Next generation service platform for advanced services
and collaboration services for higher education.
Andreas Åkre Solberg
Once upon a time
Web Single Sign-On with Feide was sufficient to provide
a seamless user experience across services.
Collaboration on Internet
A dynamic working groups spanning multiple organizations, work
together using digital collaboration tools:
Document sharing tool
Meeting planner and calendar
A Web meeting tool
A web forum or mailinglist
API-based instead of SSO-flow
OAuth + authentication
Makes use of Feide (without changes)
Offers additional services
Better support for mobile, desktop etc.
API Authorization Management
Extremely simple integration for Service
Low-bar of entry
(for students, non-commercial, etc)
oktober 23, 2013
Feide based upon SAML 2.0
Rather complex results in relatively high integration cost for Service Providers.
Limited opportunities to the «login request -> response»-flow.
Trends in consumer markets (Facebook, Google, Twitter, Linkedin, Salesforce)
From enterprise protocols towards APIs / REST and OAuth
Providers needs to offer APIs and third party integration anyway; OAuth
Easy to establish a simple authentication protocol (userinfo) on top of that
Built-in support for cross-federation (eduGAIN, Kalmar) and guest users.
oktober 23, 2013
Groups and roles
Base layer: builds groups
from Feide attributes
Connector to FS:
emner, studieretning med mer.
Support for Ad-Hoc groups
Anyone can create groups for their
collaboration needs. Cross-organizational
Support for custom external connectors
to an institutions authoritative source of
Separate People Search API
Also available as a JS library
And as a Federated Widget
Relies on already public information
Better user experience to search for real
user names, than to add userids.
Modell for grupper
Superenkel, men utvidbar, informasjonsmodell
hente ut liste over grupper for gjeldende bruker (fra FeideID)
hente ut liste over medlemmer for en gitt gruppe (fra gruppeID)
Standardisering per gruppe-type for utvidede egenskaper.
Content associated with public
groups. Users may subscribe.
l l a co
Generic information model
ad ew u
o t ho
gr if i
«w as c
Acitivites posted to one or more groups
Mobile app frontend
o u rc
One activity stream per group.
Universities increasing interest to share their data using APIs.
Motivates growth of new innovative, and better services for the employees and
Privacy very important!
Complex to provide authentication model for delegated access to personal data.
Client has obtained a token, and can access
«Feide Connect» services, such as:
> user info,
> activity streams
Any student or employee in Europe should be able to login with their local credentials on the
through the platform.
Established cross-federation connections through eduGAIN and Kalmar.
Collaboration on harmonizing group definitions and exchange protocols with other countries.
Collaboration through GÉANT, Terena.
Nordic collaboration through NordForum?
OAuth, OpenID Connect, SCIM, OpenSocial, ActivityStreams, Misc W3C
Identifikator for mapping av bruker, brukerID, FeideID, studentID, personnummer, etc.
Hvilke type grupper, og evnt roller
Avtaleverk, og tilgang i utviklingsfasen
Kilde for dataene, WS vs database
Hastighet på oppslag
Samarbeid, UNINETT <-> FS