SlideShare a Scribd company logo

OASIS - Identity 1.0

M
Maarten Koopmans
1 of 25
Download to read offline
Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006
High-quality Internet for higher education and research In the beginning… Well, the 90’s: a chip card for higher education. It failed miserably.
High-quality Internet for higher education and research … (2) Tests with mobile phones and e-banking (token based in NL). Piggybacking in 2001-2.
High-quality Internet for higher education and research Authentication middleware, 2002 Authentication middleware that could act as a switch between multiple authentication methods and added SSO as a bonus.
High-quality Internet for higher education and research A-Select 1.0 Q4-2002 First lesson: choose your project name carefully! Authentication selection. We’ll just call it A-Select “for now”.
High-quality Internet for higher education and research 1.0 features • SSO • Multiple authentication methods • Simple “Cross” mode, full identity shared between domains 3 universities, 30.000 users. They liked it. We invested.
High-quality Internet for higher education and research A-Select in 2002
High-quality Internet for higher education and research A-Select in 2002 (2)
High-quality Internet for higher education and research The marketing dilemma How do you get the other universities to use this? Encourage usage outside and within higher-ed
High-quality Internet for higher education and research The question then becomes: Why don’t you use it?
High-quality Internet for higher education and research 2002-3: versions 1.1 – 1.3 • Logging • APIs and protocol improvements • Better user database support • More AuthSPs
High-quality Internet for higher education and research A-Select in 2003
High-quality Internet for higher education and research 2003: Build a community • E-government chose A-Select, as did the public libraries • System integrators • More universities. Some 100.000 users in NL
High-quality Internet for higher education and research 2004: Strengthen the community • e-government becomes DigiD, keep them on board • Work together with libraries • Add features: – fail over – more application integration components Open standards are becoming very important with Shibboleth and SAML, especially for higher education
High-quality Internet for higher education and research 2004: A-Select diffusion Encourage usage via diffusion program: target 100,000 users by the end of 2006. Result: >> 200,000 users in higher ed and more are coming! Activities: • Documentation • Integration components • On site support • Project consultancy
High-quality Internet for higher education and research 2005: Towards a Federation Release 1.4.1: integrating a lot of contributions from the community, massive clean-up of the codebase Release 1.4.2: Adding a simple yet flexible authorization engine and attribute acquisition (using, CGI, SOAP, LDAP)
High-quality Internet for higher education and research A-Select in 2005
High-quality Internet for higher education and research A-Select in 2005
High-quality Internet for higher education and research 2005: Digid more and more visible First cities are using Digid as an A-Select based IdP First tests with online tax forms with Digid as IdP
High-quality Internet for higher education and research 2006: Federation for real Release 1.5: adds SAML 1.1 with Shibboleth profiles. A-Select can act as IdP for Shib-protected resources. From 2007 onwards Digid mandatory for online tax forms Millions of users.
High-quality Internet for higher education and research Federation in 2006 users identities central federation components resources (SAML) SAML
High-quality Internet for higher education and research Winding down • Apache style licensed • 98% Java based code • > 5 authN Methods • Healthy market and community • millions of users • Incremental growth has paid of: from authN to federation middleware • Open source is a viable model for “NL as a company”
High-quality Internet for higher education and research What’s next • 1.6 • WS-* support • SAML 2.0 support • A-Select starter kit (with Linux, reverse proxy, ...)
High-quality Internet for higher education and research Expanding internationally Open standards important for collaboration! Thank you, OASIS!
High-quality Internet for higher education and research Questions / discussion Maarten.Koopmans@surfnet.nl

Recommended

Presentation to California Energy Commission on Open Source, Security, and Pr...
Presentation to California Energy Commission on Open Source, Security, and Pr...Presentation to California Energy Commission on Open Source, Security, and Pr...
Presentation to California Energy Commission on Open Source, Security, and Pr...John Teeter
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum
 
Building open source identity infrastructures
Building open source identity infrastructuresBuilding open source identity infrastructures
Building open source identity infrastructuresFrancesco Chicchiriccò
 
Apache Syncope and Tirasa
Apache Syncope and TirasaApache Syncope and Tirasa
Apache Syncope and TirasaFrancesco Chicchiriccò
 
Open source identity management 20121106 - apache con eu
Open source identity management 20121106 - apache con euOpen source identity management 20121106 - apache con eu
Open source identity management 20121106 - apache con euFrancesco Chicchiriccò
 
Open Source Identity Management
Open Source Identity ManagementOpen Source Identity Management
Open Source Identity ManagementRadovan Semancik
 
Open Source & Identity Management
Open Source & Identity ManagementOpen Source & Identity Management
Open Source & Identity ManagementJISC Netskills
 
Integrating Apache Camel with Apache Syncope
Integrating Apache Camel with Apache SyncopeIntegrating Apache Camel with Apache Syncope
Integrating Apache Camel with Apache SyncopeColm O hEigeartaigh
 

Recommended

Presentation to California Energy Commission on Open Source, Security, and Pr...
Presentation to California Energy Commission on Open Source, Security, and Pr...Presentation to California Energy Commission on Open Source, Security, and Pr...
Presentation to California Energy Commission on Open Source, Security, and Pr...John Teeter
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum
 
Building open source identity infrastructures
Building open source identity infrastructuresBuilding open source identity infrastructures
Building open source identity infrastructuresFrancesco Chicchiriccò
 
Apache Syncope and Tirasa
Apache Syncope and TirasaApache Syncope and Tirasa
Apache Syncope and TirasaFrancesco Chicchiriccò
 
Open source identity management 20121106 - apache con eu
Open source identity management 20121106 - apache con euOpen source identity management 20121106 - apache con eu
Open source identity management 20121106 - apache con euFrancesco Chicchiriccò
 
Open Source Identity Management
Open Source Identity ManagementOpen Source Identity Management
Open Source Identity ManagementRadovan Semancik
 
Open Source & Identity Management
Open Source & Identity ManagementOpen Source & Identity Management
Open Source & Identity ManagementJISC Netskills
 
Integrating Apache Camel with Apache Syncope
Integrating Apache Camel with Apache SyncopeIntegrating Apache Camel with Apache Syncope
Integrating Apache Camel with Apache SyncopeColm O hEigeartaigh
 
IWMW 2004: Life After Email Strategies For Collaboration in the 21st Century
IWMW 2004: Life After Email Strategies For Collaboration in the 21st CenturyIWMW 2004: Life After Email Strategies For Collaboration in the 21st Century
IWMW 2004: Life After Email Strategies For Collaboration in the 21st CenturyIWMW
 
Resume_Yuanchen_Liu_090816
Resume_Yuanchen_Liu_090816Resume_Yuanchen_Liu_090816
Resume_Yuanchen_Liu_090816Lui Liu
 
Building Successful API Programs in Higher Education
Building Successful API Programs in Higher EducationBuilding Successful API Programs in Higher Education
Building Successful API Programs in Higher Education3scale
 
Enabling the Digital Leap: Strategies for K–12 Schools
Enabling the Digital Leap: Strategies for K–12 SchoolsEnabling the Digital Leap: Strategies for K–12 Schools
Enabling the Digital Leap: Strategies for K–12 SchoolsCisco Enterprise Networks
 
Intership report
Intership reportIntership report
Intership reportSouvik Banik
 
Reading room li weiwei
Reading room li weiweiReading room li weiwei
Reading room li weiweiGRIDMMS
 
Reem_Elshourbagy Project portofolio
Reem_Elshourbagy Project portofolioReem_Elshourbagy Project portofolio
Reem_Elshourbagy Project portofolioReem El-shourbagy
 
MOOCs Platform Panorama
MOOCs Platform Panorama MOOCs Platform Panorama
MOOCs Platform Panorama Jingjing Lin
 
CIS 2015- Social Identity Management in Academia Real World BYOI- Tom Eggleston
CIS 2015- Social Identity Management in Academia Real World BYOI- Tom EgglestonCIS 2015- Social Identity Management in Academia Real World BYOI- Tom Eggleston
CIS 2015- Social Identity Management in Academia Real World BYOI- Tom EgglestonCloudIDSummit
 
TechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile ComputingTechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile ComputingAvtex
 
Web technology and e commerce ppt
Web technology and e commerce pptWeb technology and e commerce ppt
Web technology and e commerce pptSadashiva Tandur
 
Future of Wi-Fi for Events
Future of Wi-Fi for EventsFuture of Wi-Fi for Events
Future of Wi-Fi for EventsCorbin Ball
 
Slide Share Presentation V2
Slide Share Presentation V2Slide Share Presentation V2
Slide Share Presentation V2jodiharrison
 
Computer network coe351- part1- final
Computer network coe351- part1- finalComputer network coe351- part1- final
Computer network coe351- part1- finalTaymoor Nazmy
 
HE/Public Sector Update: Excelling in Digital Accessibility at Open University
HE/Public Sector Update: Excelling in Digital Accessibility at Open UniversityHE/Public Sector Update: Excelling in Digital Accessibility at Open University
HE/Public Sector Update: Excelling in Digital Accessibility at Open UniversityAbilityNet
 
I Planet Overview
I Planet OverviewI Planet Overview
I Planet Overviewrogerkellerman
 
Building Software Solutions Using Web 2.0 Technologies
Building Software Solutions Using Web 2.0 TechnologiesBuilding Software Solutions Using Web 2.0 Technologies
Building Software Solutions Using Web 2.0 TechnologiesAspire Systems
 
A Centralised Lecture Capture System for Irish Higher Education
A Centralised Lecture Capture System for Irish Higher EducationA Centralised Lecture Capture System for Irish Higher Education
A Centralised Lecture Capture System for Irish Higher EducationBrian Mulligan
 
L12 digital transformation
L12 digital transformationL12 digital transformation
L12 digital transformationÓlafur Andri Ragnarsson
 
Section 508 & Accessibility - IDRAC 2014 - Timothy Creagon - US Access Board
Section 508 & Accessibility - IDRAC 2014 - Timothy Creagon - US Access BoardSection 508 & Accessibility - IDRAC 2014 - Timothy Creagon - US Access Board
Section 508 & Accessibility - IDRAC 2014 - Timothy Creagon - US Access BoardVirtual Ability, Inc.
 

More Related Content

Similar to OASIS - Identity 1.0

IWMW 2004: Life After Email Strategies For Collaboration in the 21st Century
IWMW 2004: Life After Email Strategies For Collaboration in the 21st CenturyIWMW 2004: Life After Email Strategies For Collaboration in the 21st Century
IWMW 2004: Life After Email Strategies For Collaboration in the 21st CenturyIWMW
 
Resume_Yuanchen_Liu_090816
Resume_Yuanchen_Liu_090816Resume_Yuanchen_Liu_090816
Resume_Yuanchen_Liu_090816Lui Liu
 
Building Successful API Programs in Higher Education
Building Successful API Programs in Higher EducationBuilding Successful API Programs in Higher Education
Building Successful API Programs in Higher Education3scale
 
Enabling the Digital Leap: Strategies for K–12 Schools
Enabling the Digital Leap: Strategies for K–12 SchoolsEnabling the Digital Leap: Strategies for K–12 Schools
Enabling the Digital Leap: Strategies for K–12 SchoolsCisco Enterprise Networks
 
Reading room li weiwei
Reading room li weiweiReading room li weiwei
Reading room li weiweiGRIDMMS
 
Reem_Elshourbagy Project portofolio
Reem_Elshourbagy Project portofolioReem_Elshourbagy Project portofolio
Reem_Elshourbagy Project portofolioReem El-shourbagy
 
MOOCs Platform Panorama
MOOCs Platform Panorama MOOCs Platform Panorama
MOOCs Platform Panorama Jingjing Lin
 
CIS 2015- Social Identity Management in Academia Real World BYOI- Tom Eggleston
CIS 2015- Social Identity Management in Academia Real World BYOI- Tom EgglestonCIS 2015- Social Identity Management in Academia Real World BYOI- Tom Eggleston
CIS 2015- Social Identity Management in Academia Real World BYOI- Tom EgglestonCloudIDSummit
 
TechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile ComputingTechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile ComputingAvtex
 
Web technology and e commerce ppt
Web technology and e commerce pptWeb technology and e commerce ppt
Web technology and e commerce pptSadashiva Tandur
 
Future of Wi-Fi for Events
Future of Wi-Fi for EventsFuture of Wi-Fi for Events
Future of Wi-Fi for EventsCorbin Ball
 
Slide Share Presentation V2
Slide Share Presentation V2Slide Share Presentation V2
Slide Share Presentation V2jodiharrison
 
Computer network coe351- part1- final
Computer network coe351- part1- finalComputer network coe351- part1- final
Computer network coe351- part1- finalTaymoor Nazmy
 
HE/Public Sector Update: Excelling in Digital Accessibility at Open University
HE/Public Sector Update: Excelling in Digital Accessibility at Open UniversityHE/Public Sector Update: Excelling in Digital Accessibility at Open University
HE/Public Sector Update: Excelling in Digital Accessibility at Open UniversityAbilityNet
 
Building Software Solutions Using Web 2.0 Technologies
Building Software Solutions Using Web 2.0 TechnologiesBuilding Software Solutions Using Web 2.0 Technologies
Building Software Solutions Using Web 2.0 TechnologiesAspire Systems
 
A Centralised Lecture Capture System for Irish Higher Education
A Centralised Lecture Capture System for Irish Higher EducationA Centralised Lecture Capture System for Irish Higher Education
A Centralised Lecture Capture System for Irish Higher EducationBrian Mulligan
 
Section 508 & Accessibility - IDRAC 2014 - Timothy Creagon - US Access Board
Section 508 & Accessibility - IDRAC 2014 - Timothy Creagon - US Access BoardSection 508 & Accessibility - IDRAC 2014 - Timothy Creagon - US Access Board
Section 508 & Accessibility - IDRAC 2014 - Timothy Creagon - US Access BoardVirtual Ability, Inc.
 

Similar to OASIS - Identity 1.0 (20)

IWMW 2004: Life After Email Strategies For Collaboration in the 21st Century
IWMW 2004: Life After Email Strategies For Collaboration in the 21st CenturyIWMW 2004: Life After Email Strategies For Collaboration in the 21st Century
IWMW 2004: Life After Email Strategies For Collaboration in the 21st Century
 
Resume_Yuanchen_Liu_090816
Resume_Yuanchen_Liu_090816Resume_Yuanchen_Liu_090816
Resume_Yuanchen_Liu_090816
 
Building Successful API Programs in Higher Education
Building Successful API Programs in Higher EducationBuilding Successful API Programs in Higher Education
Building Successful API Programs in Higher Education
 
Enabling the Digital Leap: Strategies for K–12 Schools
Enabling the Digital Leap: Strategies for K–12 SchoolsEnabling the Digital Leap: Strategies for K–12 Schools
Enabling the Digital Leap: Strategies for K–12 Schools
 
Intership report
Intership reportIntership report
Intership report
 
Reading room li weiwei
Reading room li weiweiReading room li weiwei
Reading room li weiwei
 
Reem_Elshourbagy Project portofolio
Reem_Elshourbagy Project portofolioReem_Elshourbagy Project portofolio
Reem_Elshourbagy Project portofolio
 
MOOCs Platform Panorama
MOOCs Platform Panorama MOOCs Platform Panorama
MOOCs Platform Panorama
 
CIS 2015- Social Identity Management in Academia Real World BYOI- Tom Eggleston
CIS 2015- Social Identity Management in Academia Real World BYOI- Tom EgglestonCIS 2015- Social Identity Management in Academia Real World BYOI- Tom Eggleston
CIS 2015- Social Identity Management in Academia Real World BYOI- Tom Eggleston
 
TechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile ComputingTechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile Computing
 
Web technology and e commerce ppt
Web technology and e commerce pptWeb technology and e commerce ppt
Web technology and e commerce ppt
 
Future of Wi-Fi for Events
Future of Wi-Fi for EventsFuture of Wi-Fi for Events
Future of Wi-Fi for Events
 
Slide Share Presentation V2
Slide Share Presentation V2Slide Share Presentation V2
Slide Share Presentation V2
 
Computer network coe351- part1- final
Computer network coe351- part1- finalComputer network coe351- part1- final
Computer network coe351- part1- final
 
HE/Public Sector Update: Excelling in Digital Accessibility at Open University
HE/Public Sector Update: Excelling in Digital Accessibility at Open UniversityHE/Public Sector Update: Excelling in Digital Accessibility at Open University
HE/Public Sector Update: Excelling in Digital Accessibility at Open University
 
I Planet Overview
I Planet OverviewI Planet Overview
I Planet Overview
 
Building Software Solutions Using Web 2.0 Technologies
Building Software Solutions Using Web 2.0 TechnologiesBuilding Software Solutions Using Web 2.0 Technologies
Building Software Solutions Using Web 2.0 Technologies
 
A Centralised Lecture Capture System for Irish Higher Education
A Centralised Lecture Capture System for Irish Higher EducationA Centralised Lecture Capture System for Irish Higher Education
A Centralised Lecture Capture System for Irish Higher Education
 
L12 digital transformation
L12 digital transformationL12 digital transformation
L12 digital transformation
 
Section 508 & Accessibility - IDRAC 2014 - Timothy Creagon - US Access Board
Section 508 & Accessibility - IDRAC 2014 - Timothy Creagon - US Access BoardSection 508 & Accessibility - IDRAC 2014 - Timothy Creagon - US Access Board
Section 508 & Accessibility - IDRAC 2014 - Timothy Creagon - US Access Board
 

OASIS - Identity 1.0

  • 1. Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006
  • 2. High-quality Internet for higher education and research In the beginning… Well, the 90’s: a chip card for higher education. It failed miserably.
  • 3. High-quality Internet for higher education and research … (2) Tests with mobile phones and e-banking (token based in NL). Piggybacking in 2001-2.
  • 4. High-quality Internet for higher education and research Authentication middleware, 2002 Authentication middleware that could act as a switch between multiple authentication methods and added SSO as a bonus.
  • 5. High-quality Internet for higher education and research A-Select 1.0 Q4-2002 First lesson: choose your project name carefully! Authentication selection. We’ll just call it A-Select “for now”.
  • 6. High-quality Internet for higher education and research 1.0 features • SSO • Multiple authentication methods • Simple “Cross” mode, full identity shared between domains 3 universities, 30.000 users. They liked it. We invested.
  • 7. High-quality Internet for higher education and research A-Select in 2002
  • 8. High-quality Internet for higher education and research A-Select in 2002 (2)
  • 9. High-quality Internet for higher education and research The marketing dilemma How do you get the other universities to use this? Encourage usage outside and within higher-ed
  • 10. High-quality Internet for higher education and research The question then becomes: Why don’t you use it?
  • 11. High-quality Internet for higher education and research 2002-3: versions 1.1 – 1.3 • Logging • APIs and protocol improvements • Better user database support • More AuthSPs
  • 12. High-quality Internet for higher education and research A-Select in 2003
  • 13. High-quality Internet for higher education and research 2003: Build a community • E-government chose A-Select, as did the public libraries • System integrators • More universities. Some 100.000 users in NL
  • 14. High-quality Internet for higher education and research 2004: Strengthen the community • e-government becomes DigiD, keep them on board • Work together with libraries • Add features: – fail over – more application integration components Open standards are becoming very important with Shibboleth and SAML, especially for higher education
  • 15. High-quality Internet for higher education and research 2004: A-Select diffusion Encourage usage via diffusion program: target 100,000 users by the end of 2006. Result: >> 200,000 users in higher ed and more are coming! Activities: • Documentation • Integration components • On site support • Project consultancy
  • 16. High-quality Internet for higher education and research 2005: Towards a Federation Release 1.4.1: integrating a lot of contributions from the community, massive clean-up of the codebase Release 1.4.2: Adding a simple yet flexible authorization engine and attribute acquisition (using, CGI, SOAP, LDAP)
  • 17. High-quality Internet for higher education and research A-Select in 2005
  • 18. High-quality Internet for higher education and research A-Select in 2005
  • 19. High-quality Internet for higher education and research 2005: Digid more and more visible First cities are using Digid as an A-Select based IdP First tests with online tax forms with Digid as IdP
  • 20. High-quality Internet for higher education and research 2006: Federation for real Release 1.5: adds SAML 1.1 with Shibboleth profiles. A-Select can act as IdP for Shib-protected resources. From 2007 onwards Digid mandatory for online tax forms Millions of users.
  • 21. High-quality Internet for higher education and research Federation in 2006 users identities central federation components resources (SAML) SAML
  • 22. High-quality Internet for higher education and research Winding down • Apache style licensed • 98% Java based code • > 5 authN Methods • Healthy market and community • millions of users • Incremental growth has paid of: from authN to federation middleware • Open source is a viable model for “NL as a company”
  • 23. High-quality Internet for higher education and research What’s next • 1.6 • WS-* support • SAML 2.0 support • A-Select starter kit (with Linux, reverse proxy, ...)
  • 24. High-quality Internet for higher education and research Expanding internationally Open standards important for collaboration! Thank you, OASIS!
  • 25. High-quality Internet for higher education and research Questions / discussion Maarten.Koopmans@surfnet.nl