Federated Identity Management
Federated Identity Management         BCcampus and  Federated Identity Management    “Aligning with the Vision”
The BCcampus Vision
The BCcampus Vision BCcampus is a collaborative online learning  initiative that was established to assist public  post-s...
The BCcampus Strategy
The BCcampus Strategy Provide agile, personalized access to educational  information and services using a federated  appr...
The BCcampus Strategy Provide agile, personalized access to educational  information and services using a federated  appr...
The BCcampus Strategy Provide agile, personalized access to educational  information and services using a federated  appr...
Federated Identification Allows a consortium of institutions to provide  electronic authentication for the community of  ...
Strategies / Federated Identification
Strategies / Federated IdentificationHow does Federated Identification Fit
Strategies / Federated Identification
Strategies / Federated IdentificationHow does Federated Identification Fit
Strategies / Federated Identification
Strategies / Federated IdentificationHow does Federated Identification Fit
Alignment with the Goals
Alignment with the GoalsFederated identification technologies can make available theauthentication / data interchange infr...
Alignment with the GoalsFederated identification technologies can make available theauthentication / data interchange infr...
Alignment with the GoalsFederated identification technologies can make available theauthentication / data interchange infr...
Alignment with the GoalsFederated identification technologies can make available theauthentication / data interchange infr...
The Underlying Technologies
The Underlying Technologies Authenticating the individual
The Underlying Technologies Authenticating the individual   – via WEB based “Shibboleth” technology      • Individual aut...
The Underlying Technologies
The Underlying Technologies Authenticating the individual – continued
The Underlying Technologies Authenticating the individual – continued   – WEB based “Shibboleth” technology      • Shibbo...
The Underlying Technologies
The Underlying Technologies Confirming the Authorization – SAML
The Underlying Technologies Confirming the Authorization – SAML   • “Security Assertion Markup Language” for computer to ...
The Underlying Technologies
The Underlying Technologies Defining the Content of the data
The Underlying Technologies Defining the Content of the data   • Use of the “EduPerson” standard for Shibboleth / SAML   ...
The Underlying Technologies
The Underlying Technologies Enforcing Security  •   All WEB pages used by the individual for authentication      and auth...
The Underlying Technologies
The Underlying Technologies The Method of Transmission
The Underlying Technologies The Method of Transmission   • Existing network (internet) technology used to     interconnec...
Some References
Some References• Shibboleth – an Internet2 initiative   – http://shibboleth.internet2.edu/about.html• SAML   – http://saml...
Upcoming SlideShare
Loading in...5
×

Federated id alignment 2011

469

Published on

BCcampus fit with Shibboleth federated identity

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
469
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Federated id alignment 2011

    1. 1. Federated Identity Management
    2. 2. Federated Identity Management BCcampus and Federated Identity Management “Aligning with the Vision”
    3. 3. The BCcampus Vision
    4. 4. The BCcampus Vision BCcampus is a collaborative online learning initiative that was established to assist public post-secondary institutions in British Columbia to meet their students’ online learning needs.
    5. 5. The BCcampus Strategy
    6. 6. The BCcampus Strategy Provide agile, personalized access to educational information and services using a federated approach to connectivity across system institutions.
    7. 7. The BCcampus Strategy Provide agile, personalized access to educational information and services using a federated approach to connectivity across system institutions. Reduce costs and create efficiencies using collaborative and shared service models.
    8. 8. The BCcampus Strategy Provide agile, personalized access to educational information and services using a federated approach to connectivity across system institutions. Reduce costs and create efficiencies using collaborative and shared service models. Develop and share educational resources and expertise through the promotion of open and accessible networks.
    9. 9. Federated Identification Allows a consortium of institutions to provide electronic authentication for the community of individuals belonging to any of those institutions without releasing any confidential or personal data. All participating members of the consortium can authenticate individuals belonging to any one of the participating members without having to create artificial e-credentials. This is the truly federated model of authenticating individuals. The individual’s “home” institution is solely responsible for assuring the veracity and authentication of the individual in question.
    10. 10. Strategies / Federated Identification
    11. 11. Strategies / Federated IdentificationHow does Federated Identification Fit
    12. 12. Strategies / Federated Identification
    13. 13. Strategies / Federated IdentificationHow does Federated Identification Fit
    14. 14. Strategies / Federated Identification
    15. 15. Strategies / Federated IdentificationHow does Federated Identification Fit
    16. 16. Alignment with the Goals
    17. 17. Alignment with the GoalsFederated identification technologies can make available theauthentication / data interchange infrastructure to:
    18. 18. Alignment with the GoalsFederated identification technologies can make available theauthentication / data interchange infrastructure to:  provide a secure, trusted, real-time mechanism that can be used to interchange student information via the provincial network amongst BC’s post-secondary institutions using links to online learning resources and information provided by post-secondary system partners.
    19. 19. Alignment with the GoalsFederated identification technologies can make available theauthentication / data interchange infrastructure to:  provide a secure, trusted, real-time mechanism that can be used to interchange student information via the provincial network amongst BC’s post-secondary institutions using links to online learning resources and information provided by post-secondary system partners.  foster and support the formation of collaborations and partnerships between institutions that leverage knowledge, reduce costs and generate benefits for students.
    20. 20. Alignment with the GoalsFederated identification technologies can make available theauthentication / data interchange infrastructure to:  provide a secure, trusted, real-time mechanism that can be used to interchange student information via the provincial network amongst BC’s post-secondary institutions using links to online learning resources and information provided by post-secondary system partners.  foster and support the formation of collaborations and partnerships between institutions that leverage knowledge, reduce costs and generate benefits for students.  provide educator support through online communities of practice, re-usable tools and resources, professional development strategies, technology training, and online program development.
    21. 21. The Underlying Technologies
    22. 22. The Underlying Technologies Authenticating the individual
    23. 23. The Underlying Technologies Authenticating the individual – via WEB based “Shibboleth” technology • Individual authenticates him or herself at the home institution using that institution’s instance of computer credentials (user id and password). • These authenticating credentials (user id and password combination) are never made available to any partner institution – the authentication being performed by computers resident within the home institution itself. • Shibboleth has access to an individual’s affiliation with the home institution which can be made available after authentication.
    24. 24. The Underlying Technologies
    25. 25. The Underlying Technologies Authenticating the individual – continued
    26. 26. The Underlying Technologies Authenticating the individual – continued – WEB based “Shibboleth” technology • Shibboleth will only release pre-approved data to a specific partner’s server computer once the individual’s authentication / authorization is verified. • Shibboleth was developed exactly for these types of requirements and privacy considerations. • Shibboleth is an accepted standard and is actively supported. • Widely adopted by IT groups involved in higher education.
    27. 27. The Underlying Technologies
    28. 28. The Underlying Technologies Confirming the Authorization – SAML
    29. 29. The Underlying Technologies Confirming the Authorization – SAML • “Security Assertion Markup Language” for computer to computer communication to prevent fraudulent transactions and bogus authentications • SAML (currently version 2) is an accepted standard • SAML version 2 is fully supported by Shibboleth version 2 (version 2 having been defined as a joint effort from both development groups)
    30. 30. The Underlying Technologies
    31. 31. The Underlying Technologies Defining the Content of the data
    32. 32. The Underlying Technologies Defining the Content of the data • Use of the “EduPerson” standard for Shibboleth / SAML interchange of data. • EduPerson is an accepted standard and is actively supported. • Use of the Postsecondary Education Standards Council (PESC) standards for student specific data. (eg. e- transcript interchange) • Emerging 3rd party vendor support for the PESC standards
    33. 33. The Underlying Technologies
    34. 34. The Underlying Technologies Enforcing Security • All WEB pages used by the individual for authentication and authorization are secured (using HTTPS: pages). • All network interchanges of data are encrypted using current DES public key encryption technology – the accepted standard.
    35. 35. The Underlying Technologies
    36. 36. The Underlying Technologies The Method of Transmission
    37. 37. The Underlying Technologies The Method of Transmission • Existing network (internet) technology used to interconnect all the computers involved in the authentications, authorizations, and data exchanges. • All network data for this application is strongly encrypted (see prior slide). • Use of “standards based” Enterprise Service Bus (ESB) and Systems Oriented Architecture (SOA) messaging software technologies.
    38. 38. Some References
    39. 39. Some References• Shibboleth – an Internet2 initiative – http://shibboleth.internet2.edu/about.html• SAML – http://saml.xml.org/about-saml• EduPerson – a joint Internet2 / EDUCAUSE initiative – http://middleware.internet2.edu/eduperson/• Postsecondary Education Standards Council – http://www.pesc.org/
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×