Next generation service platform for advanced services
and collaboration services for higher education.
Andreas Åkre Solberg
Once upon a time
Web Single Sign-On with Feide was sufficient to provide
a seamless user experience across services.
Collaboration on Internet
A dynamic working groups spanning multiple organizations, work
together using digital collaboration tools:
Document sharing tool
Meeting planner and calendar
A Web meeting tool
A web forum or mailinglist
Feide based upon SAML 2.0
Rather complex results in relatively high integration cost for Service Providers.
Limited opportunities to the «login request -> response»-flow.
Trends in consumer markets (Facebook, Google, Twitter, Linkedin, Salesforce)
From enterprise protocols towards APIs / REST and OAuth
Providers needs to offer APIs and third party integration anyway; OAuth
Easy to establish a simple authentication protocol (userinfo) on top of that
Built-in support for cross-federation (eduGAIN, Kalmar) and guest users.
oktober 23, 2013
API-based instead of SSO-flow
OAuth + authentication
Makes use of Feide (without changes)
Offers additional services
Better support for mobile, desktop etc.
API Authorization Management
Extremely simple integration for Service
Low-bar of entry
(for students, non-commercial, etc)
oktober 23, 2013
Groups and roles
Base layer: builds groups
from Feide attributes
Connector to FS:
emner, studieretning med mer.
Support for Ad-Hoc groups
Anyone can create groups for their
collaboration needs. Cross-organizational
Support for custom external connectors
to an institutions authoritative source of
Separate People Search API
Also available as a JS library
And as a Federated Widget
Relies on already public information
Better user experience to search for real
user names, than to add userids.
l l a co
Generic information model
ad ew u
o t ho
gr if i
«w as c
Acitivites posted to one or more groups
Mobile app frontend
o u rc
One activity stream per group.
Embed content on remote site
Widgets adopts context
Widgets in a separate security domain
Communicates with the surroundings
Harmonized references; activities, users
and groups. As well as time and location.
C o n n e ct
Shows an aggregated feed of activities for the current
selected group across all collaboration tools.
Can be easily integrated anywhere. Will share a link to the current web page
to the activity stream for the current user in a selected group context. 9
Universities increasing interest to share their data using APIs.
Motivates growth of new innovative, and better services for the employees and
Privacy very important!
Complex to provide authentication model for delegated access to personal data.
Self-Service and Scalability
Everything is self-service
Well-designed authorization work-flows. Focus on «one-click» grant,
when moderation is needed at all.
Will run on HA infrastructure
Any student or employee in Europe should be able to login with their local credentials on the
through the platform.
Established cross-federation connections through eduGAIN and Kalmar.
Collaboration on harmonizing group definitions and exchange protocols with other countries.
Collaboration through GÉANT, Terena and NordForum.
OAuth, OpenID Connect, SCIM, OpenSocial, ActivityStreams, Misc W3C
Piloting with Institutions
Allow access to login through Feide
Setup access for Person Search. Directory access
Register a set of test users with additional privileges
Integration with FS for groups and roles
Integration with external connectors
Testing of API authorization
Real users testing of collaboration tools