OpenAthens LA Product detail and demonstration

1,294 views

Published on

Oli Cooper, software engineer at Eduserv, walks you through the latest enhancements to OpenAthens LA.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,294
On SlideShare
0
From Embeds
0
Number of Embeds
39
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Provides the core functionality of OALAAuthenticates and logs in end-users Apache server module Authentication, access & session managementCustomisationProvided as a Virtual Machine imageDrop into VM server, point runtime to admin server and set authentication typeAlso available as packages if needed for installation on a physical serverMultiple runtimes can use the same admin server and modelLoad-balancingHigh availability
  • EduPerson Scoped affiliatione.g. Member, Staff, StudentEduPersonTargetedIDPersistent, opaque user IDOnly unique to a particular service providerEduPerson EntitlementCan contain any other informatione.g. user is over 18, or has agreed to Ts & CsEduPerson Principal NamePersistent unique IDAcross multiple service providerse.g. oli.cooper@eduserv.org.uk
  • Should only disclose minimum requiredRelease EduPersonScopedAffiliation to everyoneRelease EduPersonTargetedID to specific service providersRelease email address to internal protected resources
  • OpenAthens LA Product detail and demonstration

    1. 1. OpenAthens LA<br />Detail and Demonstration<br />Oli Cooper<br />www.eduserv.org.uk<br />
    2. 2. Runtime<br />Provides the core functionality of OALA<br />Authenticates and logs in end-users <br />Configured by the administration console<br />Apache server module <br />Provided as a Virtual Machine image<br />Multiple runtimes can use the same admin server and model<br />
    3. 3. Web application for use with all the major browsers<br /><ul><li>rpm, Windows installer, zip
    4. 4. 6 main tabs
    5. 5. Set up from left to right</li></ul>Administration Console<br />
    6. 6. Authentication<br />Establish the identity of the user<br />Built-in<br />LDAP/Active Directory<br />OpenAthens MD<br />Custom<br />Apache (e.g. mod_auth_basic, mod_auth_radius, …)<br />Kerberos/Windows domain<br />PHP, Perl...<br />...or multiple methods<br />
    7. 7. Data-stores<br />Descriptive information (attributes) about users<br />Built-in<br />LDAP/Active Directory<br />OpenAthens MD<br />Relational Database (MySQL, MS SQL Server)<br />Custom<br />Apache (e.g. mod_auth_basic, mod_auth_radius, …)<br />Kerberos/Windows domain<br />PHP, Perl...<br />...or multiple methods<br />
    8. 8. User Categories<br />Grouping of users into categories to control access to resources (e.g. staff, students, biology)<br />Users may belong to multiple categories<br />...but must be in at least one<br />Categories may be assigned by rules<br />...or may be assigned explicitly to specific users<br />Attributes are assigned to categories<br />Fine control of which users can access what resources<br />Cost-saving implications<br />
    9. 9. Attributes<br />Information that describes the user in a vocabulary understood by the Service Provider<br />Datastore (LDAP, SQL database)<br />e.g. email address, EduPerson Principal Name<br />Fixed value<br />e.g. EduPerson Scoped affiliation (member, staff, students)<br />Derived<br />e.g. EduPersonTargetedID<br />Scripted (Javascript)<br />e.g. EduPerson Entitlement<br />
    10. 10. Core Attributes <br />EduPerson Scoped affiliation<br />e.g. Member, Staff, Student<br />EduPerson TargetedID<br />Persistent, opaque user ID<br />Only unique to a particular service provider<br />EduPerson Entitlement<br />Can contain any other information<br />e.g. user is over 18, or has agreed to Ts & Cs<br />EduPerson Principal Name<br />Persistent unique ID<br />Across multiple service providers<br />e.g. oli.cooper@eduserv.org.uk <br />
    11. 11. Configurations<br />Defines one (or more) runtime configurations<br />Pulls everything from the other tabs together into a configuration that runtime servers can request<br />Identity of the installation in the federation<br />Entity ID (usually a URL)<br />Attribute release<br />Which attributes are sent to which service providers<br />Should only disclose minimum required<br />
    12. 12. Demonstration<br />http://demo.idp.openathens.net:7070/OalaAdmin<br />
    13. 13. Questions<br />oli.cooper@eduserv.org.uk<br />http://www.flickr.com/photos/crystaljingsr/3914729343<br />

    ×