Your SlideShare is downloading. ×
OpenAthens LA Product detail and demonstration
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

OpenAthens LA Product detail and demonstration

1,095

Published on

Oli Cooper, software engineer at Eduserv, walks you through the latest enhancements to OpenAthens LA.

Oli Cooper, software engineer at Eduserv, walks you through the latest enhancements to OpenAthens LA.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,095
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Provides the core functionality of OALAAuthenticates and logs in end-users Apache server module Authentication, access & session managementCustomisationProvided as a Virtual Machine imageDrop into VM server, point runtime to admin server and set authentication typeAlso available as packages if needed for installation on a physical serverMultiple runtimes can use the same admin server and modelLoad-balancingHigh availability
  • EduPerson Scoped affiliatione.g. Member, Staff, StudentEduPersonTargetedIDPersistent, opaque user IDOnly unique to a particular service providerEduPerson EntitlementCan contain any other informatione.g. user is over 18, or has agreed to Ts & CsEduPerson Principal NamePersistent unique IDAcross multiple service providerse.g. oli.cooper@eduserv.org.uk
  • Should only disclose minimum requiredRelease EduPersonScopedAffiliation to everyoneRelease EduPersonTargetedID to specific service providersRelease email address to internal protected resources
  • Transcript

    • 1. OpenAthens LA
      Detail and Demonstration
      Oli Cooper
      www.eduserv.org.uk
    • 2. Runtime
      Provides the core functionality of OALA
      Authenticates and logs in end-users
      Configured by the administration console
      Apache server module
      Provided as a Virtual Machine image
      Multiple runtimes can use the same admin server and model
    • 3. Web application for use with all the major browsers
      • rpm, Windows installer, zip
      • 4. 6 main tabs
      • 5. Set up from left to right
      Administration Console
    • 6. Authentication
      Establish the identity of the user
      Built-in
      LDAP/Active Directory
      OpenAthens MD
      Custom
      Apache (e.g. mod_auth_basic, mod_auth_radius, …)
      Kerberos/Windows domain
      PHP, Perl...
      ...or multiple methods
    • 7. Data-stores
      Descriptive information (attributes) about users
      Built-in
      LDAP/Active Directory
      OpenAthens MD
      Relational Database (MySQL, MS SQL Server)
      Custom
      Apache (e.g. mod_auth_basic, mod_auth_radius, …)
      Kerberos/Windows domain
      PHP, Perl...
      ...or multiple methods
    • 8. User Categories
      Grouping of users into categories to control access to resources (e.g. staff, students, biology)
      Users may belong to multiple categories
      ...but must be in at least one
      Categories may be assigned by rules
      ...or may be assigned explicitly to specific users
      Attributes are assigned to categories
      Fine control of which users can access what resources
      Cost-saving implications
    • 9. Attributes
      Information that describes the user in a vocabulary understood by the Service Provider
      Datastore (LDAP, SQL database)
      e.g. email address, EduPerson Principal Name
      Fixed value
      e.g. EduPerson Scoped affiliation (member, staff, students)
      Derived
      e.g. EduPersonTargetedID
      Scripted (Javascript)
      e.g. EduPerson Entitlement
    • 10. Core Attributes
      EduPerson Scoped affiliation
      e.g. Member, Staff, Student
      EduPerson TargetedID
      Persistent, opaque user ID
      Only unique to a particular service provider
      EduPerson Entitlement
      Can contain any other information
      e.g. user is over 18, or has agreed to Ts & Cs
      EduPerson Principal Name
      Persistent unique ID
      Across multiple service providers
      e.g. oli.cooper@eduserv.org.uk
    • 11. Configurations
      Defines one (or more) runtime configurations
      Pulls everything from the other tabs together into a configuration that runtime servers can request
      Identity of the installation in the federation
      Entity ID (usually a URL)
      Attribute release
      Which attributes are sent to which service providers
      Should only disclose minimum required
    • 12. Demonstration
      http://demo.idp.openathens.net:7070/OalaAdmin
    • 13. Questions
      oli.cooper@eduserv.org.uk
      http://www.flickr.com/photos/crystaljingsr/3914729343

    ×