EduKEEP: Towards a User-Centric Identity Management Model

Maarten Kremers
TrackTrack 2 Nordia Room
DescriptioneduGAIN interconnects identity federations around the world, hereby enabling the trustworthy exchange of information related to identity, authentication and authorisation (AAI) by coordinating elements of the federations’ technical infrastructure and providing a policy framework that controls this information exchange.
The requirements towards identity federations interconnected in eduGAIN are kept to an absolute minimum. The inner workings of those identity federations are for this reason kept outside of the scope of the eduGAIN policy framework as much as possible.
However, those inner workings strongly influence the goal of eduGAIN: to simplify access to content, services and resources for the global research and education community. Most, if not all, identity federations participating in eduGAIN manage users in an organization-centric fashion, which has several implications, like users changing organizations get issued new identities, even though they are linked to the very same person. An other case is that if no suitable primary affiliation exists (students leaving university or research collaboration with industry partners), there is no straight-forward way to get issued a valid identity at all. In both cases, access to resources is lost, regardless of whether access rights were based on affiliation or on an individual basis.
Moving from an organization-centric identity management model to a user-centric model would do the trick, based on long-lived identity provider where the user is in control. Existing identity providers will become attribute providers serving information about the relationship with the individual. The long-lived identity provider will release basic information, combined with the additional attributes from the attribute providers.
The trust and identity joint research activity of the European GÉANT Project (GN4-1) is designing an architecture model for this approach, as well as an overview of needed deployment actions and proposed next steps.

Presentation documents

All talks