Knock, Knock – Who’s There? Towards Federated Authentication Leigh Dodds Chief Technology Officer, Ingenta Society for Scholarly Publishing San Francisco, June 2007

The Identity Problem

Too many passwords … Flickr & YouTube & FaceBook & MySpace & LiveJournal & LinkedIn…

Identity Silos

Vendor Lock-In E.g. Microsoft Passport

Single Sign-On can solve these problems Single Sign-On = Federated Authentication

Knock, Knock

Who’s There?

Dude..It’s Me…

Who Says?

Er…Ask That Guy…

Hey, do you know this guy?

Dude, that’s Leigh

Respect Mah Authoritah!

Oh, OK. Thanks

Hi, Leigh…

There’s More Than One Way to Implement This

User Service Provider Identity Provider

Where Things Differ… How do we know who the user’s Identity Provider is? How do the Service Providers and Identity Providers talk to one another? What information does the Identity Provider expose about the User? Can we trust the Identity Provider? How does the Identity Provider authenticate the user?

How do we know who the user’s Identity Provider is?

How do the Service Providers and Identity Providers talk to one another?

What information does the Identity Provider expose about the User?

Can we trust the Identity Provider?

How does the Identity Provider authenticate the user?

OpenId User-centric Simple to implement Growing number of open source toolkits Rapid adoption in web community Does not address trust issue

User-centric

Simple to implement

Growing number of open source toolkits

Rapid adoption in web community

Does not address trust issue

Shibboleth Library-centric Complex to implement Open source software plus commercial options Growing adoption in library and publishing communities Introduces element of trust

Library-centric

Complex to implement

Open source software plus commercial options

Growing adoption in library and publishing communities

Introduces element of trust

Conclusions & Further Reading http://del.icio.us/ldodds/tag/ssp-2007-06