Discovery & Login Status<br />Some thoughts for federation operators.Rod Widdowson EDINA<br />
Status<br />Next generation software is here or nearly here.<br />Shibboleth:<br />EDS V1.0.<br />IdP 2.3.<br />SP 2.4.<br...
Take-aways from this talk<br />“Discovery & Login” Extensions are really important:<br />Make recommendations about them.<...
Discovery Extensions?<br />A picture may be worth 1024 words<br />(which is between 1024 and 4096 octets depending on the ...
WAS: Start at the SP<br />
WAS: Go to the DS<br />
WAS: Thence to the IdP<br />
To note<br />Three different web pages<br />Three different brandings<br />One of which is probably complete strange to th...
With Added Extensions			 SP<br />
Embedded Discovery Service<br />
IdP<br />
SP<br />
Centralized Discovery Service<br />
IdP<br />
And DiscoJuice<br />
Discovery extensions?<br />Or “SAML V2.0 Metadata Extensions for Login and Discovery User Interface Version 1.0” as it lik...
User Info	<br />Things used in the UI to ease discovery and login.<br />Display Name.<br />Display Description.<br />Logos...
Logo<br />But what sizes?<br />Shibboleth recommendations:<br />IdPs<br />https://wiki.shibboleth.net/confluence/display/E...
Hinting<br />Geo: “If you physically close to a campus you may prefer that IdP”.<br />IP: “If you are on an campus IP addr...
Take-aways From this talk<br />“Discovery & Login” extensions really matter.<br />Make recommendations about them.<br />St...
Federation Discovery Service<br />Based on UK experience:<br />Try to down play it within your organization.<br />	You don...
Questions<br />Rod Widdowson<br />rdw@steadingsoftware.com<br />
Discovery isn’t<br />About scale.<br />About the operators’ branding.<br />About accounting.<br />About a central service....
Discovery is<br />Never perfectly addressed.<br />Going to get harder.<br />About the first user.<br />About a seamless ex...
Discovery isn’t about scale<br />Actually it might be.  But not yet<br />
Discovery isn’t<br />About accounting <br />No matter how tempting it might be to assume it, not every transaction goes vi...
Discovery Isn’tConfined to your domain<br />
Discovery is<br />Never perfectly addressed<br />We can just make it less bad via a series of aproximations.<br />About th...
Discovery isn’t about the operator’s branding<br />It just confuses the first time user<br />
Suggestions for OperatorsSPs<br />Work with your SP to deploy their own discovery solutions<br />Shibboleth SP<br />SPs us...
Suggestions for OperatorsIdPs<br />Work with your IdPs to add SP co-branding on the login page<br />Shibboleth:<br />Alway...
Upcoming SlideShare
Loading in …5
×

Discovery refeds 11

1,018 views

Published on

Rod Widdowson's presentation to REFEDS, Prague 2011

Published in: Technology, Sports
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,018
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Discovery refeds 11

  1. 1. Discovery & Login Status<br />Some thoughts for federation operators.Rod Widdowson EDINA<br />
  2. 2. Status<br />Next generation software is here or nearly here.<br />Shibboleth:<br />EDS V1.0.<br />IdP 2.3.<br />SP 2.4.<br />DiscoJuice.<br />But the work now moves to federation operators.<br />
  3. 3. Take-aways from this talk<br />“Discovery & Login” Extensions are really important:<br />Make recommendations about them.<br />Start collecting them.<br />Engage with entity operators about them.<br />... And don’t forget your own discovery service<br />
  4. 4. Discovery Extensions?<br />A picture may be worth 1024 words<br />(which is between 1024 and 4096 octets depending on the architecture in question)<br />
  5. 5. WAS: Start at the SP<br />
  6. 6. WAS: Go to the DS<br />
  7. 7. WAS: Thence to the IdP<br />
  8. 8. To note<br />Three different web pages<br />Three different brandings<br />One of which is probably complete strange to the first time user.<br />There is no indication that you are doing the right thing<br />
  9. 9. With Added Extensions SP<br />
  10. 10. Embedded Discovery Service<br />
  11. 11. IdP<br />
  12. 12. SP<br />
  13. 13. Centralized Discovery Service<br />
  14. 14. IdP<br />
  15. 15. And DiscoJuice<br />
  16. 16. Discovery extensions?<br />Or “SAML V2.0 Metadata Extensions for Login and Discovery User Interface Version 1.0” as it likes to be known.<br />http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/sstc-saml-metadata-ui-v1.0.pdf<br />User Information<br />Hinting Information<br />
  17. 17. User Info <br />Things used in the UI to ease discovery and login.<br />Display Name.<br />Display Description.<br />Logos.<br />Keywords.<br />Information & Privacy Statement URLs.<br />
  18. 18. Logo<br />But what sizes?<br />Shibboleth recommendations:<br />IdPs<br />https://wiki.shibboleth.net/confluence/display/EDS10/4.+Metadata+Considerations<br />SPs<br />https://wiki.shibboleth.net/confluence/display/SHIB2/IdPMDUIRecommendations<br />Your CDS will also have recommendations.<br />As will policy.<br />
  19. 19. Hinting<br />Geo: “If you physically close to a campus you may prefer that IdP”.<br />IP: “If you are on an campus IP address you may prefer that IdP”.<br />DNS: “If you machine has a campus DNS, you may prefer that IdP”.<br />
  20. 20. Take-aways From this talk<br />“Discovery & Login” extensions really matter.<br />Make recommendations about them.<br />Start collecting them.<br />Engage with entity operators<br />To add the extensions.<br />To exploit the extensions:<br />There is software already shipping to do this.<br />Not just Shibboleth.<br />... And don’t forget your own discovery service.<br />
  21. 21. Federation Discovery Service<br />Based on UK experience:<br />Try to down play it within your organization.<br /> You don’t show off your toilets to your house guests: It’s just something you have to have.<br />Think about the continuing story. <br />Add SP co-branding.<br />Add IdP branding.<br />Remove your own branding.<br />Remember to consider accessibility.<br />Start thinking about cross federation discovery.<br />
  22. 22. Questions<br />Rod Widdowson<br />rdw@steadingsoftware.com<br />
  23. 23. Discovery isn’t<br />About scale.<br />About the operators’ branding.<br />About accounting.<br />About a central service.<br />Confined to your domain.<br />
  24. 24. Discovery is<br />Never perfectly addressed.<br />Going to get harder.<br />About the first user.<br />About a seamless experience.<br />About commonality of experience.<br />Everyone’s job.<br />
  25. 25. Discovery isn’t about scale<br />Actually it might be. But not yet<br />
  26. 26. Discovery isn’t<br />About accounting <br />No matter how tempting it might be to assume it, not every transaction goes via the DS.<br />About a single central service<br />Well it is, but we would like it not to be.<br />And we are going to have to move away from that.<br />
  27. 27. Discovery Isn’tConfined to your domain<br />
  28. 28. Discovery is<br />Never perfectly addressed<br />We can just make it less bad via a series of aproximations.<br />About the first user<br />The first ever user<br />The first user at this site<br />Consistency<br />Between discovery pages at different sites.<br />Give the feeling of an ongoing story.<br />
  29. 29. Discovery isn’t about the operator’s branding<br />It just confuses the first time user<br />
  30. 30. Suggestions for OperatorsSPs<br />Work with your SP to deploy their own discovery solutions<br />Shibboleth SP<br />SPs using the Shibboleth CDS<br />Other types of SP which use the Shibboleth EDS<br />SimpleSAMLphp<br />Get SP operators to contribute discovery & login information.<br />
  31. 31. Suggestions for OperatorsIdPs<br />Work with your IdPs to add SP co-branding on the login page<br />Shibboleth:<br />Always been feasible<br />Default page in 2.3<br />Other IdPs<br />Get IdP operators to contribute discovery & login information.<br />

×