OpenAthens SP:
Technical Overview
Topics


• The shape and significance of new identity
  architectures
• The benefits of OpenAthens SP
• Walk-through demo
The OpenAthens premise



 Identity standards are maturing and will
   play an essential part in modern web
              ...
Evolution of identity architectures


• Previously bespoke solutions, based on a variety
  of technologies:
   – IP authen...
Recent changes


• 2 significant changes in last 2-3 years directly
  concerned with identity:


1) 'Federation' has becom...
Meanwhile...


• The web is reshaping...
• User's concept of online identity has radically
  changed
• Web APIs are openin...
The identity
                               Threats
              Identity theft
                                         ...
Implications of this


 • These changes have meant a bespoke approach
   to identity is no longer appropriate
    – Standa...
Where does 'identity' fit?
                                              SOAP
                     Application            ...
Where does 'identity' fit?
                                               SOAP
                      Application          ...
So what does this imply?


• Standards facilitate 'layering' of technologies
• People are already talking about an ‘identi...
Introducing OpenAthens SP...


• OpenAthens SP contributes to an identity
  infrastructure in 3 ways:
1) It provides a set...
Application


                                               SQL
                        Platform                        A...
1) Components


• OpenAthens SP comprises a set of modules
  supporting
   – Athens
   – SAML 1.0/1.1/2.0
   – Shibboleth
...
2) Integration with applications


• OpenAthens SP is built on a 'data layer' – the
  OpenAthens SP platform
• Abstraction...
3) Connecting to users


• The combination of 1) and 2) allows for pre-
  packaged solutions for different communities
• O...
Application


                                           SQL
                    Platform                        Audit
Fed...
Examples...
Select organisation:




OpenAthens SP finds organisation in SAML metadata:
SAML response:




Platform 'exports' attributes to application:
Summary


• OpenAthens SP can:
   – Connect a SP to Athens
   – Connect a SP to Shibboleth identity providers in
     the ...
Where to find out more?


• There’s more information on our website
           http://www.athensams.net
• Information and ...
OpenAthensSP: A technical overview
OpenAthensSP: A technical overview
OpenAthensSP: A technical overview
OpenAthensSP: A technical overview
OpenAthensSP: A technical overview
Upcoming SlideShare
Loading in …5
×

OpenAthensSP: A technical overview

1,918 views

Published on

OpenAthensSP provides a flexible platform for integration of federated identity technologies into applications. It supports SAML, OpenID, the Eduserv Athens services, and more federated standards.

This presentation gives an overview of the objectives of the platform and how it interacts with applications.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,918
On SlideShare
0
From Embeds
0
Number of Embeds
30
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

OpenAthensSP: A technical overview

  1. 1. OpenAthens SP: Technical Overview
  2. 2. Topics • The shape and significance of new identity architectures • The benefits of OpenAthens SP • Walk-through demo
  3. 3. The OpenAthens premise Identity standards are maturing and will play an essential part in modern web applications... ...but building practical, yet effective architectures around them can be a major challenge
  4. 4. Evolution of identity architectures • Previously bespoke solutions, based on a variety of technologies: – IP authentication – Username/password – LDAP – SQL – X.509 certificates
  5. 5. Recent changes • 2 significant changes in last 2-3 years directly concerned with identity: 1) 'Federation' has become widely accepted as the future of identity architectures 2) Standards dealing specifically with (federated) identities have emerged • These standards are now reaching maturity
  6. 6. Meanwhile... • The web is reshaping... • User's concept of online identity has radically changed • Web APIs are opening up
  7. 7. The identity Threats Identity theft environment Phishing Web 2.0 SAML OpenID Social networking Shibboleth Blogging Wikis CardSpace XACML Instant messaging LDAP WS-* X.509 User trends Standards/ Protocols Browser Apache IIS J2EE .NET PHP Ruby on Rails Open Source Applications
  8. 8. Implications of this • These changes have meant a bespoke approach to identity is no longer appropriate – Standards are too complicated for this! • A flexible approach to identity is fundamental to modern web applications
  9. 9. Where does 'identity' fit? SOAP Application XML SQL Web server Database HTTP TCP Network DNS
  10. 10. Where does 'identity' fit? SOAP Application XML SAML WS-* 'Identity infrastructure' OpenID SQL XACML Web server Database HTTP TCP Network DNS
  11. 11. So what does this imply? • Standards facilitate 'layering' of technologies • People are already talking about an ‘identity infrastructure' • Projects addressing this now: Higgins (Eclipse), Bandit (Novell)
  12. 12. Introducing OpenAthens SP... • OpenAthens SP contributes to an identity infrastructure in 3 ways: 1) It provides a set of software components to support various identity standards 2) It provides the necessary 'glue' to integrate with an application 3) It provides a supported package to connect to communities of users
  13. 13. Application SQL Platform Audit LDAP SAML Shib ... Policy IdP identity SP identity infrastructure infrastructure OpenAthens SP component Existing or 3rd party component
  14. 14. 1) Components • OpenAthens SP comprises a set of modules supporting – Athens – SAML 1.0/1.1/2.0 – Shibboleth – OpenID – MS information cards
  15. 15. 2) Integration with applications • OpenAthens SP is built on a 'data layer' – the OpenAthens SP platform • Abstraction – Application interacts with the platform not individual modules • Support for multiple languages and platforms
  16. 16. 3) Connecting to users • The combination of 1) and 2) allows for pre- packaged solutions for different communities • OpenAthens SP is available fully supported, currently in 2 different flavours – Athens (inc. NHS) – UKAMF
  17. 17. Application SQL Platform Audit Federation LDAP data SAML Shib ... Policy SP identity infrastructure OpenAthens SP component Existing or 3rd party component
  18. 18. Examples...
  19. 19. Select organisation: OpenAthens SP finds organisation in SAML metadata:
  20. 20. SAML response: Platform 'exports' attributes to application:
  21. 21. Summary • OpenAthens SP can: – Connect a SP to Athens – Connect a SP to Shibboleth identity providers in the UK Access Management Federation • OpenAthens SP is: – Supported by Eduserv in the above scenarios – Actively developing to support the latest identity standards (eg. information cards)
  22. 22. Where to find out more? • There’s more information on our website http://www.athensams.net • Information and live demos are available on the stand outside david.orrell@eduserv.org.uk

×