Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cloud Identity: A Recipe for Higher Education


Published on

The concept of cloud identity in higher education was recognized in November 2009 with the EDUCAUSE Catalyst Award, which honors IT-based innovations that provide groundbreaking solutions to major challenges in higher education.

But what is cloud identity?

The gist is that cloud identity enables a person's "user" information to be distributed on the Internet. This solves a common problem: the need to maintain a username at every website. In this paradigm shift, identity information is not stored within each website, but accessed on the wire as needed. Websites become "relying parties" (RPs) using the information of trusted "identity providers" (IdPs). Although it has taken a while, finally the recipe for federated identity seems clear.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Cloud Identity: A Recipe for Higher Education

  1. 1. Cloud Identity: A Recipe for HigherEducationBy: Mike Schwartz, Gluu
  2. 2. Key Takeaways● Cloud identity is transformative technology that will turn higher education institutions into both identity consumers and identity providers.● The ROI for cloud identity will be derived by enabling people to use their campus identity to access both internal and external websites, leveraging the institutions existing identity infrastructure.● Use of cloud identity will enable people at institutions to do higher value transactions online, such as submit a grant proposal to a federal agency.● Cloud identity gives people more control over their privacy and personal security.
  3. 3. ProtocolsThere were many protocols to choose from... ● SAML has shown dominance ○ Shibboleth is the most widely used open source SAML software in Higher Ed. ● OpenID Connect on the rise ○ JSON / REST (OAuth 2) authentication protocol ○ Better support for cloud / mobile / social ○ Centralized authorization
  4. 4. Identity Discovery Where does a website send a person to be authenticated (or "WAYF," Where are you from...") ● OpenID Connect Discovery ○ Email "style" identifier (id@domain) ○ Send HTTP request to Domain ■ What URL to send user for authentication ■ What URL to validate tokens from domain ○ Websites dont need to do anything special to authenticate a person at the institution... its the same workflow as a major consumer IDP, just a different domain name
  5. 5. Multi-Party FederationAn organization can host a federation which itspartners can join as either an IDP or relying party.Federations provide the rules to drive down the cost ofdoing business.Examples: InCommon, NJ Edge and dozensmore. A Wikipedia list of higher ed federations :
  6. 6. Conclusion● Cloud identity reduces on-boarding time for new cloud services, reduces time for custom software development, and minimizes account provisioning.● Federations like InCommon provide the tools and rules to enable efficient management of trust and security.● New protocols like OpenID Connect will make cloud identity even more convenient and secure.
  7. 7. The Gluu Appliance
  8. 8. More Resources...● CEO Michael Schwartzs June 2010 guidelines published by EDUCAUSE Quarterly: http://goo. gl/B8bKU● Gluu EDU Webinar:● Gluu Resources: