Feide Connect


Published on

Variation:1, groups.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Feide Connect

  1. 1. «Feide Connect» Next generation service platform for advanced services and collaboration services for higher education. Andreas Åkre Solberg andreas.solberg@uninett.no
  2. 2. Once upon a time Web Single Sign-On with Feide was sufficient to provide a seamless user experience across services. !2
  3. 3. Collaboration on Internet ✤ A dynamic working groups spanning multiple organizations, work together using digital collaboration tools: ✤ A wiki ✤ Document sharing tool ✤ Meeting planner and calendar ✤ A Web meeting tool ✤ A web forum or mailinglist !3
  4. 4. Feide Connect Authenti cation Self Service Groups and Roles Activity People streams search API Authz Mngmnt OAuth Authorization Engine HTTP API 5
  5. 5. Feide Connect New architecture Feide tjeneste Mobil app Web app Tredjepartsklient / integrasjon API-based instead of SSO-flow OAuth + authentication Makes use of Feide (without changes) Feide Feide Connect grupper personsøk lagring aktivitetstr API authz Offers additional services Better support for mobile, desktop etc. API Authorization Management Tjeneste backend API Extremely simple integration for Service Providers Low-bar of entry 
 (for students, non-commercial, etc) oktober 23, 2013 !6
  6. 6. Authentication Feide based upon SAML 2.0 Rather complex results in relatively high integration cost for Service Providers. Limited opportunities to the «login request -> response»-flow. ! Trends in consumer markets (Facebook, Google, Twitter, Linkedin, Salesforce) From enterprise protocols towards APIs / REST and OAuth Providers needs to offer APIs and third party integration anyway; OAuth Easy to establish a simple authentication protocol (userinfo) on top of that OpenID Connect Built-in support for cross-federation (eduGAIN, Kalmar) and guest users. oktober 23, 2013 7
  7. 7. Groups and roles !8
  8. 8. Groups and roles API Service Base layer: builds groups 
 from Feide attributes Feide tjeneste Mobil app Web app Tredjepartsklient / integrasjon Connector to FS:
 emner, studieretning med mer. Feide Connect Support for Ad-Hoc groups
 Feide Anyone can create groups for their collaboration needs. Cross-organizational groups. Support for custom external connectors to an institutions authoritative source of group data. Groups FS personsøk lagring aktivitetstr API authz Ext Connectors AdHoc !9
  9. 9. Ad-hoc group management front-end !10
  10. 10. People Search Separate People Search API Authenticated API Also available as a JS library And as a Federated Widget Relies on already public information Better user experience to search for real user names, than to add userids. !11
  11. 11. Modell for grupper Superenkel, men utvidbar, informasjonsmodell ! ! ! ! ! Protokoll for: hente ut liste over grupper for gjeldende bruker (fra FeideID) hente ut liste over medlemmer for en gitt gruppe (fra gruppeID) !12
  12. 12. Utvidet modell Standardisering per gruppe-type for utvidede egenskaper. !13
  13. 13. Subscriptions Content associated with public groups. Users may subscribe. !14
  14. 14. Activity Streams !15
  15. 15. ma Ar ha zs WebApp frontend Widgets dr wi eas l l a co tte nfi nd rm me ed eti an ng d df» ! sc he du led an ew me eti ng Generic information model A n ad ew u de se dt rT o t ho he rle gr if i ou s p Si mo n re «w as c elc rea om ted e!» a at wiki Ag pa or ge a User interfaces An d Acitivites posted to one or more groups An re .p Mobile app frontend da at file Cl «a o u rc ds hi tor tec tu API re Activity Streams One activity stream per group. !16
  16. 16. !17
  17. 17. Notifications The most important activity updates Email and mobile push notifications Personal preferences !18
  18. 18. Open Data !19
  19. 19. Open Data Universities increasing interest to share their data using APIs. Motivates growth of new innovative, and better services for the employees and students. ! Privacy very important! Complex to provide authentication model for delegated access to personal data. !20
  20. 20. Self-service !21
  21. 21. Registration of new clients ! Third parties register new clients, and requests access to API scopes. !22
  22. 22. Managing clients ! › Trust › Scope management › Statistics ! › Authorization workflow !23
  23. 23. API Authorization workflow ! API owner grants access to new clients. › Clients bounded to authenticated users / organizations !24
  24. 24. Users accessing clients, is handled through Feide login The platform will make sure end users accessing the clients are authenticated (using Feide). !25
  25. 25. API Authorization Dialog !26
  26. 26. Client has obtained a token, and can access «Feide Connect» services, such as: ! > user info, > groups, > activity streams !27
  27. 27. International Collaboration Any student or employee in Europe should be able to login with their local credentials on the through the platform. Established cross-federation connections through eduGAIN and Kalmar. ! Collaboration on harmonizing group definitions and exchange protocols with other countries.
 Collaboration through GÉANT, Terena. Nordic collaboration through NordForum? Standardization
 OAuth, OpenID Connect, SCIM, OpenSocial, ActivityStreams, Misc W3C !28
  28. 28. Til diskusjon Identifikator for mapping av bruker, brukerID, FeideID, studentID, personnummer, etc. Hvilke type grupper, og evnt roller Avtaleverk, og tilgang i utviklingsfasen Kilde for dataene, WS vs database Hastighet på oppslag Samarbeid, UNINETT <-> FS !29