Mike Schwartz, profile picture
Uploaded byMike Schwartz
PPTX, PDF1,084 views

Federation registry

This document discusses how a multi-party federation approach can help states support numerous applications that want to use their open interfaces for authentication and authorization. It explains that federations provide tools and rules to protect privacy while lowering costs for states and developers. Federations are proven in higher education and government. To be successful, federations must ease the onboarding process through registration, vetting, and collecting fees. The participation agreement specifies privacy protections around identity assurance, data protection levels, and user control. The federation publishes schemas for user attributes, authentication mechanisms, and authorization scopes. It also publishes daily metadata files listing participants. The Gluu Federation Registry provides administration and supports the approval workflow. Its subscription includes deployment, participation agreement custom

Embed presentation

Downloaded 10 times
8/27/2013 http://gluu.org Federation Registry
SAML OpenID Connect UMA How can states support numerous applications who want to use their open interfaces for authentication and authorization? Websites SaaS Apps Mobile Apps
Multi-Party Federation Approach… • Federations provide the “tools” and “rules” to protect privacy while driving down the costs for both the State and application developers • Federations are a proven approach: they are widely used in Higher Education and government – http://www.gluu.co/.hdr8
To be successful federations have to “Ease the On-boarding” with a simple process to Join – Provide Registration • Applicants agree to the participation agreement and submit their certificate via a management website – Vet participants • The federation reviews the application, and ensures the applicant qualifies to participate in the federation – Collect fee • It is common to collect setup and subscription fees to offset the cost of managing the federation infrastructure
The Participation Agreement – Specifies Privacy Protections • Species the Levels of Assurance (LOA) from the identity provider that an accurate authentication has been achieved • Specifies the Level of Protection (LOP) from the website or mobile application as to what security is in place to protect a person’s data from loss • The Level of Control (LOC) a person has to access, correct or remove their data – Standardize Terms and Conditions – Clarify Policies and Operating Procedures
The Federation publishes the schema or words used by the Participants – Attributes of the Person • Piece of information about the person • AKA “user claims” – mail, phone, address, state, grade, age… – Authentication Mechanisms • You need to make sure the apps request the right kind of authentication – http://www.example.com/schema/authn/auth_mode/myMobileToken – http://www.example.com/schema/authn/auth_level/9 – Authorization Scopes • You need to make sure the apps request the right kind of authentication – http://www.example.com/schema/authz/grade1 – http://www.example/schema/authz/teacher – http://www.example.com/schema/authz/principal
The federation publishes the nightly “metadata” – A file that contains the official list of the participants of the federation (at the time of publication) • http://www.incommon.org/federation/metadata.html – Publishes the certificate of each participant – A place for the federation to publish other information about the participant’s role
Federation Registry – Provides scalable administration interface for the federation operator – Open source web application developed by the Australian higher education federation – Deployed in several other countries: Ireland, Switzerland – Enables websites to enter all the information that is needed by the federation and handles the approval workflow
What does the Gluu Federation Registry Subscription Include – Deployment of the Federation Registry application on an existing customer IAAS or Gluu Server – Quick start generating the Participation Agreement—will require review and modification by the State – Creation of initial schema for attributes, authentication, and authorization – Development of a operations guide for Registry Administrators – Monitoring / Support of the Federation Registry Server
Future proofing… – Current federations are defined using SAML, however federations are not limited to supporting one protocol – OpenID Connect Federation standards are evolving : • http://www.gluu.co/multi-openid-wiki

More Related Content

PPTX
Conditional access to office 365 what options do you have
byAdam Hand
 
PPT
Utah Architecture Review Single Sign-On
byDavid Fletcher
 
PDF
Accessibility Primer Version 2 - UXfrkln meetup
byMike Gallers
 
PDF
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
byMike Schwartz
 
PPT
Internet i vozmognosti
byYulya Tkachuk
 
PDF
iScan Risk Intelligence for Regional Banks
byMAX Risk Intelligence by LOGICnow
 
PPTX
LASCON: Three Profiels of OAuth2 for Identity and Access Management
byMike Schwartz
 
PDF
Who Are You? From Meat to Electrons - SXSW 2014
byMike Schwartz
 
Conditional access to office 365 what options do you have
byAdam Hand
 
Utah Architecture Review Single Sign-On
byDavid Fletcher
 
Accessibility Primer Version 2 - UXfrkln meetup
byMike Gallers
 
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
byMike Schwartz
 
Internet i vozmognosti
byYulya Tkachuk
 
iScan Risk Intelligence for Regional Banks
byMAX Risk Intelligence by LOGICnow
 
LASCON: Three Profiels of OAuth2 for Identity and Access Management
byMike Schwartz
 
Who Are You? From Meat to Electrons - SXSW 2014
byMike Schwartz
 

Viewers also liked

PPTX
Single Sign On 101
byMike Schwartz
 
PDF
SAML Protocol Overview
byMike Schwartz
 
PPTX
Kantara OTTO slides
byMike Schwartz
 
PDF
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
byMike Schwartz
 
PDF
Autenticación Shibboleth: Experiencia de la Universidad del Bío-Bío
byEDUTIC
 
PDF
Cloud Identity: A Recipe for Higher Education
byMike Schwartz
 
PPTX
RSA Europe: Future of Cloud Identity
byMike Schwartz
 
PPTX
Requirements for Personal Clouds : Tech Ranch Talk 8/7/13
byMike Schwartz
 
PPTX
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
byMike Schwartz
 
PDF
Gluu EDU Webinar: Shibboleth/SAML SSO
byMike Schwartz
 
PPT
ID Next 2013 Keynote Slides by Mike Schwartz
byMike Schwartz
 
PPTX
RSA Conference 2016: Who Are You? From Meat to Electrons and Back Again
byMike Schwartz
 
Single Sign On 101
byMike Schwartz
 
SAML Protocol Overview
byMike Schwartz
 
Kantara OTTO slides
byMike Schwartz
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
byMike Schwartz
 
Autenticación Shibboleth: Experiencia de la Universidad del Bío-Bío
byEDUTIC
 
Cloud Identity: A Recipe for Higher Education
byMike Schwartz
 
RSA Europe: Future of Cloud Identity
byMike Schwartz
 
Requirements for Personal Clouds : Tech Ranch Talk 8/7/13
byMike Schwartz
 
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
byMike Schwartz
 
Gluu EDU Webinar: Shibboleth/SAML SSO
byMike Schwartz
 
ID Next 2013 Keynote Slides by Mike Schwartz
byMike Schwartz
 
RSA Conference 2016: Who Are You? From Meat to Electrons and Back Again
byMike Schwartz
 

Similar to Federation registry

PDF
Federation in Practice
byForgeRock
 
PDF
Federation in Practice
byForgeRock
 
PDF
Patterns and Antipatterns in Enterprise Security
byWSO2
 
PDF
Identity Federation Patterns with WSO2 Identity Server​
byWSO2
 
PPTX
Go west young federation
byGluu
 
PPTX
Federated and fabulous identity
byAndre N. Klingsheim
 
PPTX
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
byCA API Management
 
PPT
Identity Federation on JBossAS
byRoger CARHUATOCTO
 
PPT
Technical Requirements of the UK Access Management Federation
byJISC.AM
 
PPT
Eunis federation2
byHEAnet
 
PPT
Assurance
byJISC.AM
 
PPTX
Federated access management
byMark Cairney
 
PDF
E gov security_tut_session_9
byMustafa Jarrar
 
PPTX
Codemash-2017
byKevin Cody
 
PPTX
First o auth 2.0 and saml identity federation platform to be shown by gluu
byGluu
 
PPSX
Improving the User Experience
byEduserv
 
PDF
REFEDS Overview
byrefeds
 
PDF
Standards and APIs: How to Best Build Platforms and Tools to Manage Identity ...
byDana Gardner
 
PDF
OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...
byMikeLeszcz
 
PDF
Experience and strategy of Spain in eGovernment: three keys to sucess, the ba...
byMiguel A. Amutio
 
Federation in Practice
byForgeRock
 
Federation in Practice
byForgeRock
 
Patterns and Antipatterns in Enterprise Security
byWSO2
 
Identity Federation Patterns with WSO2 Identity Server​
byWSO2
 
Go west young federation
byGluu
 
Federated and fabulous identity
byAndre N. Klingsheim
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
byCA API Management
 
Identity Federation on JBossAS
byRoger CARHUATOCTO
 
Technical Requirements of the UK Access Management Federation
byJISC.AM
 
Eunis federation2
byHEAnet
 
Assurance
byJISC.AM
 
Federated access management
byMark Cairney
 
E gov security_tut_session_9
byMustafa Jarrar
 
Codemash-2017
byKevin Cody
 
First o auth 2.0 and saml identity federation platform to be shown by gluu
byGluu
 
Improving the User Experience
byEduserv
 
REFEDS Overview
byrefeds
 
Standards and APIs: How to Best Build Platforms and Tools to Manage Identity ...
byDana Gardner
 
OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...
byMikeLeszcz
 
Experience and strategy of Spain in eGovernment: three keys to sucess, the ba...
byMiguel A. Amutio
 

Recently uploaded

PDF
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PPTX
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
December Patch Tuesday
byIvanti
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
PPTX
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
December Patch Tuesday
byIvanti
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 

Federation registry

  • 1.
  • 2.
    SAML OpenID Connect UMA How can statessupport numerous applications who want to use their open interfaces for authentication and authorization? Websites SaaS Apps Mobile Apps
  • 3.
    Multi-Party Federation Approach… •Federations provide the “tools” and “rules” to protect privacy while driving down the costs for both the State and application developers • Federations are a proven approach: they are widely used in Higher Education and government – http://www.gluu.co/.hdr8
  • 4.
    To be successfulfederations have to “Ease the On-boarding” with a simple process to Join – Provide Registration • Applicants agree to the participation agreement and submit their certificate via a management website – Vet participants • The federation reviews the application, and ensures the applicant qualifies to participate in the federation – Collect fee • It is common to collect setup and subscription fees to offset the cost of managing the federation infrastructure
  • 5.
    The Participation Agreement –Specifies Privacy Protections • Species the Levels of Assurance (LOA) from the identity provider that an accurate authentication has been achieved • Specifies the Level of Protection (LOP) from the website or mobile application as to what security is in place to protect a person’s data from loss • The Level of Control (LOC) a person has to access, correct or remove their data – Standardize Terms and Conditions – Clarify Policies and Operating Procedures
  • 6.
    The Federation publishesthe schema or words used by the Participants – Attributes of the Person • Piece of information about the person • AKA “user claims” – mail, phone, address, state, grade, age… – Authentication Mechanisms • You need to make sure the apps request the right kind of authentication – http://www.example.com/schema/authn/auth_mode/myMobileToken – http://www.example.com/schema/authn/auth_level/9 – Authorization Scopes • You need to make sure the apps request the right kind of authentication – http://www.example.com/schema/authz/grade1 – http://www.example/schema/authz/teacher – http://www.example.com/schema/authz/principal
  • 7.
    The federation publishesthe nightly “metadata” – A file that contains the official list of the participants of the federation (at the time of publication) • http://www.incommon.org/federation/metadata.html – Publishes the certificate of each participant – A place for the federation to publish other information about the participant’s role
  • 8.
    Federation Registry – Providesscalable administration interface for the federation operator – Open source web application developed by the Australian higher education federation – Deployed in several other countries: Ireland, Switzerland – Enables websites to enter all the information that is needed by the federation and handles the approval workflow
  • 9.
    What does theGluu Federation Registry Subscription Include – Deployment of the Federation Registry application on an existing customer IAAS or Gluu Server – Quick start generating the Participation Agreement—will require review and modification by the State – Creation of initial schema for attributes, authentication, and authorization – Development of a operations guide for Registry Administrators – Monitoring / Support of the Federation Registry Server
  • 10.
    Future proofing… – Currentfederations are defined using SAML, however federations are not limited to supporting one protocol – OpenID Connect Federation standards are evolving : • http://www.gluu.co/multi-openid-wiki