SlideShare a Scribd company logo

Edugate Futures

Download as PPT, PDF
HEAnet
HEAnet

12 Future directions Edugate could take

Technology
1 of 25
Edugate Glenn Wearen HEAnet.
Summary 1 year Pilot Project / 2 years in production All IoT’s, Universities, Colleges, but only half of HEAnet’s members Core service at some institutions but light use at others
So, where to now? 1. Extended Attribute Schema 2. Higher Identity Assurance 3. Strong Authentiation 4. Account Provisioning 5. Cross institutional groups 6. New Identity Protocols 7. Statistics 8. Bilateral Trusts 9. Expansion beyond HEAnet 10. SSO for non-web applications 11. Aggregated identities 12. Logout
1. Extended Attribute Schema Students • Do you have photos? • Can I tell if a user is part-time/full-time? • What course is the student pursuing? Staff • Cost-center code (for eProcurement) • ResearcherID AuthorID • Availability calendar • Telephone number
2. Higher Identity Assurance Would you use Edugate for eProcurement? • On-campus (cross charging for campus services) • Shared procurement portal (Shannon Consortium Procurement Network) • External suppliers (vikingdirect.ie/officedepot.ie) Service Provider will seek assurances that the identity is sufficient quality to underpin a cardless financial transaction
3. Strong Authentication Passwords are the root of all e-vil • Easily shared • Easily forgotten • Frequently exposed • No common password policy • Password changes not enforced
3. Strong Authentication SSO helps to eliminate passwords • Consolidating onto a single (or single+1) credential allows for strong authentication • 2-factor authentication / strong password policy SSO systems can protect sensitive resources • re-authentication • ‘step-up’ authentication
4. Account Provisioning On-campus, provisioning is a minor problem, but, for cloud/hosted/outsourced services provisioning is a significant problem Invitation systems require; • email address of all potential users -1 time url • approval workflows -open URL
4. Account Provisioning Bulk provisioning • Handling of bulk files a significant risk • Out of Sync almost immediately • De-provisioning rarely handled • Accounts created for users who might never login
4. Account Provisioning Just-in-Time provisioning Standards emerging • Simple Cloud Identity Management (SCIM) But, service Providers familiar with; • LDAP Enter username/password, authenticate, query for attributes • Oauth Enter user ID, authenticate, get token, query for attributes • API Enter a user identifier, query for attributes, forever
5. Cross institutional groups Cross institutional/federation groups (Virtual Organisations) • Identity provider doesn’t know all the collaboration or projects that a user participates within. • This makes it authorisation difficult for Service Providers (e.g. Project Portal)
5. Cross Institutional Groups Establish an Edugate group repository; • this can be queried by IdP’s during the preparation of attributes for an assertion • this can be queried by SP’s provided the repository has a user identifier • Self-asserted group membership • Group membership approvals or invitations.
6. New Identity Protocols OpenID Connect • Addresses weaknesses and shortcomings of OpenID OAuth2 • Allows retrieval of user data when user is not present WIF • Predominant identity protocol for Microsoft services
6. New Identity Protocols Should Edugate add new protocols? • Cost? • Benefit?
7. Statistics and Monitoring Are my users able to access service X? Why are my users accessing service Y? How come I’ve no users from institution A? Why are we so popular with institution B? What is the most widely used Edugate service? What is the least most used service? Is Edugate being used? or being used more?
7. Statistics and Monitoring Is IdP X up? Are there high rates of attrition? Are [staff|students] able to authenticate?
8.Proliferation of bilateral trusts There are 29 bilateral trusts in Edugate, why don’t these services join Edugate? • Maybe not required (single institution) • Tender awarded, Edugate not in the tender • SP not a legal entity Google Apps, Millennium, Blackboard Learn.
9. Expansion beyond HEAnet? More identity providers will mean more service providers •Private Colleges •Health Services Sector (HSE/Hospitals/CPD) •Industry Research Centers (Intel Labs / SFI participants) •2nd Level schools
10. SSO for non-web SAML works well within the browser, but, Outside the browser, it requires client support • Native client support Outlook Claims based authentication • Or, with Moonshot; Common library support (GSS/SASL/SSPI)
11. Aggregated identities Institution holds validated identity data and enrollment status. This can be aggregated or augmented with self-asserted data from other sources; • Social ID’s (Profile Pictures, friends, interests) • Group membership repository
11. Aggregated identities Facebook/Twitter/Google hold self-asserted identity data. This can be aggregated or augmented with verified user data from other sources :-p
12. Logout Clicking on ‘Logout’ what should happen? • Logout of the application, but IdP session persists (Local Logout) • Logout of the application, redirect to IdP session killer page (partial logout) • Logout of the application, redirect to IdP session killer page, trigger logout of all services • (global logout)
12. Logout Or should the SP force re-authentication at the IdP after the logout button has been used (if the IdP supports it.
So, where to now? 1. Extended Attribute Schema 2. Higher Identity Assurance 3. Strong Authentiation 4. Account Provisioning 5. Cross institutional groups 6. New Identity Protocols 7. Statistics 8. Bilateral Trusts 9. Expansion beyond HEAnet 10. SSO for non-web applications 11. Aggregated identities 12. Logout

Recommended

Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialVMware Tanzu
 
Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsAvtex
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103Brian Culver
 
6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security RisksImperva
 
NOCTI Application
NOCTI ApplicationNOCTI Application
NOCTI ApplicationCredential Engine
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
 

Recommended

Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialVMware Tanzu
 
Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsAvtex
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103Brian Culver
 
6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security RisksImperva
 
NOCTI Application
NOCTI ApplicationNOCTI Application
NOCTI ApplicationCredential Engine
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...AntonioMaio2
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethChris Phillips
 
AzureAAD
AzureAADAzureAAD
AzureAADTonyHotko
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...AntonioMaio2
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
Con8902 developing secure mobile applications-final
Con8902 developing secure mobile applications-finalCon8902 developing secure mobile applications-final
Con8902 developing secure mobile applications-finalOracleIDM
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
I1804015458
I1804015458I1804015458
I1804015458IOSR Journals
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?rlsoft
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security RequirementsWSO2
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBWSO2
 
816isdfo
816isdfo816isdfo
816isdfoAnil Pandey
 
Rsm boletin obrero-2010-04
Rsm boletin obrero-2010-04Rsm boletin obrero-2010-04
Rsm boletin obrero-2010-04Martin Triana
 
Predator Control for Sustainable & Organic Livestock Production
Predator Control for Sustainable & Organic Livestock ProductionPredator Control for Sustainable & Organic Livestock Production
Predator Control for Sustainable & Organic Livestock ProductionElisaMendelsohn
 
3 s sofware
3 s sofware3 s sofware
3 s sofwareHuy Viet Nguyen
 
El budismo
El budismoEl budismo
El budismoCarolina Pailañir
 
Lir glenn wearen
Lir glenn wearenLir glenn wearen
Lir glenn wearenHEAnet
 
Mariano prado juegos de naruto shippuden
Mariano prado juegos de naruto shippudenMariano prado juegos de naruto shippuden
Mariano prado juegos de naruto shippudenmariano2014
 
Reducción de riesgos y daños asociados al consumo de drogas en fiestas de mús...
Reducción de riesgos y daños asociados al consumo de drogas en fiestas de mús...Reducción de riesgos y daños asociados al consumo de drogas en fiestas de mús...
Reducción de riesgos y daños asociados al consumo de drogas en fiestas de mús...Claudio Vidal Giné
 

More Related Content

What's hot

Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...AntonioMaio2
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethChris Phillips
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...AntonioMaio2
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
Con8902 developing secure mobile applications-final
Con8902 developing secure mobile applications-finalCon8902 developing secure mobile applications-final
Con8902 developing secure mobile applications-finalOracleIDM
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?rlsoft
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security RequirementsWSO2
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBWSO2
 

What's hot (15)

Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaication
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
 
AzureAAD
AzureAADAzureAAD
AzureAAD
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based Authentication
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based Authentication
 
Con8902 developing secure mobile applications-final
Con8902 developing secure mobile applications-finalCon8902 developing secure mobile applications-final
Con8902 developing secure mobile applications-final
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
I1804015458
I1804015458I1804015458
I1804015458
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security Requirements
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
 
Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESB
 
816isdfo
816isdfo816isdfo
816isdfo
 

Viewers also liked

Rsm boletin obrero-2010-04
Rsm boletin obrero-2010-04Rsm boletin obrero-2010-04
Rsm boletin obrero-2010-04Martin Triana
 
Predator Control for Sustainable & Organic Livestock Production
Predator Control for Sustainable & Organic Livestock ProductionPredator Control for Sustainable & Organic Livestock Production
Predator Control for Sustainable & Organic Livestock ProductionElisaMendelsohn
 
Lir glenn wearen
Lir glenn wearenLir glenn wearen
Lir glenn wearenHEAnet
 
Mariano prado juegos de naruto shippuden
Mariano prado juegos de naruto shippudenMariano prado juegos de naruto shippuden
Mariano prado juegos de naruto shippudenmariano2014
 
Reducción de riesgos y daños asociados al consumo de drogas en fiestas de mús...
Reducción de riesgos y daños asociados al consumo de drogas en fiestas de mús...Reducción de riesgos y daños asociados al consumo de drogas en fiestas de mús...
Reducción de riesgos y daños asociados al consumo de drogas en fiestas de mús...Claudio Vidal Giné
 
Annuario 2012 online_agenzia_entrate
Annuario 2012 online_agenzia_entrateAnnuario 2012 online_agenzia_entrate
Annuario 2012 online_agenzia_entrateAntonio Palmieri
 
Ataskaita ...V Ketvirtis
Ataskaita ...V KetvirtisAtaskaita ...V Ketvirtis
Ataskaita ...V Ketvirtisguest5cd127c
 
UCG at Strategic
UCG at StrategicUCG at Strategic
UCG at StrategicBogdana
 
Invitación premios codespa 2014
Invitación premios codespa 2014Invitación premios codespa 2014
Invitación premios codespa 2014uniRSEnic
 
12. Como impulsar proyectos desde los GL
12. Como impulsar proyectos desde los GL12. Como impulsar proyectos desde los GL
12. Como impulsar proyectos desde los GLSom Energia
 
Informe3-Web en Educación
Informe3-Web en EducaciónInforme3-Web en Educación
Informe3-Web en EducaciónMaria Gonzalez
 
Envejecer es obligatorio crecer es opcional
Envejecer es obligatorio crecer es opcionalEnvejecer es obligatorio crecer es opcional
Envejecer es obligatorio crecer es opcionalDomingo Ferrandis
 
Las lenguas de España 3, los dialectos meridionales
Las lenguas de España 3, los dialectos meridionalesLas lenguas de España 3, los dialectos meridionales
Las lenguas de España 3, los dialectos meridionalesCristina Ferrís Teja
 
Jornada Proac - Funcionamento da Lei - Inti Queiroz (Fevereiro 2015)
Jornada Proac - Funcionamento da Lei - Inti Queiroz (Fevereiro 2015)Jornada Proac - Funcionamento da Lei - Inti Queiroz (Fevereiro 2015)
Jornada Proac - Funcionamento da Lei - Inti Queiroz (Fevereiro 2015)Cultura e Mercado
 

Viewers also liked (20)

Rsm boletin obrero-2010-04
Rsm boletin obrero-2010-04Rsm boletin obrero-2010-04
Rsm boletin obrero-2010-04
 
Predator Control for Sustainable & Organic Livestock Production
Predator Control for Sustainable & Organic Livestock ProductionPredator Control for Sustainable & Organic Livestock Production
Predator Control for Sustainable & Organic Livestock Production
 
3 s sofware
3 s sofware3 s sofware
3 s sofware
 
El budismo
El budismoEl budismo
El budismo
 
Lir glenn wearen
Lir glenn wearenLir glenn wearen
Lir glenn wearen
 
Mariano prado juegos de naruto shippuden
Mariano prado juegos de naruto shippudenMariano prado juegos de naruto shippuden
Mariano prado juegos de naruto shippuden
 
Reducción de riesgos y daños asociados al consumo de drogas en fiestas de mús...
Reducción de riesgos y daños asociados al consumo de drogas en fiestas de mús...Reducción de riesgos y daños asociados al consumo de drogas en fiestas de mús...
Reducción de riesgos y daños asociados al consumo de drogas en fiestas de mús...
 
Annuario 2012 online_agenzia_entrate
Annuario 2012 online_agenzia_entrateAnnuario 2012 online_agenzia_entrate
Annuario 2012 online_agenzia_entrate
 
heineken
heinekenheineken
heineken
 
Eco Sun Wind
Eco Sun WindEco Sun Wind
Eco Sun Wind
 
Ataskaita ...V Ketvirtis
Ataskaita ...V KetvirtisAtaskaita ...V Ketvirtis
Ataskaita ...V Ketvirtis
 
UCG at Strategic
UCG at StrategicUCG at Strategic
UCG at Strategic
 
Invitación premios codespa 2014
Invitación premios codespa 2014Invitación premios codespa 2014
Invitación premios codespa 2014
 
12. Como impulsar proyectos desde los GL
12. Como impulsar proyectos desde los GL12. Como impulsar proyectos desde los GL
12. Como impulsar proyectos desde los GL
 
Business plan template
Business plan templateBusiness plan template
Business plan template
 
Informe3-Web en Educación
Informe3-Web en EducaciónInforme3-Web en Educación
Informe3-Web en Educación
 
Envejecer es obligatorio crecer es opcional
Envejecer es obligatorio crecer es opcionalEnvejecer es obligatorio crecer es opcional
Envejecer es obligatorio crecer es opcional
 
Las lenguas de España 3, los dialectos meridionales
Las lenguas de España 3, los dialectos meridionalesLas lenguas de España 3, los dialectos meridionales
Las lenguas de España 3, los dialectos meridionales
 
Pixart
PixartPixart
Pixart
 
Jornada Proac - Funcionamento da Lei - Inti Queiroz (Fevereiro 2015)
Jornada Proac - Funcionamento da Lei - Inti Queiroz (Fevereiro 2015)Jornada Proac - Funcionamento da Lei - Inti Queiroz (Fevereiro 2015)
Jornada Proac - Funcionamento da Lei - Inti Queiroz (Fevereiro 2015)
 

Similar to Edugate Futures

A Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsA Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsGabriella Davis
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborationsjbasney
 
Iam update 2014.10.16
Iam update 2014.10.16Iam update 2014.10.16
Iam update 2014.10.16kevin_donovan
 
Real World Identity Managment
Real World Identity ManagmentReal World Identity Managment
Real World Identity ManagmentJohn Lewis
 
Shared IT Solutions: The Secret Sauce for Research Collaboration
Shared IT Solutions: The Secret Sauce for Research CollaborationShared IT Solutions: The Secret Sauce for Research Collaboration
Shared IT Solutions: The Secret Sauce for Research CollaborationCybera Inc.
 
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19TechSoup
 
Microsoft Purview Information Barriers and Communication Compliance and Micro...
Microsoft Purview Information Barriers and Communication Compliance and Micro...Microsoft Purview Information Barriers and Communication Compliance and Micro...
Microsoft Purview Information Barriers and Communication Compliance and Micro...Albert Hoitingh
 
TechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile ComputingTechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile ComputingAvtex
 
CIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from PilotsCIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from PilotsCloudIDSummit
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Jim Kaplan CIA CFE
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business CaseHitachi ID Systems, Inc.
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports Jim Kaplan CIA CFE
 
Eunis federation2
Eunis federation2Eunis federation2
Eunis federation2HEAnet
 
10 Essentials for Effective Teams Governance
10 Essentials for Effective Teams Governance10 Essentials for Effective Teams Governance
10 Essentials for Effective Teams GovernanceChristian Buckley
 
Identity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionIdentity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionCA API Management
 
Ecm implementation planning_workshop_hospital_sample
Ecm implementation planning_workshop_hospital_sampleEcm implementation planning_workshop_hospital_sample
Ecm implementation planning_workshop_hospital_sampleChristopher Wynder
 

Similar to Edugate Futures (20)

A Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsA Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration Solutions
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
 
Iam update 2014.10.16
Iam update 2014.10.16Iam update 2014.10.16
Iam update 2014.10.16
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Real World Identity Managment
Real World Identity ManagmentReal World Identity Managment
Real World Identity Managment
 
SmartERP PeopleSoft Security
SmartERP PeopleSoft Security SmartERP PeopleSoft Security
SmartERP PeopleSoft Security
 
Shared IT Solutions: The Secret Sauce for Research Collaboration
Shared IT Solutions: The Secret Sauce for Research CollaborationShared IT Solutions: The Secret Sauce for Research Collaboration
Shared IT Solutions: The Secret Sauce for Research Collaboration
 
Iam it-summit-2015
Iam it-summit-2015Iam it-summit-2015
Iam it-summit-2015
 
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
 
Microsoft Purview Information Barriers and Communication Compliance and Micro...
Microsoft Purview Information Barriers and Communication Compliance and Micro...Microsoft Purview Information Barriers and Communication Compliance and Micro...
Microsoft Purview Information Barriers and Communication Compliance and Micro...
 
TechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile ComputingTechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile Computing
 
CIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from PilotsCIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from Pilots
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business Case
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports
 
Eunis federation2
Eunis federation2Eunis federation2
Eunis federation2
 
10 Essentials for Effective Teams Governance
10 Essentials for Effective Teams Governance10 Essentials for Effective Teams Governance
10 Essentials for Effective Teams Governance
 
A A A
A A AA A A
A A A
 
Identity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionIdentity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT Mission
 
Ecm implementation planning_workshop_hospital_sample
Ecm implementation planning_workshop_hospital_sampleEcm implementation planning_workshop_hospital_sample
Ecm implementation planning_workshop_hospital_sample
 

Recently uploaded

Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 

Recently uploaded (20)

Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 

Edugate Futures

  • 2. Summary 1 year Pilot Project / 2 years in production All IoT’s, Universities, Colleges, but only half of HEAnet’s members Core service at some institutions but light use at others
  • 3.
  • 4. So, where to now? 1. Extended Attribute Schema 2. Higher Identity Assurance 3. Strong Authentiation 4. Account Provisioning 5. Cross institutional groups 6. New Identity Protocols 7. Statistics 8. Bilateral Trusts 9. Expansion beyond HEAnet 10. SSO for non-web applications 11. Aggregated identities 12. Logout
  • 5. 1. Extended Attribute Schema Students • Do you have photos? • Can I tell if a user is part-time/full-time? • What course is the student pursuing? Staff • Cost-center code (for eProcurement) • ResearcherID AuthorID • Availability calendar • Telephone number
  • 6. 2. Higher Identity Assurance Would you use Edugate for eProcurement? • On-campus (cross charging for campus services) • Shared procurement portal (Shannon Consortium Procurement Network) • External suppliers (vikingdirect.ie/officedepot.ie) Service Provider will seek assurances that the identity is sufficient quality to underpin a cardless financial transaction
  • 7. 3. Strong Authentication Passwords are the root of all e-vil • Easily shared • Easily forgotten • Frequently exposed • No common password policy • Password changes not enforced
  • 8. 3. Strong Authentication SSO helps to eliminate passwords • Consolidating onto a single (or single+1) credential allows for strong authentication • 2-factor authentication / strong password policy SSO systems can protect sensitive resources • re-authentication • ‘step-up’ authentication
  • 9. 4. Account Provisioning On-campus, provisioning is a minor problem, but, for cloud/hosted/outsourced services provisioning is a significant problem Invitation systems require; • email address of all potential users -1 time url • approval workflows -open URL
  • 10. 4. Account Provisioning Bulk provisioning • Handling of bulk files a significant risk • Out of Sync almost immediately • De-provisioning rarely handled • Accounts created for users who might never login
  • 11. 4. Account Provisioning Just-in-Time provisioning Standards emerging • Simple Cloud Identity Management (SCIM) But, service Providers familiar with; • LDAP Enter username/password, authenticate, query for attributes • Oauth Enter user ID, authenticate, get token, query for attributes • API Enter a user identifier, query for attributes, forever
  • 12. 5. Cross institutional groups Cross institutional/federation groups (Virtual Organisations) • Identity provider doesn’t know all the collaboration or projects that a user participates within. • This makes it authorisation difficult for Service Providers (e.g. Project Portal)
  • 13. 5. Cross Institutional Groups Establish an Edugate group repository; • this can be queried by IdP’s during the preparation of attributes for an assertion • this can be queried by SP’s provided the repository has a user identifier • Self-asserted group membership • Group membership approvals or invitations.
  • 14. 6. New Identity Protocols OpenID Connect • Addresses weaknesses and shortcomings of OpenID OAuth2 • Allows retrieval of user data when user is not present WIF • Predominant identity protocol for Microsoft services
  • 15. 6. New Identity Protocols Should Edugate add new protocols? • Cost? • Benefit?
  • 16. 7. Statistics and Monitoring Are my users able to access service X? Why are my users accessing service Y? How come I’ve no users from institution A? Why are we so popular with institution B? What is the most widely used Edugate service? What is the least most used service? Is Edugate being used? or being used more?
  • 17. 7. Statistics and Monitoring Is IdP X up? Are there high rates of attrition? Are [staff|students] able to authenticate?
  • 18. 8.Proliferation of bilateral trusts There are 29 bilateral trusts in Edugate, why don’t these services join Edugate? • Maybe not required (single institution) • Tender awarded, Edugate not in the tender • SP not a legal entity Google Apps, Millennium, Blackboard Learn.
  • 19. 9. Expansion beyond HEAnet? More identity providers will mean more service providers •Private Colleges •Health Services Sector (HSE/Hospitals/CPD) •Industry Research Centers (Intel Labs / SFI participants) •2nd Level schools
  • 20. 10. SSO for non-web SAML works well within the browser, but, Outside the browser, it requires client support • Native client support Outlook Claims based authentication • Or, with Moonshot; Common library support (GSS/SASL/SSPI)
  • 21. 11. Aggregated identities Institution holds validated identity data and enrollment status. This can be aggregated or augmented with self-asserted data from other sources; • Social ID’s (Profile Pictures, friends, interests) • Group membership repository
  • 22. 11. Aggregated identities Facebook/Twitter/Google hold self-asserted identity data. This can be aggregated or augmented with verified user data from other sources :-p
  • 23. 12. Logout Clicking on ‘Logout’ what should happen? • Logout of the application, but IdP session persists (Local Logout) • Logout of the application, redirect to IdP session killer page (partial logout) • Logout of the application, redirect to IdP session killer page, trigger logout of all services • (global logout)
  • 24. 12. Logout Or should the SP force re-authentication at the IdP after the logout button has been used (if the IdP supports it.
  • 25. So, where to now? 1. Extended Attribute Schema 2. Higher Identity Assurance 3. Strong Authentiation 4. Account Provisioning 5. Cross institutional groups 6. New Identity Protocols 7. Statistics 8. Bilateral Trusts 9. Expansion beyond HEAnet 10. SSO for non-web applications 11. Aggregated identities 12. Logout