Knock Knock, Who's There?
From NORDUnet
views
comments
Related Media
This session delves into recent advancements regarding authentication and authorization in the R&E world. It has three speakers from three different continents each with their own topics: improving access to sensitive datasets, describing the transition to a different authentication method for better security and usability and defining phishing-resistant MFA. By listening to the different perspectives of the three continents, we aim to give insight into research access on a global scale.
Authentication and authorisation for the High Energy Physics computing grid infrastructure has been based on X.509 certificates since its inception in the early 2000s. In recent years an emphasis has been placed on modernising the stack, facilitating integration with external cloud infrastructure and improving usability and security - all of which have naturally led to a transition to JWT tokens over OAuth2 and OIDC. Important questions are emerging from the operational experience of using tokens - particularly finding an appropriate balance between operations and security. We aim to solve these problems by working together with the wider TNC community (though projects such as AARC-TREE) and complete the migration to token workflows in the coming years. We will share the vision and progress so far.
Speaker: Berk Balci (CERN)
Leveling Up Identity Assurance: MFA, Phishing Resistance, and the Path Forward
R&E federations are evolving to meet increasing demands for both strong authentication and verifiable identity assurance. This session will provide an update on the REFEDS MFA Profile Working Group’s efforts to refine authentication assurance, including defining “phishing-resistant MFA.” We’ll also highlight InCommon’s work to align the REFEDS Assurance Framework with evolving research and funding agency requirements. Attendees will gain insight into upcoming changes, practical implementation considerations, and how to get involved in shaping the future of federated identity assurance.
Chair: Jeroen Wijenbergh (GÉANT)
Researcher Identity – It’s All About Attributes, Not Authentication
This presentation explores how the Australian Access Federation (AAF) worked with the CADRE project to streamline access to over 1,000 social science datasets. The project used REMS and CILogon to implement workflows based around the 5-Safes principles to manage access to sensitive datasets. Attendees will learn how leveraging federations and authoritative attribute sources (e.g. ORCiD) can enhance research data access, streamline approvals, and simplify compliance. The session will also cover key challenges, solution components, and the next steps for CADRE’s 2025 launch.
Speakers: John Scullen (Australian Access Federation), Scott Koranda (University of Illinois)
Token based authorisation - the key to the future of High Energy Physics computingThis presentation explores how the Australian Access Federation (AAF) worked with the CADRE project to streamline access to over 1,000 social science datasets. The project used REMS and CILogon to implement workflows based around the 5-Safes principles to manage access to sensitive datasets. Attendees will learn how leveraging federations and authoritative attribute sources (e.g. ORCiD) can enhance research data access, streamline approvals, and simplify compliance. The session will also cover key challenges, solution components, and the next steps for CADRE’s 2025 launch.
Speakers: John Scullen (Australian Access Federation), Scott Koranda (University of Illinois)
Authentication and authorisation for the High Energy Physics computing grid infrastructure has been based on X.509 certificates since its inception in the early 2000s. In recent years an emphasis has been placed on modernising the stack, facilitating integration with external cloud infrastructure and improving usability and security - all of which have naturally led to a transition to JWT tokens over OAuth2 and OIDC. Important questions are emerging from the operational experience of using tokens - particularly finding an appropriate balance between operations and security. We aim to solve these problems by working together with the wider TNC community (though projects such as AARC-TREE) and complete the migration to token workflows in the coming years. We will share the vision and progress so far.
Speaker: Berk Balci (CERN)
Leveling Up Identity Assurance: MFA, Phishing Resistance, and the Path Forward
R&E federations are evolving to meet increasing demands for both strong authentication and verifiable identity assurance. This session will provide an update on the REFEDS MFA Profile Working Group’s efforts to refine authentication assurance, including defining “phishing-resistant MFA.” We’ll also highlight InCommon’s work to align the REFEDS Assurance Framework with evolving research and funding agency requirements. Attendees will gain insight into upcoming changes, practical implementation considerations, and how to get involved in shaping the future of federated identity assurance.
Speaker: Albert Wu (Internet 2 / InCommon)
- Tags
-