Federated identity and open id connect why higher ed needs ox
1. Access to premium content is now one of the greatest value-adds universities can
offer students, faculty and staff. Through the use of federated identity with open
standards like SAML, universities can enable their university-issued credentials to
provide access to valuable third-party content, like email and course material.
However, the majority of U.S. universities either have no federation implementation,
or a very limited deployment. To compound this problem, due to the complexity of
configuration, very few websites support SAML the leading federation standard on
the Internet today.
In the time that SAML adoption has not happened, Google and other consumer IDPs
have become indispensable to people for mobile and web access management.
SAML came out before the invention of the iPhone. Since then, the infrastructure of
the web has shifted to accommodate advances in technology, and developer feedback
is clear: they don’t want to integrate SAML in their applications.
T
2. There are many indicators that something is wrong with SAML adoption. Moderate
success is not good enough. An infrastructure service like authentication needs to have
ubiquitous adoption in order to make a significant impact. For example, the Internet
wouldn’t work as well if we had to support IPX and Banyan Vines at the same time.
While Shibboleth IDP is currently the most popular open source SAML software in use
by higher education, Shib 3 is not the answer…the way forward is OX!
Shib 3 only gets you improved SAML. OX enables the institution to support next-gen
OAuth2 authn / authz and federation. The recently finalized OAuth 2.0 profile for
authentication, OpenID Connect, fills the need for a simple yet flexible and secure
identity protocol, and also lets organizations leverage their existing OAuth 2.0
investments
3. Gluu has a very simple migration plan from Shibboleth 2: using our Login Handler, a
person is able to get both a SAML and OpenID Connect session. Despite a head start of
years, MSFT will probably very soon have more SAML IDPs than Shibboleth, and MSFT
are on track to deliver their OpenID Connect server before Shibboleth. However,
proprietary software and its expensive licenses are not as appealing to budget-
conscious universities as it is to large enterprises.
OX provides a competitive value proposition, while maintaining a flexible open source
license. Before we convert the last 90% of universities to the wrong protocol (SAML)
and proprietary software, maybe it’s time to at least have a conversation if that’s the
right thing to do.
Article resource:-https//thegluuserver.wordpress.com/2014/06/18/federated-identity-
and-openid-connect-why-higher-ed-needs-ox/