane123Pwd = mno456
User = jd456Pwd = pqr456
12/06/2014 Workshop Belnet R&E Federation 14
![Page 15: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/15.jpg)
15
Why: Belnet R&E Federation
15
Identity & Access Management
ServiceProvider 1
ServiceProvider 2
IdentityProvider 1
IdentityProvider 2
One agreement
One language:SAML2
1-timesetup
1-timesetup
“Evolving to streamlined access for web services”
One account& passwordper user
Identity & Access
Management
Identity & Access
Management
12/06/2014 Workshop Belnet R&E Federation 15
![Page 16: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/16.jpg)
Actors of a federation
![Page 17: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/17.jpg)
Identity Providers
Workshop Belnet R&E Federation12/06/2014 19
![Page 18: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/18.jpg)
Service Providers
Workshop Belnet R&E Federation12/06/2014 21
![Page 19: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/19.jpg)
Discovery service
Workshop Belnet R&E Federation12/06/2014 22
![Page 20: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/20.jpg)
Benefits
• For IdP:• Access to wider range of services than available locally
• No extra administrative burden if you are already participating in a
federation
• One user name and password
• For SP:• Grow your audience
• Lower costs per user
• No local user database
12/06/2014 Workshop Belnet R&E Federation 23
![Page 21: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/21.jpg)
Technical framework
![Page 22: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/22.jpg)
Software Components
Identity Provider– Hosted on systems of organisation
– Shibboleth IdP
– simpleSAMLphp
– Verifies user’s credentials (username/password):Bridge between Federation and user database
– Knows user attributes, implements the attribute release policy
12/06/2014 Workshop Belnet R&E Federation 25
![Page 23: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/23.jpg)
Software Components
Service Provider– Shibboleth SP
– simpleSAMLphp
– Integrates with IIS and/or Apache
12/06/2014 Workshop Belnet R&E Federation 26
![Page 24: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/24.jpg)
Attributes
All relevant information about user:− Name, First name, date of birth, …
− Role (student, staff, alumni, …)
− Email address, anonymized ID, …
Stored on LDAP or AD
Attribute Release Policy− Only a few attributes required to join the Federation
− The IdP decides how and to whom to release attributes
− Respect of the privacy of users
12/06/2014 Workshop Belnet R&E Federation 27
![Page 25: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/25.jpg)
Authentication process
Identity Provider Service Provider
User
1
2
34
5
6
7
8
12/06/2014 Workshop Belnet R&E Federation 28
![Page 26: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/26.jpg)
Metadata
• What's in the metadata− Mandatory!
− Who are the IdPs?
− Who are the SPs?
− What are their URLs and certificates
− Organisation and Technical Contact
12/06/2014 Workshop Belnet R&E Federation 32
![Page 27: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/27.jpg)
Metadata
• Entity metadata vs. Federation metadata − Entity metadata:
− for single IdP or SP
− Federation metadata:− aggregation of entity metadata
− for all IdPs and SPs in the Federation
12/06/2014 Workshop Belnet R&E Federation 33
![Page 28: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/28.jpg)
eduGAIN
![Page 29: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/29.jpg)
eduGAIN
12/06/2014 Workshop Belnet R&E Federation 35
![Page 30: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/30.jpg)
eduGAIN
• Interconnecting federations
• Metadata Service : aggregates and pushes
12/06/2014 Workshop Belnet R&E Federation 36
![Page 31: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/31.jpg)
eduGAIN
• Extends the portfolio of services
• Extends the audience
• To get access to eduGAIN, you need to request it
12/06/2014 Workshop Belnet R&E Federation 37
![Page 32: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/32.jpg)
Belnet Federation services
![Page 33: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/33.jpg)
Antispam Pro
12/06/2014 Workshop Belnet R&E Federation 39
![Page 34: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/34.jpg)
Antispam Pro
Cloud-based– Data/servers are in Belgium @ Belnet
(trust)
Flexible– Easy user management and delegation
– Customizable
Complete– Inbound and outbound
– Antispam and Antivirus
– Reporting
12/06/2014 Workshop Belnet R&E Federation 40
![Page 35: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/35.jpg)
Mconf
Collaborative web interface with public/private space.
Recently added to the Federation
Go ahead and use it
12/06/2014 Workshop Belnet R&E Federation 41
![Page 36: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/36.jpg)
Mconf @ Belnet
12/06/2014 Workshop Belnet R&E Federation 42
![Page 37: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/37.jpg)
Mconf
Give us your feedback via [email protected]
Not a Belnet service
Limited support
12/06/2014 Workshop Belnet R&E Federation 43
![Page 38: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/38.jpg)
FileSender
• Sends e-mail with big files attached
• From the members of the R&E Federation
• To any recipient
12/06/2014 Workshop Belnet R&E Federation 44
![Page 39: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/39.jpg)
FileSender
12/06/2014 Workshop Belnet R&E Federation 45
![Page 40: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/40.jpg)
Viabel.net
12/06/2014 Workshop Belnet R&E Federation 46
![Page 41: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/41.jpg)
Personal Certificates
12/06/2014 Workshop Belnet R&E Federation 47
![Page 42: Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014](https://reader038.vdocuments.us/reader038/viewer/2022110404/56649eb25503460f94bb8cc5/html5/thumbnails/42.jpg)
Q&A