• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Edugate Futures
 

Edugate Futures

on

  • 475 views

12 Future directions Edugate could take

12 Future directions Edugate could take

Statistics

Views

Total Views
475
Views on SlideShare
473
Embed Views
2

Actions

Likes
0
Downloads
1
Comments
1

1 Embed 2

http://www.linkedin.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • POR FAVOR ESTA PROPUESTA DE NEGOCIO, ESCRIBA EN MI ESPALDA ID si está interesado.
    ------------------------------------

    Feliz mes nuevo abundante de noviembre,

    Hola.

    ¿Cómo estás hoy?
    Espero que estés bien y que todo está bien con usted? gracias God.My nombre es jenifer PETERSON. (estoy buscando una buena relación y además que tenga propuesta de negocios con usted) si lo desea. por favor, escríbeme mensaje a mi buzón de correo electrónico
    Thanks,>

    jeniferpeterson1 en / yh / dt / cum
    ---------------------

    PLEASE THIS BUSINESS PROPOSAL, WRITE ON MY ID BACK IF INTERESTED.
    ------------------------------------

    Happy abundant new month of November,

    Hello.

    how are you today?
    I hope you are fine and all is well with you ? thank God.My name is JENIFER PETERSON .(i am looking for a good relationship and also to have business proposal with you )if you want. please write me message to my email box
    THANKS,>

    jeniferpeterson1 at / yh / dt / cum
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Edugate Futures Edugate Futures Presentation Transcript

    • EdugateGlenn Wearen HEAnet.
    • Summary1 year Pilot Project / 2 years in productionAll IoT’s, Universities, Colleges, but only half of HEAnet’s membersCore service at some institutions but light use at others
    • So, where to now?1. Extended Attribute Schema2. Higher Identity Assurance3. Strong Authentiation4. Account Provisioning5. Cross institutional groups6. New Identity Protocols7. Statistics8. Bilateral Trusts9. Expansion beyond HEAnet10. SSO for non-web applications11. Aggregated identities12. Logout
    • 1. Extended Attribute SchemaStudents • Do you have photos? • Can I tell if a user is part-time/full-time? • What course is the student pursuing?Staff • Cost-center code (for eProcurement) • ResearcherID AuthorID • Availability calendar • Telephone number
    • 2. Higher Identity AssuranceWould you use Edugate for eProcurement? • On-campus (cross charging for campus services) • Shared procurement portal (Shannon Consortium Procurement Network) • External suppliers (vikingdirect.ie/officedepot.ie)Service Provider will seek assurances that the identity is sufficient quality to underpin a cardless financial transaction
    • 3. Strong AuthenticationPasswords are the root of all e-vil • Easily shared • Easily forgotten • Frequently exposed • No common password policy • Password changes not enforced
    • 3. Strong AuthenticationSSO helps to eliminate passwords • Consolidating onto a single (or single+1) credential allows for strong authentication • 2-factor authentication / strong password policySSO systems can protect sensitive resources • re-authentication • ‘step-up’ authentication
    • 4. Account ProvisioningOn-campus, provisioning is a minor problem, but, for cloud/hosted/outsourced services provisioning is a significant problemInvitation systems require; • email address of all potential users -1 time url • approval workflows -open URL
    • 4. Account ProvisioningBulk provisioning • Handling of bulk files a significant risk • Out of Sync almost immediately • De-provisioning rarely handled • Accounts created for users who might never login
    • 4. Account ProvisioningJust-in-Time provisioning Standards emerging • Simple Cloud Identity Management (SCIM) But, service Providers familiar with; • LDAP Enter username/password, authenticate, query for attributes • Oauth Enter user ID, authenticate, get token, query for attributes • API Enter a user identifier, query for attributes, forever
    • 5. Cross institutional groupsCross institutional/federation groups (Virtual Organisations) • Identity provider doesn’t know all the collaboration or projects that a user participates within. • This makes it authorisation difficult for Service Providers (e.g. Project Portal)
    • 5. Cross Institutional GroupsEstablish an Edugate group repository; • this can be queried by IdP’s during the preparation of attributes for an assertion • this can be queried by SP’s provided the repository has a user identifier • Self-asserted group membership • Group membership approvals or invitations.
    • 6. New Identity ProtocolsOpenID Connect • Addresses weaknesses and shortcomings of OpenIDOAuth2 • Allows retrieval of user data when user is not presentWIF • Predominant identity protocol for Microsoft services
    • 6. New Identity ProtocolsShould Edugate add new protocols? • Cost? • Benefit?
    • 7. Statistics and MonitoringAre my users able to access service X? Why are my users accessing service Y?How come I’ve no users from institution A? Why are we so popular with institution B?What is the most widely used Edugate service? What is the least most used service?Is Edugate being used? or being used more?
    • 7. Statistics and MonitoringIs IdP X up? Are there high rates of attrition? Are [staff|students] able to authenticate?
    • 8.Proliferation of bilateral trustsThere are 29 bilateral trusts in Edugate, why don’t these services join Edugate? • Maybe not required (single institution) • Tender awarded, Edugate not in the tender • SP not a legal entity Google Apps, Millennium, Blackboard Learn.
    • 9. Expansion beyond HEAnet?More identity providers will mean more serviceproviders•Private Colleges•Health Services Sector (HSE/Hospitals/CPD)•Industry Research Centers (Intel Labs / SFI participants)•2nd Level schools
    • 10. SSO for non-webSAML works well within the browser, but,Outside the browser, it requires client support• Native client support Outlook Claims based authentication• Or, with Moonshot; Common library support (GSS/SASL/SSPI)
    • 11. Aggregated identitiesInstitution holds validated identity data and enrollment status. This can be aggregated or augmented with self-asserted data from other sources; • Social ID’s (Profile Pictures, friends, interests) • Group membership repository
    • 11. Aggregated identitiesFacebook/Twitter/Google hold self-asserted identity data. This can be aggregated or augmented with verified user data from other sources :-p
    • 12. LogoutClicking on ‘Logout’ what should happen? • Logout of the application, but IdP session persists (Local Logout) • Logout of the application, redirect to IdP session killer page (partial logout) • Logout of the application, redirect to IdP session killer page, trigger logout of all services • (global logout)
    • 12. LogoutOr should the SP force re-authentication at theIdP after the logout button has been used (if theIdP supports it.
    • So, where to now?1. Extended Attribute Schema2. Higher Identity Assurance3. Strong Authentiation4. Account Provisioning5. Cross institutional groups6. New Identity Protocols7. Statistics8. Bilateral Trusts9. Expansion beyond HEAnet10. SSO for non-web applications11. Aggregated identities12. Logout