SlideShare a Scribd company logo

Overview.ppt

Download as PPT, PDF
R
rihahel554

Overview.ppt

Automotive
1 of 24
www.incommon.org InCommon and Federated Identity Management 1 www.incommon.org
www.incommon.org 2 What is Identity Management? • A system of standards, procedures and technologies that provides electronic credentials to individuals. • Maintains authoritative information about individuals. • Establishes the trust needed for transactions. • Facilitates and controls user access to online applications or resources.
www.incommon.org 3 Identity Management Who are you? (identification) • Collect personally identifying information to prove you are who you say you are (identity proofing), such as drivers license, passport, or biometric data • Assign attributes [(name, address, college or university, department, role (faculty, staff, student), major, email address] How can you prove it? (authentication) • Verifying that the person seeking access to a resource is the one previously identified and approved
www.incommon.org 4 Identity Management Authentication does not verify that the identity proofing is correct. It establishes that the previously identified person is the same one who is seeking access to a resource.
www.incommon.org 5 Key Entities Three entities involved in gaining access to a resource: 1.Subject (i.e. user) – The person identified and the subject of assertions (or claims) about his or her identity. 2.Identity Provider – Typically the university or organization that maintains the identity system, identity-proofs the subject and issues a credential. Also provides assertions or claims to the service provider about a subject’s identity. 3.Service Provider (sometimes called the relying party) – Owner/provider of the protected resource to which the subject would like to access. Consumes the assertion from the identity provider and makes an authorization decision.
www.incommon.org 6 Key Terms Authentication – Verification (via a user ID and password) that a subject is associated with an electronic identifier. This is the responsibility of the identity provider. Authorization – Determining whether a subject is eligible to gain access to a resource or service. The authorization decision is made by the service provider and is based on the attributes provided by the identity provider. Attribute – A single piece of information associated with an electronic identity database record, such as name, phone number, group affiliation, email address, major.
www.incommon.org The Problem The system of authentication and authorization, and the passing of attributes, requires that the identity provider and service provider agree on policies and procedures. When you have one identity provider working with many service providers – or one service provider working with many identity providers – things get complicated. Individual service providers keep subject information in their own databases, or may want direct access to an identity provider’s database, or may require frequent batch uploads of identity information. 7
www.incommon.org 8 1. Tedious user registration at all resources 2. Unreliable and outdated user data at resources 3. Different login process at each resource 4. Many different passwords 5. Identity provider may need to support multiple custom authentication methods and/or be asked for access to its identity database
www.incommon.org The Problem • Growing number of applications – on-campus and outsourced or hosted • All of these service providers must: – Verify the identity of users (faculty, staff, students, others) – Know who’s eligible to access the service – Know the student is active and hasn’t left school • Increase in outsourced or cloud services raises concerns about the security and privacy of the identity data 9
www.incommon.org A Solution: Federated Identity Management Federation: An association of organizations that come together to exchange information, as appropriate, about their users and resources in order to enable collaborations and transactions. All participants in a federation agree on the same policies and procedures related to identity management and the passing of attributes. Instead of one-to-one relationships, the federation allows one-to many relationships. 10
www.incommon.org Federated Identity Management • Parties agree to leverage the identity provider’s database, rather than creating separate data stores • Users no longer register with the service provider, using their university credentials for transactions • Single sign-on convenience for users • Identity provider does the authentication; service provider does the authorization • Attributes are the key – maintain privacy and security 11
www.incommon.org 12 1. Single sign on 2. Services no longer manage user accounts & personal data stores 3. Reduced help-desk load 4. Standards-based technology 5. Home org and user controls privacy
www.incommon.org InCommon Federation InCommon is the federation for U.S. research and education, providing higher education and their commercial and non-profit partners with a common trust framework for access to online resources. 13
www.incommon.org About InCommon • Through InCommon, campuses leverage their identity databases to allow for the use of one set of credentials to access multiple resources. • Online service providers no longer need to maintain user accounts. • Identity providers manage the levels of their users' privacy and information exchange. • InCommon uses SAML-based authentication and authorization systems (such as Shibboleth®) to enable scalable, trusted collaborations among its community of participants. 14
www.incommon.org InCommon Federation Benefits • Convenience – Single sign-on with higher education credentials • Safety – Enhanced security with fewer data spills • Privacy – Release of only the minimum information necessary to gain access to resources (via attributes) • Scalability – Once implemented, federated access relatively simple to extend • Authentication – Campus does the authentication, maintaining control of user information • Authorization – Service provider makes access decisions based on attributes 15
www.incommon.org Attributes: Anonymous ID, Staff, Student, … Federated Access in 30 seconds Metadata, certificates, common attributes & meaning, federation registration authority, Shibboleth 4. If attributes are acceptable to resource policy, access is granted! 3. Authorization: Privacy- preserving exchange of agreed upon attributes 2. Federation-based trust exchange to verify partners and locations 1. Authentication: single-sign- on at home institution Home Institution – user signs in Online Resource
www.incommon.org InCommon Participants Year-by-Year 17 • 264 InCommon Participants • Almost 5 million end-users (faculty, staff, students)
www.incommon.org 18 www.incommonfederation.org/participants
www.incommon.org Federated Resources Resources available via InCommon are many and diverse Business Functions • Benefits • Asset management • Talent management • Visas & INS compliance • Mobile alerts • Travel management • Energy management • Surveys and market analysis Learning and Research • Journals • Databases and analytical tools • Multi-media access • Homework labs • Quiz tools • Plagiarism detection • Software downloading • Alcohol awareness education • Student travel discounts • Transportation and ride-share services. Strong support from key higher education partners, such as: Microsoft, Apple, National Student Clearinghouse, NSF, NIH, Gov-affiliated Labs 19
www.incommon.org InCommon Assurance Profiles • Bronze and Silver profiles equate to the U.S. government’s NIST 800-63 levels of assurance 1 and 2, respectively • Require more stringent identity proofing policies and procedures, allowing for access to higher-risk applications (such as financial service apps) • Status: Several universities working through the policy and technical processes for implementing Silver – CIC universities (Big Ten schools and the Univ. of Chicago) www.incommonfederation.org/assurance/ 20
www.incommon.org InCommon Collaboration Groups • Collaboration – InC-Library – InC-Student – InC-NIH – InC-Research Agencies – US Federations https://spaces.internet2.edu/display/InCCollaborate/ 21
www.incommon.org Outreach and Education IAM Online – Monthly presentations on identity and access management. www.incommon.org/iamonline CAMP, Advance CAMP, Day CAMP – Conferences focused on federated identity and access management. www.incommon.org/camp Affiliate Program – Linking higher ed with partners able to help build the necessary underlying infrastructure that supports federated access. www.incommon.org/affiliate Shibboleth Workshop Series – Intensive workshops to learn and install Shibboleth. www.incommon.org/educate/shibboleth
www.incommon.org 23 • Service developed by and for the higher education community. InCommon is a non-profit, community-governed organization – the primary driver is to provide value to the community. • Unlimited SSL certificates, and (soon) unlimited personal certificates (for signing, encryption, code signing and authentication) • One fixed annual fee. • One publicly signed certificate source for all campus servers and domains • Includes all domains owned by the college or university – such as professional organizations or athletic sites (including any .org, .com, .net or others). • Internet2 members receive a 25 percent discount InCommon Cert Service
www.incommon.org InCommon and Federated Identity Management 24 www.incommon.org incommon-info@incommonfederation.org

Recommended

Incommon overview
Incommon overviewIncommon overview
Incommon overviewBarry Johnson
 
Co p
Co pCo p
Co pAllyn McGillicuddy
 
Co p
Co pCo p
Co pAllyn McGillicuddy
 
Federated id alignment 2011
Federated id alignment 2011Federated id alignment 2011
Federated id alignment 2011BCcampus
 
Iam it-summit-2015
Iam it-summit-2015Iam it-summit-2015
Iam it-summit-2015kevin_donovan
 
Federation registry
Federation registryFederation registry
Federation registryMike Schwartz
 
Reputation based model for decision making in the digital age
Reputation based model for decision making in the digital ageReputation based model for decision making in the digital age
Reputation based model for decision making in the digital ageTogar Simatupang
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 

Recommended

Incommon overview
Incommon overviewIncommon overview
Incommon overviewBarry Johnson
 
Co p
Co pCo p
Co pAllyn McGillicuddy
 
Co p
Co pCo p
Co pAllyn McGillicuddy
 
Federated id alignment 2011
Federated id alignment 2011Federated id alignment 2011
Federated id alignment 2011BCcampus
 
Iam it-summit-2015
Iam it-summit-2015Iam it-summit-2015
Iam it-summit-2015kevin_donovan
 
Federation registry
Federation registryFederation registry
Federation registryMike Schwartz
 
Reputation based model for decision making in the digital age
Reputation based model for decision making in the digital ageReputation based model for decision making in the digital age
Reputation based model for decision making in the digital ageTogar Simatupang
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
Digital Proctor Whitepaper #1
Digital Proctor Whitepaper #1Digital Proctor Whitepaper #1
Digital Proctor Whitepaper #1Course Glue - Increase Student Retention
 
Identity Managment
Identity ManagmentIdentity Managment
Identity ManagmentAlanoud Alqoufi
 
IDM in telecom industry
IDM in telecom industryIDM in telecom industry
IDM in telecom industryAjit Dadresa
 
Mobility innovation and unknowns
Mobility innovation and unknownsMobility innovation and unknowns
Mobility innovation and unknownsLisa Marie Martinez
 
Blockchain-Anchored Identity -- Daniel Buchner, Microsoft
Blockchain-Anchored Identity -- Daniel Buchner, MicrosoftBlockchain-Anchored Identity -- Daniel Buchner, Microsoft
Blockchain-Anchored Identity -- Daniel Buchner, Microsoftbernardgolden
 
TMCnet final
TMCnet finalTMCnet final
TMCnet finalHeather Tomlin
 
Campus Consortium EdTalks Featuring Clemson University
Campus Consortium EdTalks Featuring Clemson UniversityCampus Consortium EdTalks Featuring Clemson University
Campus Consortium EdTalks Featuring Clemson UniversityCampus Consortium
 
unit4.pptx
unit4.pptxunit4.pptx
unit4.pptxApurvSingh65
 
Directions Answer each question individual and respond with full .docx
Directions Answer each question individual and respond with full .docxDirections Answer each question individual and respond with full .docx
Directions Answer each question individual and respond with full .docxmariona83
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingKaren Oliver
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedAntonioMaio2
 
Age Verification: Reaching a Tipping Point
Age Verification: Reaching a Tipping PointAge Verification: Reaching a Tipping Point
Age Verification: Reaching a Tipping PointDr Rachel O'Connell
 
Trust and Governance in Health and Social Care
Trust and Governance in Health and Social Care Trust and Governance in Health and Social Care
Trust and Governance in Health and Social Care Napier University
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarConcept Searching, Inc
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the HourTechdemocracy
 
Improving Veteran benefit services through efficient data streaming | Robert ...
Improving Veteran benefit services through efficient data streaming | Robert ...Improving Veteran benefit services through efficient data streaming | Robert ...
Improving Veteran benefit services through efficient data streaming | Robert ...HostedbyConfluent
 
Chapter 5 - Identity Management
Chapter 5 - Identity ManagementChapter 5 - Identity Management
Chapter 5 - Identity ManagementKarthikeyan Dhayalan
 
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)Pace IT at Edmonds Community College
 
Denver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security ParadigmDenver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security ParadigmIdentity Defined Security Alliance
 
Provider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeProvider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeBrian Ahier
 
What Causes DPF Failure In VW Golf Cars & How Can They Be Prevented
What Causes DPF Failure In VW Golf Cars & How Can They Be PreventedWhat Causes DPF Failure In VW Golf Cars & How Can They Be Prevented
What Causes DPF Failure In VW Golf Cars & How Can They Be PreventedAutobahn Automotive Service
 
(8264348440) 🔝 Call Girls In Shaheen Bagh 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Shaheen Bagh 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Shaheen Bagh 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Shaheen Bagh 🔝 Delhi NCRsoniya singh
 

More Related Content

Similar to Overview.ppt

IDM in telecom industry
IDM in telecom industryIDM in telecom industry
IDM in telecom industryAjit Dadresa
 
Mobility innovation and unknowns
Mobility innovation and unknownsMobility innovation and unknowns
Mobility innovation and unknownsLisa Marie Martinez
 
Blockchain-Anchored Identity -- Daniel Buchner, Microsoft
Blockchain-Anchored Identity -- Daniel Buchner, MicrosoftBlockchain-Anchored Identity -- Daniel Buchner, Microsoft
Blockchain-Anchored Identity -- Daniel Buchner, Microsoftbernardgolden
 
Campus Consortium EdTalks Featuring Clemson University
Campus Consortium EdTalks Featuring Clemson UniversityCampus Consortium EdTalks Featuring Clemson University
Campus Consortium EdTalks Featuring Clemson UniversityCampus Consortium
 
Directions Answer each question individual and respond with full .docx
Directions Answer each question individual and respond with full .docxDirections Answer each question individual and respond with full .docx
Directions Answer each question individual and respond with full .docxmariona83
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingKaren Oliver
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedAntonioMaio2
 
Age Verification: Reaching a Tipping Point
Age Verification: Reaching a Tipping PointAge Verification: Reaching a Tipping Point
Age Verification: Reaching a Tipping PointDr Rachel O'Connell
 
Trust and Governance in Health and Social Care
Trust and Governance in Health and Social Care Trust and Governance in Health and Social Care
Trust and Governance in Health and Social Care Napier University
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarConcept Searching, Inc
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the HourTechdemocracy
 
Improving Veteran benefit services through efficient data streaming | Robert ...
Improving Veteran benefit services through efficient data streaming | Robert ...Improving Veteran benefit services through efficient data streaming | Robert ...
Improving Veteran benefit services through efficient data streaming | Robert ...HostedbyConfluent
 
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)Pace IT at Edmonds Community College
 
Provider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeProvider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeBrian Ahier
 

Similar to Overview.ppt (20)

Digital Proctor Whitepaper #1
Digital Proctor Whitepaper #1Digital Proctor Whitepaper #1
Digital Proctor Whitepaper #1
 
Identity Managment
Identity ManagmentIdentity Managment
Identity Managment
 
IDM in telecom industry
IDM in telecom industryIDM in telecom industry
IDM in telecom industry
 
Mobility innovation and unknowns
Mobility innovation and unknownsMobility innovation and unknowns
Mobility innovation and unknowns
 
Blockchain-Anchored Identity -- Daniel Buchner, Microsoft
Blockchain-Anchored Identity -- Daniel Buchner, MicrosoftBlockchain-Anchored Identity -- Daniel Buchner, Microsoft
Blockchain-Anchored Identity -- Daniel Buchner, Microsoft
 
TMCnet final
TMCnet finalTMCnet final
TMCnet final
 
Campus Consortium EdTalks Featuring Clemson University
Campus Consortium EdTalks Featuring Clemson UniversityCampus Consortium EdTalks Featuring Clemson University
Campus Consortium EdTalks Featuring Clemson University
 
unit4.pptx
unit4.pptxunit4.pptx
unit4.pptx
 
Directions Answer each question individual and respond with full .docx
Directions Answer each question individual and respond with full .docxDirections Answer each question individual and respond with full .docx
Directions Answer each question individual and respond with full .docx
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal Thing
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 published
 
Age Verification: Reaching a Tipping Point
Age Verification: Reaching a Tipping PointAge Verification: Reaching a Tipping Point
Age Verification: Reaching a Tipping Point
 
Trust and Governance in Health and Social Care
Trust and Governance in Health and Social Care Trust and Governance in Health and Social Care
Trust and Governance in Health and Social Care
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint Webinar
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the Hour
 
Improving Veteran benefit services through efficient data streaming | Robert ...
Improving Veteran benefit services through efficient data streaming | Robert ...Improving Veteran benefit services through efficient data streaming | Robert ...
Improving Veteran benefit services through efficient data streaming | Robert ...
 
Chapter 5 - Identity Management
Chapter 5 - Identity ManagementChapter 5 - Identity Management
Chapter 5 - Identity Management
 
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)
 
Denver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security ParadigmDenver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security Paradigm
 
Provider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeProvider Authentication for Health Information Exchange
Provider Authentication for Health Information Exchange
 

Recently uploaded

What Causes DPF Failure In VW Golf Cars & How Can They Be Prevented
What Causes DPF Failure In VW Golf Cars & How Can They Be PreventedWhat Causes DPF Failure In VW Golf Cars & How Can They Be Prevented
What Causes DPF Failure In VW Golf Cars & How Can They Be PreventedAutobahn Automotive Service
 
(8264348440) 🔝 Call Girls In Shaheen Bagh 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Shaheen Bagh 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Shaheen Bagh 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Shaheen Bagh 🔝 Delhi NCRsoniya singh
 
call girls in G.T.B. Nagar (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in G.T.B. Nagar (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in G.T.B. Nagar (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in G.T.B. Nagar (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
如何办理(UC毕业证书)堪培拉大学毕业证毕业证成绩单原版一比一
如何办理(UC毕业证书)堪培拉大学毕业证毕业证成绩单原版一比一如何办理(UC毕业证书)堪培拉大学毕业证毕业证成绩单原版一比一
如何办理(UC毕业证书)堪培拉大学毕业证毕业证成绩单原版一比一fjjwgk
 
Dubai Call Girls Size E6 (O525547819) Call Girls In Dubai
Dubai Call Girls Size E6 (O525547819) Call Girls In DubaiDubai Call Girls Size E6 (O525547819) Call Girls In Dubai
Dubai Call Girls Size E6 (O525547819) Call Girls In Dubaikojalkojal131
 
UNIT-IV-STEERING, BRAKES AND SUSPENSION SYSTEMS.pptx
UNIT-IV-STEERING, BRAKES AND SUSPENSION SYSTEMS.pptxUNIT-IV-STEERING, BRAKES AND SUSPENSION SYSTEMS.pptx
UNIT-IV-STEERING, BRAKES AND SUSPENSION SYSTEMS.pptxDineshKumar4165
 
UNIT-III-TRANSMISSION SYSTEMS REAR AXLES
UNIT-III-TRANSMISSION SYSTEMS REAR AXLESUNIT-III-TRANSMISSION SYSTEMS REAR AXLES
UNIT-III-TRANSMISSION SYSTEMS REAR AXLESDineshKumar4165
 
如何办理迈阿密大学毕业证(UM毕业证)成绩单留信学历认证原版一比一
如何办理迈阿密大学毕业证(UM毕业证)成绩单留信学历认证原版一比一如何办理迈阿密大学毕业证(UM毕业证)成绩单留信学历认证原版一比一
如何办理迈阿密大学毕业证(UM毕业证)成绩单留信学历认证原版一比一ga6c6bdl
 
(办理学位证)(Rice毕业证)莱斯大学毕业证成绩单修改留信学历认证原版一模一样
(办理学位证)(Rice毕业证)莱斯大学毕业证成绩单修改留信学历认证原版一模一样(办理学位证)(Rice毕业证)莱斯大学毕业证成绩单修改留信学历认证原版一模一样
(办理学位证)(Rice毕业证)莱斯大学毕业证成绩单修改留信学历认证原版一模一样gfghbihg
 
FULL ENJOY - 9953040155 Call Girls in Sector 61 | Noida
FULL ENJOY - 9953040155 Call Girls in Sector 61 | NoidaFULL ENJOY - 9953040155 Call Girls in Sector 61 | Noida
FULL ENJOY - 9953040155 Call Girls in Sector 61 | NoidaMalviyaNagarCallGirl
 
VDA 6.3 Process Approach in Automotive Industries
VDA 6.3 Process Approach in Automotive IndustriesVDA 6.3 Process Approach in Automotive Industries
VDA 6.3 Process Approach in Automotive IndustriesKannanDN
 
UNOSAFE ELEVATOR PRIVATE LTD BANGALORE BROUCHER
UNOSAFE ELEVATOR PRIVATE LTD BANGALORE BROUCHERUNOSAFE ELEVATOR PRIVATE LTD BANGALORE BROUCHER
UNOSAFE ELEVATOR PRIVATE LTD BANGALORE BROUCHERunosafeads
 
Call Girl Service Global Village Dubai +971509430017 Independent Call Girls G...
Call Girl Service Global Village Dubai +971509430017 Independent Call Girls G...Call Girl Service Global Village Dubai +971509430017 Independent Call Girls G...
Call Girl Service Global Village Dubai +971509430017 Independent Call Girls G...kexey39068
 
John Deere 300 3029 4039 4045 6059 6068 Engine Operation and Service Manual
John Deere 300 3029 4039 4045 6059 6068 Engine Operation and Service ManualJohn Deere 300 3029 4039 4045 6059 6068 Engine Operation and Service Manual
John Deere 300 3029 4039 4045 6059 6068 Engine Operation and Service ManualExcavator
 
Call Girls Vastrapur 7397865700 Ridhima Hire Me Full Night
Call Girls Vastrapur 7397865700 Ridhima Hire Me Full NightCall Girls Vastrapur 7397865700 Ridhima Hire Me Full Night
Call Girls Vastrapur 7397865700 Ridhima Hire Me Full Nightssuser7cb4ff
 
办理埃默里大学毕业证Emory毕业证原版一比一
办理埃默里大学毕业证Emory毕业证原版一比一办理埃默里大学毕业证Emory毕业证原版一比一
办理埃默里大学毕业证Emory毕业证原版一比一mkfnjj
 
( Best ) Genuine Call Girls In Mandi House =DELHI-| 8377087607
( Best ) Genuine Call Girls In Mandi House =DELHI-| 8377087607( Best ) Genuine Call Girls In Mandi House =DELHI-| 8377087607
( Best ) Genuine Call Girls In Mandi House =DELHI-| 8377087607dollysharma2066
 
定制(Plymouth文凭证书)普利茅斯大学毕业证毕业证成绩单学历认证原版一比一
定制(Plymouth文凭证书)普利茅斯大学毕业证毕业证成绩单学历认证原版一比一定制(Plymouth文凭证书)普利茅斯大学毕业证毕业证成绩单学历认证原版一比一
定制(Plymouth文凭证书)普利茅斯大学毕业证毕业证成绩单学历认证原版一比一fhhkjh
 
如何办理爱尔兰都柏林大学毕业证(UCD毕业证) 成绩单原版一比一
如何办理爱尔兰都柏林大学毕业证(UCD毕业证) 成绩单原版一比一如何办理爱尔兰都柏林大学毕业证(UCD毕业证) 成绩单原版一比一
如何办理爱尔兰都柏林大学毕业证(UCD毕业证) 成绩单原版一比一mjyguplun
 

Recently uploaded (20)

What Causes DPF Failure In VW Golf Cars & How Can They Be Prevented
What Causes DPF Failure In VW Golf Cars & How Can They Be PreventedWhat Causes DPF Failure In VW Golf Cars & How Can They Be Prevented
What Causes DPF Failure In VW Golf Cars & How Can They Be Prevented
 
(8264348440) 🔝 Call Girls In Shaheen Bagh 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Shaheen Bagh 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Shaheen Bagh 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Shaheen Bagh 🔝 Delhi NCR
 
call girls in G.T.B. Nagar (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in G.T.B. Nagar (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in G.T.B. Nagar (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in G.T.B. Nagar (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
如何办理(UC毕业证书)堪培拉大学毕业证毕业证成绩单原版一比一
如何办理(UC毕业证书)堪培拉大学毕业证毕业证成绩单原版一比一如何办理(UC毕业证书)堪培拉大学毕业证毕业证成绩单原版一比一
如何办理(UC毕业证书)堪培拉大学毕业证毕业证成绩单原版一比一
 
Dubai Call Girls Size E6 (O525547819) Call Girls In Dubai
Dubai Call Girls Size E6 (O525547819) Call Girls In DubaiDubai Call Girls Size E6 (O525547819) Call Girls In Dubai
Dubai Call Girls Size E6 (O525547819) Call Girls In Dubai
 
Call Girls In Kirti Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Kirti Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In Kirti Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Kirti Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
UNIT-IV-STEERING, BRAKES AND SUSPENSION SYSTEMS.pptx
UNIT-IV-STEERING, BRAKES AND SUSPENSION SYSTEMS.pptxUNIT-IV-STEERING, BRAKES AND SUSPENSION SYSTEMS.pptx
UNIT-IV-STEERING, BRAKES AND SUSPENSION SYSTEMS.pptx
 
UNIT-III-TRANSMISSION SYSTEMS REAR AXLES
UNIT-III-TRANSMISSION SYSTEMS REAR AXLESUNIT-III-TRANSMISSION SYSTEMS REAR AXLES
UNIT-III-TRANSMISSION SYSTEMS REAR AXLES
 
如何办理迈阿密大学毕业证(UM毕业证)成绩单留信学历认证原版一比一
如何办理迈阿密大学毕业证(UM毕业证)成绩单留信学历认证原版一比一如何办理迈阿密大学毕业证(UM毕业证)成绩单留信学历认证原版一比一
如何办理迈阿密大学毕业证(UM毕业证)成绩单留信学历认证原版一比一
 
(办理学位证)(Rice毕业证)莱斯大学毕业证成绩单修改留信学历认证原版一模一样
(办理学位证)(Rice毕业证)莱斯大学毕业证成绩单修改留信学历认证原版一模一样(办理学位证)(Rice毕业证)莱斯大学毕业证成绩单修改留信学历认证原版一模一样
(办理学位证)(Rice毕业证)莱斯大学毕业证成绩单修改留信学历认证原版一模一样
 
FULL ENJOY - 9953040155 Call Girls in Sector 61 | Noida
FULL ENJOY - 9953040155 Call Girls in Sector 61 | NoidaFULL ENJOY - 9953040155 Call Girls in Sector 61 | Noida
FULL ENJOY - 9953040155 Call Girls in Sector 61 | Noida
 
VDA 6.3 Process Approach in Automotive Industries
VDA 6.3 Process Approach in Automotive IndustriesVDA 6.3 Process Approach in Automotive Industries
VDA 6.3 Process Approach in Automotive Industries
 
UNOSAFE ELEVATOR PRIVATE LTD BANGALORE BROUCHER
UNOSAFE ELEVATOR PRIVATE LTD BANGALORE BROUCHERUNOSAFE ELEVATOR PRIVATE LTD BANGALORE BROUCHER
UNOSAFE ELEVATOR PRIVATE LTD BANGALORE BROUCHER
 
Call Girl Service Global Village Dubai +971509430017 Independent Call Girls G...
Call Girl Service Global Village Dubai +971509430017 Independent Call Girls G...Call Girl Service Global Village Dubai +971509430017 Independent Call Girls G...
Call Girl Service Global Village Dubai +971509430017 Independent Call Girls G...
 
John Deere 300 3029 4039 4045 6059 6068 Engine Operation and Service Manual
John Deere 300 3029 4039 4045 6059 6068 Engine Operation and Service ManualJohn Deere 300 3029 4039 4045 6059 6068 Engine Operation and Service Manual
John Deere 300 3029 4039 4045 6059 6068 Engine Operation and Service Manual
 
Call Girls Vastrapur 7397865700 Ridhima Hire Me Full Night
Call Girls Vastrapur 7397865700 Ridhima Hire Me Full NightCall Girls Vastrapur 7397865700 Ridhima Hire Me Full Night
Call Girls Vastrapur 7397865700 Ridhima Hire Me Full Night
 
办理埃默里大学毕业证Emory毕业证原版一比一
办理埃默里大学毕业证Emory毕业证原版一比一办理埃默里大学毕业证Emory毕业证原版一比一
办理埃默里大学毕业证Emory毕业证原版一比一
 
( Best ) Genuine Call Girls In Mandi House =DELHI-| 8377087607
( Best ) Genuine Call Girls In Mandi House =DELHI-| 8377087607( Best ) Genuine Call Girls In Mandi House =DELHI-| 8377087607
( Best ) Genuine Call Girls In Mandi House =DELHI-| 8377087607
 
定制(Plymouth文凭证书)普利茅斯大学毕业证毕业证成绩单学历认证原版一比一
定制(Plymouth文凭证书)普利茅斯大学毕业证毕业证成绩单学历认证原版一比一定制(Plymouth文凭证书)普利茅斯大学毕业证毕业证成绩单学历认证原版一比一
定制(Plymouth文凭证书)普利茅斯大学毕业证毕业证成绩单学历认证原版一比一
 
如何办理爱尔兰都柏林大学毕业证(UCD毕业证) 成绩单原版一比一
如何办理爱尔兰都柏林大学毕业证(UCD毕业证) 成绩单原版一比一如何办理爱尔兰都柏林大学毕业证(UCD毕业证) 成绩单原版一比一
如何办理爱尔兰都柏林大学毕业证(UCD毕业证) 成绩单原版一比一
 

Overview.ppt

  • 1. www.incommon.org InCommon and Federated Identity Management 1 www.incommon.org
  • 2. www.incommon.org 2 What is Identity Management? • A system of standards, procedures and technologies that provides electronic credentials to individuals. • Maintains authoritative information about individuals. • Establishes the trust needed for transactions. • Facilitates and controls user access to online applications or resources.
  • 3. www.incommon.org 3 Identity Management Who are you? (identification) • Collect personally identifying information to prove you are who you say you are (identity proofing), such as drivers license, passport, or biometric data • Assign attributes [(name, address, college or university, department, role (faculty, staff, student), major, email address] How can you prove it? (authentication) • Verifying that the person seeking access to a resource is the one previously identified and approved
  • 4. www.incommon.org 4 Identity Management Authentication does not verify that the identity proofing is correct. It establishes that the previously identified person is the same one who is seeking access to a resource.
  • 5. www.incommon.org 5 Key Entities Three entities involved in gaining access to a resource: 1.Subject (i.e. user) – The person identified and the subject of assertions (or claims) about his or her identity. 2.Identity Provider – Typically the university or organization that maintains the identity system, identity-proofs the subject and issues a credential. Also provides assertions or claims to the service provider about a subject’s identity. 3.Service Provider (sometimes called the relying party) – Owner/provider of the protected resource to which the subject would like to access. Consumes the assertion from the identity provider and makes an authorization decision.
  • 6. www.incommon.org 6 Key Terms Authentication – Verification (via a user ID and password) that a subject is associated with an electronic identifier. This is the responsibility of the identity provider. Authorization – Determining whether a subject is eligible to gain access to a resource or service. The authorization decision is made by the service provider and is based on the attributes provided by the identity provider. Attribute – A single piece of information associated with an electronic identity database record, such as name, phone number, group affiliation, email address, major.
  • 7. www.incommon.org The Problem The system of authentication and authorization, and the passing of attributes, requires that the identity provider and service provider agree on policies and procedures. When you have one identity provider working with many service providers – or one service provider working with many identity providers – things get complicated. Individual service providers keep subject information in their own databases, or may want direct access to an identity provider’s database, or may require frequent batch uploads of identity information. 7
  • 8. www.incommon.org 8 1. Tedious user registration at all resources 2. Unreliable and outdated user data at resources 3. Different login process at each resource 4. Many different passwords 5. Identity provider may need to support multiple custom authentication methods and/or be asked for access to its identity database
  • 9. www.incommon.org The Problem • Growing number of applications – on-campus and outsourced or hosted • All of these service providers must: – Verify the identity of users (faculty, staff, students, others) – Know who’s eligible to access the service – Know the student is active and hasn’t left school • Increase in outsourced or cloud services raises concerns about the security and privacy of the identity data 9
  • 10. www.incommon.org A Solution: Federated Identity Management Federation: An association of organizations that come together to exchange information, as appropriate, about their users and resources in order to enable collaborations and transactions. All participants in a federation agree on the same policies and procedures related to identity management and the passing of attributes. Instead of one-to-one relationships, the federation allows one-to many relationships. 10
  • 11. www.incommon.org Federated Identity Management • Parties agree to leverage the identity provider’s database, rather than creating separate data stores • Users no longer register with the service provider, using their university credentials for transactions • Single sign-on convenience for users • Identity provider does the authentication; service provider does the authorization • Attributes are the key – maintain privacy and security 11
  • 12. www.incommon.org 12 1. Single sign on 2. Services no longer manage user accounts & personal data stores 3. Reduced help-desk load 4. Standards-based technology 5. Home org and user controls privacy
  • 13. www.incommon.org InCommon Federation InCommon is the federation for U.S. research and education, providing higher education and their commercial and non-profit partners with a common trust framework for access to online resources. 13
  • 14. www.incommon.org About InCommon • Through InCommon, campuses leverage their identity databases to allow for the use of one set of credentials to access multiple resources. • Online service providers no longer need to maintain user accounts. • Identity providers manage the levels of their users' privacy and information exchange. • InCommon uses SAML-based authentication and authorization systems (such as Shibboleth®) to enable scalable, trusted collaborations among its community of participants. 14
  • 15. www.incommon.org InCommon Federation Benefits • Convenience – Single sign-on with higher education credentials • Safety – Enhanced security with fewer data spills • Privacy – Release of only the minimum information necessary to gain access to resources (via attributes) • Scalability – Once implemented, federated access relatively simple to extend • Authentication – Campus does the authentication, maintaining control of user information • Authorization – Service provider makes access decisions based on attributes 15
  • 16. www.incommon.org Attributes: Anonymous ID, Staff, Student, … Federated Access in 30 seconds Metadata, certificates, common attributes & meaning, federation registration authority, Shibboleth 4. If attributes are acceptable to resource policy, access is granted! 3. Authorization: Privacy- preserving exchange of agreed upon attributes 2. Federation-based trust exchange to verify partners and locations 1. Authentication: single-sign- on at home institution Home Institution – user signs in Online Resource
  • 17. www.incommon.org InCommon Participants Year-by-Year 17 • 264 InCommon Participants • Almost 5 million end-users (faculty, staff, students)
  • 19. www.incommon.org Federated Resources Resources available via InCommon are many and diverse Business Functions • Benefits • Asset management • Talent management • Visas & INS compliance • Mobile alerts • Travel management • Energy management • Surveys and market analysis Learning and Research • Journals • Databases and analytical tools • Multi-media access • Homework labs • Quiz tools • Plagiarism detection • Software downloading • Alcohol awareness education • Student travel discounts • Transportation and ride-share services. Strong support from key higher education partners, such as: Microsoft, Apple, National Student Clearinghouse, NSF, NIH, Gov-affiliated Labs 19
  • 20. www.incommon.org InCommon Assurance Profiles • Bronze and Silver profiles equate to the U.S. government’s NIST 800-63 levels of assurance 1 and 2, respectively • Require more stringent identity proofing policies and procedures, allowing for access to higher-risk applications (such as financial service apps) • Status: Several universities working through the policy and technical processes for implementing Silver – CIC universities (Big Ten schools and the Univ. of Chicago) www.incommonfederation.org/assurance/ 20
  • 21. www.incommon.org InCommon Collaboration Groups • Collaboration – InC-Library – InC-Student – InC-NIH – InC-Research Agencies – US Federations https://spaces.internet2.edu/display/InCCollaborate/ 21
  • 22. www.incommon.org Outreach and Education IAM Online – Monthly presentations on identity and access management. www.incommon.org/iamonline CAMP, Advance CAMP, Day CAMP – Conferences focused on federated identity and access management. www.incommon.org/camp Affiliate Program – Linking higher ed with partners able to help build the necessary underlying infrastructure that supports federated access. www.incommon.org/affiliate Shibboleth Workshop Series – Intensive workshops to learn and install Shibboleth. www.incommon.org/educate/shibboleth
  • 23. www.incommon.org 23 • Service developed by and for the higher education community. InCommon is a non-profit, community-governed organization – the primary driver is to provide value to the community. • Unlimited SSL certificates, and (soon) unlimited personal certificates (for signing, encryption, code signing and authentication) • One fixed annual fee. • One publicly signed certificate source for all campus servers and domains • Includes all domains owned by the college or university – such as professional organizations or athletic sites (including any .org, .com, .net or others). • Internet2 members receive a 25 percent discount InCommon Cert Service
  • 24. www.incommon.org InCommon and Federated Identity Management 24 www.incommon.org incommon-info@incommonfederation.org