Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Glenn Wearen 20091203 Ifif He Anet Gwearen

987 views

Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Glenn Wearen 20091203 Ifif He Anet Gwearen

  1. 1. Federated Access Glenn Wearen HEAnet
  2. 2. Terminology Single Log On • single point of authentication (e.g ldap) • synchronised account and credentials • authenticate to each application Single Sign On • single point of authentication • single credential, single account • authenticate once
  3. 3. Terminology Identity Provider • Organisation that holds identity data/credentials Service Provider • Organisation accepting federated identities IdP, SP, OP, RP
  4. 4. Terminology Web SSO – OpenID – Cardspace (Infocard, Higgins etc.) – SAML, WS-Trust – Facebook Connect, Friend Connect – OAuth Data exchange
  5. 5. Federated Access in Education SAML widely adopted in national academic federations • UK Access Management Federation • InCommon • Switch AAI • HAKA • Swamid • AAF Confederation • Surfederatie • Feide • GARR Idem AAI SAML used in other sectors Realty, Aerospace, Automobile, 401k
  6. 6. Federation or Service Provider WAYF Server Institutional SAML Server Service Provider SAML server Service Provider Web Server Se Institutional User Institutional Web rvi c Repository Server eP . ) rov IdP ide n( r( tio SP titu ) Ins . Service Provider User Repository
  7. 7. Federated Access in Education
  8. 8. Edugate – IdP’s • Institutes of Technology • Universities • Private colleges • Research agencies
  9. 9. Edugate – SP's • Any IdP can be a SP • Shared services offered by IdP's • Academic content providers • Research portals • Organisations offering academic discount
  10. 10. Membership has its benefits Federation is a web of trust underpinned by... – Policy • Membership rules – Identity providers must ensure identities are assured – Service providers must not abuse data protection rules • Confederation/Interfederation – Technical • Standard protocol
  11. 11. Membership has its benefits Management of identity provider – Consent management – Attribute release HEAnet assistance to get started – Directory integration for IdP's – Application integration for SP's
  12. 12. Resource Registry -SP
  13. 13. Resource Registry –IdP (i)
  14. 14. Resource Registry –IdP (ii)
  15. 15. Resource Registry – IdP (iv)
  16. 16. Resource Registry – IdP (v)
  17. 17. Resource Registry – IdP (v)
  18. 18. Future Directions – Confederation • UK Federation / eduGAIN – Attribute aggregation • Student account is but one part of a user account – Who knows? • Schools • Make a 'social' account out of of the 'campus' id. • National student ID
  19. 19. Summary Terminology SAML Edugate Join us at www.edugate.ie

×