Authors: Ann Harding (SWITCH), Maarten Kremers (SURFnet)

From 23rd-26th of April, over 920 members of the Internet2 community and their global NREN and regional partners such as GÉANT, Ubuntunet and others came together in Washington DC for the Internet2 Global Summit. Trust and Identity was a major part of the programme, including a thought-provoking plenary session from Ian Glazer of Salesforce. Here’s a quick roundup of some of the main events, several of which had GÉANT and European NREN participation.

Trust and Identity topics were key to the Tuesday Plenary, where Ian Glazer of Salesforce (though arguably better known to the community for his work with Kantara and on standardisation), spoke about The Changing Face of Identity. While socks were briefly covered (presumably an important attribute of identity), the keynote quickly became serious, noting the key role that identity plays as part of a trio, along with security and privacy and the need for identity management models to evolve, and for a development of programmes to create identity professionals in a similar mode to security or network professionals. This impending skills crisis is something that will ring true to NRENs and federations who have been seeking to hire more staff or develop in this area.

Beyond plenaries, each day had strong Trust and Identity content in the regular programme.

Evolution, not revolution was the theme for The Great Identity Debate. Moderated by GÉANT and with participants from SURFnet, JISC, SUNET, as well as local representatives and independent consultants, the Great Identity Debate was a fresh take on a recurring topic. REFEDS has published a detailed blog entry, and the conclusion was although there will not be a revolution in identity management within three years, there are definite changes on the way to benefit researchers, service providers and operators. GÉANT is active in supporting the standardisation of OIDC for use in federated identity for the future, but the Trust & Identity development activity work is also focussing on sustainability of trust models, privacy and security which transcend any particular technology.

Trust and Identity – Governance and Sustainability was a session led by Kevin Morooney, the VP of Trust and Identity at Internet2, and Klara Jelinkova, CIO of  Rice University who chairs the InCommon Steering Committee and the Trust and Identity in Education and Research (TIER) Investor Council. This session tackled the governance challenges for federated IAM and launched the Community Architecture Committee for Trust and Identity (CACTI), which aggregates a number of different community Trust and Identity initiatives and outlined the landscape, where TIER focusses on campus needs, InCommon on national IAM initiatives and eduGAIN provides international IAM. Recognising this international aspect, three representatives from outside the US will serve on the initial CACTI committee – Ann Harding (SWITCH/GÉANT), Christos Kanellopoulos (AARC) and Chris Phillips (CANARIE).

The work of AARC was well profiled, with two sessions; Lesson Learned From AARC: Challenges to Pilot New Components in Production E-Infrastructures , and Enabling Federated Access in International Research Collaborations, presenting real case studies such as for non web login via CILogon and demonstrating that AAI interoperates not just accross geographical boundaries, but also accross community ones.

 

There were also several interesting sessions on the I2 TIER initiative, in which almost 50 campuses have united to fund a programme to improve the usability and sustainability of key IAM components in use in campuses. Several of these, including Shibboleth, COManage and Grouper are also in extensive use throughout the GÉANT community. First, we heard from TIER Stories from the Field: Harvesting Early Adopter Experiences about how campuses ranging from those with significant cloud hosting and IAM experience through to smaller, liberal arts campuses, found adopting TIER components. This linked nicely to TIER Roadmap: Working Together to Develop the Path which was clearly influenced by these early adopters in the needs for flexible solutions that can be provisioned and managed in cloud environments, but also for the need to make life easier for service providers as well as campuses.

Wrapping up the week in terms of GÉANT community involvement for T&I, Sustainability in Federated Identity Services – Global and Local  looked at sustainability at eduGAIN, eduroam and national level (SURFconext), how new groups of users can be served and at how this is all managed to ensure innovation can happen but that balance and fairness in a distributed environment is preserved.

Besides the main programme sessions, several Bird of a Feather (BoF) meetings in the T&I  area were organised, covering TIER products like Grouper and CoManage, but also on OpenID Connect. For the latter BoF, the attendees discussed next steps based on the Internet2 OIDC survey results. Two aspects were particularly important: on the one hand the building of support in TIER products in a sustainable way and on the other hand the need for standardisation. Standardisation covers both the need for sector specific assertions as well the support in OIDC for multilateral identity federations, which applies to the majority of the R&E federations. Conclusion is that uptake of OIDC will take it’s place as (another) technology to support federated identity, yet the road to a critical mass of coveragewill take considerable time. GÉANT is actively supporting both the OIDC federation standardisation, and implementation of OIDC in key software such as Shibboleth.

Alongside the main programme, the eduGAIN SG held a face to face open meeting which was well attended, with 28 individuals in the room and 9 remotely. Representatives from the US, Europe, Latin America and Asia-Pacific were joined by research groups and campuses. The successful adoption of version 3 of the eduGAIN Constitution was announced, which reflects the operational developments of eduGAIN over the past five years, and prepares for future technology, common practice and governance evolution.

The Shibboleth Consortium also held an open meeting at which the relationship with TIER was discussed, and the future evolution and sustainability of a key piece of infrastructure for thousands of campuses and service providers were emphasised as critical for participants.