Feide Connect is a next generation service platform for educational users in Norway that supports mobile and third-party interactions through standardized APIs and protocols. It addresses gaps in middleware infrastructure by building on HTTP, OAuth 2.0, OpenID Connect, and other open standards. The platform provides features like single sign-on, authorization management, user and group profiles, third-party API access, application stores, activity streams, and developer tools. It aims to simplify authentication, access control, and integration across different services and administrative domains through open protocols and established trust relationships. While still under development, the platform demonstrates widgets, apps, and tools that can be easily integrated and auto-configured to work within Feide Connect's authorization framework.

1. Feide Connect
Next generation service platform for
educational users in Norway.
andreas.solberg@uninett.no
Andreas Åkre Solberg
Dublin, May 2014

2. Feide Connect
research and development activity
The presented work is from an operational prototype
varies from experimental to more mature
a production-level service is in planning
2

3. 3
The gap between
services’ needs and supporting middleware infrastructure
is increasing

4. What we have today
does not properly support mobile
does not properly support three-tier,
services that interacts with services
(data in other adm.domains)
Complex setup (SAML)
Complex cross-federation setup
4

5. 5
Today
everything is about
APIs

6. 6
SAML is great for SSO
- not everything else

7. Lets build…

8. 8
HTTP

9. 9
HTTP
OAuth 2.0
Authorization management

10. 10
HTTP
OAuth 2.0
Authorization management
OpenID Connect SCIM
VOOTeduPerson++
3rd party APIs+++PeopleSearch ActivityStreams

11. 11
HTTP
OAuth 2.0
Authorization management
OpenID Connect SCIM
VOOTeduPerson++
3rd party APIs+++
App Engine
Javascript PaaS
Groups AppStore Feed
DevDashboard
App
Documentation
App
Inspect
App
Authorization Dialog
Workflow
UNINETT AS
info@uninett.no

12. Developer
Dashboard

13. 13
Groups
Clients
GroupEngine
Parallell aggregator
SCIM
VOOT
Ad-hoc
groups
FS
Common Student System
Feide
attributes
Feide
attributes

14. 14
Groups
Manage
ad-hoc groups
using
groups and peoplesearch
APIs

15. 15
ActivityStreams

16. 16
etherpad demo
Non-intrusive etherpad plugin
no modifications
No external dependencies whatsoever!
Not even simplesamlphp ;)
Uses Feide Connect for
authentication and groups.
Setup with auto-configure

17. 17
etherpad demo

18. 18
Clients
API Gatekeeper
3rd party APIs
Authorization workflow Auth
OAuth server
HTTP API
+ OAuth
Self
service
GET /api/0/items HTTP/1.0
Authorization: xxxxx
Host: 3rd-domain.org
FC-UserID: andreas@uninett.no
FC-Groups: x001, x002, x009
FC-Scopes: readaccess
FC-ClientID: 4thparty-org001
3rd.api.feideconnect.edu
established
trust
api.3rdparty.org

19. 19
Not solved yet
Still much implementations to do
Contracts and legal work
Payment model
Smooth logout experience with SLO, OAuth,
web, applications and mobile.

20. 20
…some more stuff

21. 21
App Store
in the works…

22. 22
Frontend protocols
service to service
service to platform
Javascript window.postMessage
«Federated» iframes with isPassive=true

23. 23
Adobe Connect Widget demo
Can be used «anywhere»!
Just copy and paste a short JS sniplet.
Can easily be setup to adopt surrounding
group environment, to set «current group».
Fully controlled authorization and access
controll for Adobe Connect. No pre-
configuration whatsover for endusers.

24. 24

25. 25
Autoconfigure demo
Simplify registration of service providers
Can be prepacked with popular applications;
in.e. wordpress (plugin demoed)
!
Wordpress plugin with no external
dependencies.

26. 26

27. 27
feed Widget demo
Widget push shared news or any «activity» to
activity stream
Another widget presents «news» within a
group in a collaboration service (Liferay)

28. 2828
Feed Widget!
Shows an aggregated feed of activities for the current
selected group across all collaboration tools.
Share widget!
Can be easily integrated anywhere. Will share a link to the current web page
to the activity stream for the current user in a selected group context.

29. 29
That’s it.
Thanks for attending this presentation!
andreas@uninett.no