Glenn Wearen 20091203 Ifif He Anet Gwearen
Upcoming SlideShare
Loading in...5

Glenn Wearen 20091203 Ifif He Anet Gwearen






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Glenn Wearen 20091203 Ifif He Anet Gwearen Glenn Wearen 20091203 Ifif He Anet Gwearen Presentation Transcript

  • Federated Access Glenn Wearen HEAnet
  • Terminology Single Log On • single point of authentication (e.g ldap) • synchronised account and credentials • authenticate to each application Single Sign On • single point of authentication • single credential, single account • authenticate once
  • Terminology Identity Provider • Organisation that holds identity data/credentials Service Provider • Organisation accepting federated identities IdP, SP, OP, RP
  • Terminology Web SSO – OpenID – Cardspace (Infocard, Higgins etc.) – SAML, WS-Trust – Facebook Connect, Friend Connect – OAuth Data exchange
  • Federated Access in Education SAML widely adopted in national academic federations • UK Access Management Federation • InCommon • Switch AAI • HAKA • Swamid • AAF Confederation • Surfederatie • Feide • GARR Idem AAI SAML used in other sectors Realty, Aerospace, Automobile, 401k
  • Federation or Service Provider WAYF Server Institutional SAML Server Service Provider SAML server Service Provider Web Server Se Institutional User Institutional Web rvi c Repository Server eP . ) rov IdP ide n( r( tio SP titu ) Ins . Service Provider User Repository
  • Federated Access in Education
  • Edugate – IdP’s • Institutes of Technology • Universities • Private colleges • Research agencies
  • Edugate – SP's • Any IdP can be a SP • Shared services offered by IdP's • Academic content providers • Research portals • Organisations offering academic discount
  • Membership has its benefits Federation is a web of trust underpinned by... – Policy • Membership rules – Identity providers must ensure identities are assured – Service providers must not abuse data protection rules • Confederation/Interfederation – Technical • Standard protocol
  • Membership has its benefits Management of identity provider – Consent management – Attribute release HEAnet assistance to get started – Directory integration for IdP's – Application integration for SP's
  • Resource Registry -SP
  • Resource Registry –IdP (i)
  • Resource Registry –IdP (ii)
  • Resource Registry – IdP (iv)
  • Resource Registry – IdP (v)
  • Resource Registry – IdP (v)
  • Future Directions – Confederation • UK Federation / eduGAIN – Attribute aggregation • Student account is but one part of a user account – Who knows? • Schools • Make a 'social' account out of of the 'campus' id. • National student ID
  • Summary Terminology SAML Edugate Join us at