Trust and Internet Identity Meeting Europe
11-14 Feb 2019: Workshops and Unconference

TIIME Proceedings 2018

Patrick Curry: "Business Cases for Trust & Identity Federation"

Requirements for trust and identity federation are becoming more complex and demanding. The basics are the same in every case, but their architectures vary to meet different functional and user requirements. We explore the increasing need to reuse identity in more use cases and in more ways, to reduce costs and risk, and see how this leads to new collaborative opportunities for wider interoperability and greater shared benefits.

slides

Ralf Schlatterbeck, Thomas Warwaris: "From Trust to (P)ownership. Establishing Trust for IoT and User Devices."

The IoT is based on constrained devices with limited crypto capabilities. The requirement to secure device to device communication is a fundamental challenge. This talk presents some concepts and their pitfalls. Not only in IoT, but with any user devices, the trust assumptions require scrutiny. Trusted computing and DRM (digital restriction management) include trust relationships to different stakeholders who might not be the user.

Title Contents
DP CoCo GÉANT Data Protection Code of Conduct
FIM4R Federated Identity Management for Research Workshop
Federation Boot Camp How to federate identity management across organizations. Concepts, state-of-the-art and alternatives. See the detailed agenda below.
Hub & Spoke Meeting for Hub & Spoke Federation Operators
IdPy Dev Meeting IdentityPython/SATOSA Developer Meeting. See idpy.org.
IDM OSS Sessions 3 tracks for Open Source IDM Projects: (a) 2 Tutorials to get started or expand know-how, and (b) a workshop “Consumer to contributor”. See the detailed agenda below.


Federation Boot Camp

This is a comprehensive workshop for IT-managers and engineers who start or scale up identity federations. Speakers will cover architectural, technical and organizational topics, and introduce privacy, legal and economic aspects. The objectives are to obtain a comprehensive overview on options and alternatives for X2Y Identity Management (B2B, B2C, ..), and a more detailed insight into WebSSO federation with SAML and OIDC. Outline:

Monday Afternoon
  • Architectural options (central IDP, mesh, hub+spoke) and alternatives (consumer-/eGovernment-ID)
  • Fundamental federation concepts based on SAML-based Web-SSO mesh model
    • Trust management
    • SAML metadata anatomy
    • Resource registries, aggregators and registration policy
    • Attribute release
  • Crypto management
  • Federation policy for B2B and B2C
  • PKI-based federations and integraton of non-web clients with SAML
Tuesday Morning
  • Advanced SSO federation concepts
    • Interfederation
    • Virtual Organizations
    • IDP of Last Resort
    • Mobile apps in SAML WebSSO
  • Options for OIDC-based federations (OIDC ‘proper’, OIDCfed)
  • Hub-and-Spoke Federation architecture and use cases
  • Federated provisioning

Speakers: Peter Schober, Walter Hötzendorfer, Roland Hedberg, Lukas Hämmerle, Rainer Hörbe, Raoul Teeuwen, Patrick Curry, Peter Gietz, Wolfgang Pempe


IDM Open Source Software Sessions (free)

Track Descriptions


Track 1: Shibboleth/Federation Operator Tutorial [David Huebner, Wolfgang Pempe, Rainer Hörbe]

  • Introduction to Shibboleth (SP, IdP, Metadata Aggregator)
  • pyFF as alternative to Shib MA
  • IDP Capabilities with Plugin-Interfaces
  • Hands-on part: Install and configure Shib IdP + SP; walk through SP on-boarding; Detect and fix typical configuration errors

Track 2/1: Keycloak [Peter Pfläging]

  • Introduction into Keycloak, an OSS IDM system supported by Redhat.
  • Use cases that are suitable for Keycloak.
  • Demo to get the idea of different possibilities to set up an IDM system with GUI and scripting.

Track 2/2: Midpoint [Katarina Valalikova]

  • Introduction into MidPoint, an OSS IDM and identity governance system.
  • Explain traditional IDM use cases such as provisioning, synchronization, self service, entitlements and password management, and advanced features related to governance, risk management and compliance.
  • Short demos will show real examples.

Track 3: Workshop Consumer to Contributor

Project Speaker
Shibboleth/Federation Operator Tutorial David Huebner, Wolfgang Pempe, Rainer Hörbe
WAYF’s GO stuff Mads Petersen
IdentityPython Heather Flanagan
Midpoint Radovan Semančík, Katarína Valaliková
Comanage Benn Oshrin
Keycloak Peter Pfläging
pyFF, pyeleven with HSM Peter Schober, Rainer Hörbe
Data Sync Frameworks (Aegis, didmos) Thomas Warwaris
Shibboleth OIDC Janne Lauros and Henri Mikkonen
SimpleSamlPHP Jaime Pérez Crespo
Moderator Ralf Schlatterbeck


Unconference (paid)

The unconference is using an agile format with participant-driven contents, covering the attendees’ current interests. TIIME’s format has been designed for solving trust and identity issues, developing and sharing new concepts. If you are looking for a substantial discussion on this subject it is likely that you will meet the right people here!

To get an idea about the contents look at Topics or into the proceedings from previous conferences.

Keynotes

Patrick Curry: “Business Cases for Trust & Identity Federation”

Requirements for trust and identity federation are becoming more complex and demanding. The basics are the same in every case, but their architectures vary to meet different functional and user requirements. We explore the increasing need to reuse identity in more use cases and in more ways, to reduce costs and risk, and see how this leads to new collaborative opportunities for wider interoperability and greater shared benefits.

Ralf Schlatterbeck, Thomas Warwaris: “From Trust to (P)ownership. Establishing Trust for IoT and User Devices.”

The IoT is based on constrained devices with limited crypto capabilities. The requirement to secure device to device communication is a fundamental challenge. This talk presents some concepts and their pitfalls. Not only in IoT, but with any user devices, the trust assumptions require scrutiny. Trusted computing and DRM (digital restriction management) include trust relationships to different stakeholders who might not be the user.

List from 2018

Patrick Curry (BBFA)
Profile PicturePatrick's activities are increasingly focused on sharing cyber security information across national, international and industry cyber organisations, leveraging best practices and standards for secure collaboration in other sectors, and counter fraud. This also links to other areas, such as crisis management through smart metering to the identification and registration of organisations and devices. Patrick is currently working with leading companies and also UK government departments to extend the national implementation of federated trust and in the coordination of cyber defence.
Heather Flanagan (Spherical Cow Group)
Profile PictureHeather wears a variety of hats, from project management, to technical writing and editing, to group facilitation. She is heavily engaged in the standards development community, and actively involved in international research and education identity management discussions. She is also the coordinator for the COmanage project, a collaboration management platform (CMP) effort funded out of a grant from the U.S. National Science Foundation (NSF) and Internet2. Heather has run identity management tutorials around the world, including at WACREN 2016 and APAN 42, and has helped coordinate several sessions and panels at meetings such as REFEDS, Internet2's Global Summit and Technology Exchange, the Society for Scholarly Publishing, and the International Association of Scientific Technical and Medical Publishers.
Peter Gietz (DAASI International)
Profile PicturePeter Gietz, Master of Arts (Magister Artium) in Cultural Studies, is the founder and CEO of DAASI International. As he has been active in the fields of information technology since 1985, he became an internationally recognized expert for directory services. His current interests include Digital Humanities, Identity Management, X.500, LDAP, PKI, metadata and ontologies. He is a frequently invited guest at conferences and events for talks about the latest identity management technologies and developments of the Digital Humanities and is actively participating in the projects DARIAH-DE and AARC. Furthermore, Peter Gietz is engaged in numerous standardization committees and was involved in the creation of measure catalogues for the German Federal Office for Information Security.
Lukas Hämmerle (SWTICH)
Profile PictureLukas Hämmerle studied Electrical Engineering and Information Technology at the Swiss Institute of Technology (ETH Zurich). After graduating in 2004, he joined SWITCH as a software engineer. Lukas and his colleagues are responsible for the development and the operation of the Shibboleth-based authentication and authorization infrastructure SWITCHaai, which SWITCH provides for the benefit of the higher education and research community in Switzerland. As GÉANT task leader, Lukas and his team helped to increase the adoption and use of eduGAIN since 2013. One main focus of this work has also been to support research communities to integrate their services in eduGAIN.
Roland Hedberg
Profile PictureRoland Hedberg started working with Internet and Internet related services back in 1988. Between 1993 and 2003 he was heavily involved in IETF standardization work (mainly different types of directory services). This last 5 years his main work has been on different aspects on the new OpenID Connect standard . His main research areas includes distribute authorisation and authentication service infrastructure and identity management. Roland is now working as an independent consultant.
Walter Hötzendorfer
Profile PictureDr. Walter Hötzendorfer is Senior Researcher and Senior Consultant at the Research Institute – Digital Human Rights Center in Vienna. He has degrees in law as well as in IT (business informatics/information systems) and practical experience in scientific research, consulting, legal counseling, software engineering, and process management. From 2011 to 2016 he was a Researcher at the University of Vienna Centre for Computers and Law, where he worked in several national and international research projects and did a PhD on Data Protection and Privacy by Design in Federated Identity Management. Since 2012, Walter has been advising the Austrian Chamber of Commerce and the Austrian Identity Federation Authority in establishing a Federation Governance Framework and Policy. His research interests span data protection law, privacy by design, privacy engineering, data protection management, identity management, public security, information security, cloud computing, telecommunication and the legal aspects of these and other fields of ICT.
David Huebner (DAASI International)
Profile PictureDavid Hübner received his master’s degree in Computer Science from the University of Tübingen in 2017, where he wrote his thesis on the integration of the OpenID Connect protocol in a SAML-based Shibboleth infrastructure. He has then joined DAASI International as a solutions engineer, with a main focus on the EC-funded AARC project. He has been involved in various projects in the area of AAI, SSO and identity management. Furthermore he is responsible for the development and interoperability work of the DARIAH research infrastructure AAI platform, which is aligned with his AARC work.
Janne Lauros (Géant GN4-2 JRA3 Task 3, CSC)
Profile PictureJanne is an application engineer interested in anything related to OpenID Connect, SAML2, Shibboleth and other SAML2 products, Identity Federations, Authorization, Smart Cards. Using mostly technologies like Java, Spring, Vagrant, Ansible and Vaadin 8. Currently developing user authorization and Shibboleth IdP 3 extensions.
Mads Freek Petersen (WAYF)
Profile PictureMads is chief developer and architect at WAYF, the identity federation for research and higher education in Denmark. An experienced and knowledgable IT professional, he has masterminded and implemented much of WAYF's infrastructure, currently coding in Golang what may well be his 7th from-scratch SAML2 implementation. Employed for many years in the private sector and at Roskilde University, Mads was part of WAYF from the federation's very inception, working full-time there since 2012.
Benjamin Oshrin (Spherical Cow Group)
Profile PictureBenn has been involved with various aspects of IT in higher education for over two decades, including affiliations with Columbia, Rutgers, and Yale Universities. He has recently been focusing on Identity Management and systems architecture, and is the architect for the COmanage Project. Benn is the managing partner for SCG.
Wolfgang Pempe (DFN)
Profile PictureWolfgang started his career as Digital Humanist (MA in Assyriology, Egyptology, History of Religions), specializing in text processing, analysis and markup. He was involved in the D-Grid initiative (TextGrid) and worked several years for the Research and Development Department of the Goettingen State and University Library. Since 2011, when Wolfgang joined DFN, he is involved in operating the DFN-AAI identity federation. Beside his role as Service Manager of the DFN-AAI, Wolfgang is involved in the GN4-2 and AARC2 projects. He is member of the eduGAIN SG and of the Shibboleth Consortium Board (members representative).
Jaime Pérez Crespo (UNINETT)
Profile PictureJaime has been working on digital identity in the Research & Education community since 2005. He started in 2006 in RedIRIS, the Spanish National Research and Education Network, where he ended up heading the national identity federation called SIR. In 2012 he moved to UNINETT, the Norwegian NREN, where he has been ever since an operator of Feide, the national identity federation, as well as the maintainer of, among others, SimpleSAMLphp, a popular open-source library implementing the SAML standard. He is also the Norwegian liaison with the international community, and the delegate for the eduGAIN Steering Group in the country.
Peter Pfläging (pflaeging.net)
Profile PicturePeter Pfläging has a long experience as ICT architect in the governmental and healthcare environment. He lead-authored the specification of the Austrian governmental federation protocols (PVP). Now he works as a private consultant for large organisations in ICT architecture and agility. He operates his own cloud service for agility and has written a new method for agile teams. This also has a connect to federated identities.
Ralf Schlatterbeck (Runtux Open Source Consulting)
Profile PictureDr. Ralf Schlatterbeck has been working as a consultant since 2004, specializing in Open Source, Security, Embedded (IoT), and Telephony (Asterisk) but also doing the occasional web application.
Peter Schober (ACOnet)
Profile PicturePeter joined Vienna University's Computer Center in 2004 as UNIX sysadmin. Since 2012 he is foremost responsible for the ACOnet Identity Federation and related services. He's an active member of GEANT, REFEDS and federation-related Free/Libre software communities.
Radovan Semančík (Evolveum)
Profile PictureRadovan graduated from the Slovak Technical University with a master degree in Software Engineering and PhD degree. At the time he works as a software architect at Evolveum. His main areas of interest are digital identity and distributed systems architecture. He designed one of the first full-scale identity management deployments in Central Europe and provided key consulting services to many more comprehensive identity management solutions. He is an open-source project contributor and participates in several software development projects. He currently dedicates most of his time to lead the midPoint project. He is Apache Foundation committer.
Katarina Valaliková (Evolveum)
Profile PictureGraduated from the Slovak Technical University with a master degree in Software Engineering. At the time she works for Evolveum as a Java developer. She is a part of a core development team of midPoint, open source identity management and governance system.
Raoul Teeuwen (SURF)
Profile PictureRaoul is product manager Trust & Identity (T&I) at SURF (https://www.surf.nl/en/about-surf ), the collaborative ICT organisation for Dutch education and research. The main service of the T&I team currently is the SURFconext (https://www.surf.nl/en/services-and-products/surfconext/index.html ) hub & spoke federation, based on the OpenConext open source software. His current focus is on GDPR-compliance and using federated access for non-browser-based-services; SURF is currently piloting COmanage and SATOSA in the SCZ project (https://wiki.surfnet.nl/display/SCZ ). Besides this, he is interested in Augmented and Virtual Reality (he is co-author of a book) and is a hobbyist beekeeper. For links to his LinkedIn etc, see https://nl.gravatar.com/raoulteeuwen.
Thomas Warwaris (dress code it GmbH)
Profile Picture Thomas is a founder of dress code and works as consultant, software architect and developer. Hands on IT security and secure computing architecture accompanied his work since the early days of script based NIDS and regulated crypto, resulting in his skills in networking, security and data protection. Other topics of interest: IPR, KI, math and cryptsplaining (The unwanted, excessively fact-based thus negatively biased, explanations, mathematicians give to economists and politicians about cryptography and IT-security.)