Your SlideShare is downloading. ×
Discovery refeds 11
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Discovery refeds 11

766
views

Published on

Rod Widdowson's presentation to REFEDS, Prague 2011

Rod Widdowson's presentation to REFEDS, Prague 2011

Published in: Technology, Sports

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
766
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Discovery & Login Status
    Some thoughts for federation operators.Rod Widdowson EDINA
  • 2. Status
    Next generation software is here or nearly here.
    Shibboleth:
    EDS V1.0.
    IdP 2.3.
    SP 2.4.
    DiscoJuice.
    But the work now moves to federation operators.
  • 3. Take-aways from this talk
    “Discovery & Login” Extensions are really important:
    Make recommendations about them.
    Start collecting them.
    Engage with entity operators about them.
    ... And don’t forget your own discovery service
  • 4. Discovery Extensions?
    A picture may be worth 1024 words
    (which is between 1024 and 4096 octets depending on the architecture in question)
  • 5. WAS: Start at the SP
  • 6. WAS: Go to the DS
  • 7. WAS: Thence to the IdP
  • 8. To note
    Three different web pages
    Three different brandings
    One of which is probably complete strange to the first time user.
    There is no indication that you are doing the right thing
  • 9. With Added Extensions SP
  • 10. Embedded Discovery Service
  • 11. IdP
  • 12. SP
  • 13. Centralized Discovery Service
  • 14. IdP
  • 15. And DiscoJuice
  • 16. Discovery extensions?
    Or “SAML V2.0 Metadata Extensions for Login and Discovery User Interface Version 1.0” as it likes to be known.
    http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/sstc-saml-metadata-ui-v1.0.pdf
    User Information
    Hinting Information
  • 17. User Info
    Things used in the UI to ease discovery and login.
    Display Name.
    Display Description.
    Logos.
    Keywords.
    Information & Privacy Statement URLs.
  • 18. Logo
    But what sizes?
    Shibboleth recommendations:
    IdPs
    https://wiki.shibboleth.net/confluence/display/EDS10/4.+Metadata+Considerations
    SPs
    https://wiki.shibboleth.net/confluence/display/SHIB2/IdPMDUIRecommendations
    Your CDS will also have recommendations.
    As will policy.
  • 19. Hinting
    Geo: “If you physically close to a campus you may prefer that IdP”.
    IP: “If you are on an campus IP address you may prefer that IdP”.
    DNS: “If you machine has a campus DNS, you may prefer that IdP”.
  • 20. Take-aways From this talk
    “Discovery & Login” extensions really matter.
    Make recommendations about them.
    Start collecting them.
    Engage with entity operators
    To add the extensions.
    To exploit the extensions:
    There is software already shipping to do this.
    Not just Shibboleth.
    ... And don’t forget your own discovery service.
  • 21. Federation Discovery Service
    Based on UK experience:
    Try to down play it within your organization.
    You don’t show off your toilets to your house guests: It’s just something you have to have.
    Think about the continuing story.
    Add SP co-branding.
    Add IdP branding.
    Remove your own branding.
    Remember to consider accessibility.
    Start thinking about cross federation discovery.
  • 22. Questions
    Rod Widdowson
    rdw@steadingsoftware.com
  • 23. Discovery isn’t
    About scale.
    About the operators’ branding.
    About accounting.
    About a central service.
    Confined to your domain.
  • 24. Discovery is
    Never perfectly addressed.
    Going to get harder.
    About the first user.
    About a seamless experience.
    About commonality of experience.
    Everyone’s job.
  • 25. Discovery isn’t about scale
    Actually it might be. But not yet
  • 26. Discovery isn’t
    About accounting
    No matter how tempting it might be to assume it, not every transaction goes via the DS.
    About a single central service
    Well it is, but we would like it not to be.
    And we are going to have to move away from that.
  • 27. Discovery Isn’tConfined to your domain
  • 28. Discovery is
    Never perfectly addressed
    We can just make it less bad via a series of aproximations.
    About the first user
    The first ever user
    The first user at this site
    Consistency
    Between discovery pages at different sites.
    Give the feeling of an ongoing story.
  • 29. Discovery isn’t about the operator’s branding
    It just confuses the first time user
  • 30. Suggestions for OperatorsSPs
    Work with your SP to deploy their own discovery solutions
    Shibboleth SP
    SPs using the Shibboleth CDS
    Other types of SP which use the Shibboleth EDS
    SimpleSAMLphp
    Get SP operators to contribute discovery & login information.
  • 31. Suggestions for OperatorsIdPs
    Work with your IdPs to add SP co-branding on the login page
    Shibboleth:
    Always been feasible
    Default page in 2.3
    Other IdPs
    Get IdP operators to contribute discovery & login information.

×