Earthdata Login and Open ID A Look at Federated User Identities

Slides:



Advertisements
Similar presentations
Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board
Advertisements

How is OpenID helping Google? Steven Bazyl Developer Advocate
Identity Theft and Online Identity Solutions Heidi Inman May 29, 2008.
Managing your Network using Joint-Techs Lightning Talk Fermilab David Farmer July 18 th 2007.
‘Lord’ was a click away from £229m “They installed software on the company computers allowing them to steal [Sumitomo bank] staff user names and passwords”
By: Ansuya Chauhan.
The Widgets Shall Inherit the Web Widget Summit 4 November 2008.
Lots of sites care about “who you know”… Lots of talk about “opening up the social web”…
Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.
Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.
In a world with lots of socially-aware sites… …and lots of “open social web” building blocks…
Introduction to OpenID Huanxing Shen WHIM 2009Spring.
Account Management Best Practices OpenID for Mobile Webfinger Allen Tom Yahoo! Membership
CESA #1 IPAD BOOTCAMP A 60 minute intro to the CESA #1 IPad for use in agency services.
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.
Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions.
What makes users refuse web single sign-on? An empirical investigation of OpenID S.-T. Sun, E. Pospisil, I. Muslukhov, N. Dindar, K. Hawkey, and K. Beznosov.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
Distributed systems – Part 2  Bluetooth 4 Anila Mjeda.
Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.
COMPDIRS NATHAN DORS APRIL 16, AGENDA  IAM – who we are, what we do  HRP Modernization & Workday  What’s new in IAM?  Identity.UW soft.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
Lecture 10 Single Sign-On systems. What is Single Sign-on? Lets users authenticate themselves once and access different applications without re-authentication.
Openid Connect
Identity Management Hannes Tschofenig. Motivation OAuth was created to allow secure and privacy friendly sharing of data. OAuth is not an authentication.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.
Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.
Federated Identity and Shibboleth Concepts Rick Summerhill Chief Technology Officer Internet2 GEC3 October 29, 2008 Slides by Nate Klingenstein
May 7, 2013 CEOS WGISS-35 Meeting 1 GEOSS Authentication and Single Sign-On Steven F. Browdy OMS Tech, Inc. IEEE.
Parent/Guardian Identity & Access. The Needs Parents/Guardians need to access their child’s data via the EDP School Districts need to verify parent/guardian.
The Social Web: An Implementer's Guide Google I/O May 2009 Google Moderator:
Multifactor Identification for Internet Banking Citizens State Bank Monticello, Iowa
SIF for US Science Michael Helm Esnet 09 June 2011.
1 Welcome & Introductions Main Screen – Accessing & Logging In Welcome Page  End User User Self-Service  Update Profile  Forgot Password  Setup/Manage.
Review Of Single Sign On Systems Mansee A. Mongia 05 th March,2008.
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
Building consumer apps with Azure AD B2C
Adxstudio Portals Training
Getting started with VendorVision Getting started with VendorVision Congratulations on using VendorVision! To get started, go to the VendorVision.
2003 © SWITCH Authentication and Authorisation Infrastructure - AAI Christoph Graf Project Leader AAI SWITCH.
In a world with lots of socially-aware sites… …and lots of “open social web” building blocks…
SSO Challenge s Implementing Identity Management: ADFS and Azure AD Hugh Valentine Head of Business Development Cloud Point Steve Rastall Managing Director.
Discovery Best Practices ESIP Winter Meeting, 10:30am January 8, 2015 Doug Newman (NASA Earthdata – Raytheon) This work was supported by NASA/GSFC under.
Secure Mobile Development with NetIQ Access Manager
OpenID Connect: An Overview Pat Patterson Developer Evangelist Architect
11 | Managing User Info Jeremy Foster Michael Palermo
Application Authentication using Azure AD
GEOSS Federated Single Sign-On
8 online danger tips By: kailee bariring.
Azure Active Directory - Business 2 Consumer
Data and Applications Security Developments and Directions
The innocent login form
ONLINE BANKING ON YOUR PHONE
HOW TO MAKE YOUR GMAIL ACCOUNT SECURE…. At Google, we take account security very seriously. To protect your account, we strongly recommend following the.
Changing of Apple ID Payment Information Settings  Open Settings and go to iTunes & App Store  Tap on Apple ID – this brings up a menu  Tap on View.
OpenID Connect Working Group
Internet safety By DAGAS YACMAS team.
Authentication and Authorization Federation
ACS Deployment Scenarios
The Social Web: An Implementer's Guide
ADUG 21-Oct 2013 Grahame Grieve
Authorization Made Simple….Sort of
X2VOL Student Login JUNE 2013.
07 | Introduction to Authentication
WELCOME How to Setup Yahoo Account Key Feature in Browser? CONTACT US
OpenID Connect Working Group
Presentation transcript:

Earthdata Login and Open ID A Look at Federated User Identities Brett McLaughlin ESDIS Project April 4, 2017 This work was supported by NASA/GSFC under Raytheon Co. contract number NNG10HP02C

Agenda What are Earthdata Login’s Goals? A Brief Primer on OpenID Pros and Cons Questions and Answers

What are Earthdata Login’s Goals? Earthdata Login and OpenID What are Earthdata Login’s Goals?

Abbreviated Goals Provide user access information related to ESDIS- and ESDIS-affiliated systems for use in metrics and analysis Allow users to create and maintain a profile for preference-based data sharing between applications. Lower the barrier of entry to application from true authentication to user “identification.”

Audience Internal to NASA, internal to ESDIS NASA IDs, government affiliation, trusted* Internal to NASA, external to ESDIS Nasa IDs, government affiliation, semi-trusted External to NASA, “trusted” by ESDIS Possible government affiliation, semi-trusted External to NASA, unknown by ESDIS Doubtful government affiliation, untrusted * Trust here is related to screening prior to providing access to ESDIS systems.

It’s… Complicated Lower complexity Higher security Decreasing Ease of Use

Challenges The “one more password” problem Identification “feels like” authentication to users The “one more password” problem Passwords are a can of worms… ...moreso if you aren’t even an authentication system!

Wouldn’t it be dreamy if someone else could handle this authentication stuff, and just TELL ME who a user is?

A Brief Primer on OPenID Earthdata Login and OpenID A Brief Primer on OPenID

What is OpenID?* “OpenID allows you to use an existing account to sign in to multiple websites, without needing to create new passwords.” * http://openid.net/what-is-openid/

What is OpenID Connect?* “It lets app and site developers authenticate users without taking on the responsibility of storing and managing passwords in the face of an Internet that is well-populated with people trying to compromise your users’ accounts for their own gain.” * http://openid.net/connect/faq/

Open ID first, Earthdata Login (and OAuth 2.0) second http://nat.sakimura.org/2013/07/05/ identity-authentication-oauth-openid-connect/

In other words…

Participating Providers AOL Google PayPal Verisign Yahoo * http://openid.net/ u-s-government-openid-pilot-program-participants/

Earthdata Login and OpenID Pros and Cons

A Point of Clarity We are talking about…

Pros Transfers the burden of authentication from a managed system to a trusted one Introduces best practices in password/account management Relies on established OpenID Connect partners: Google, PayPal, etc.

Cons Introduces additional API (OpenID Connect) and interoperability concerns Could result in information redundancy between Earthdata Login and OpenID Connect partner Exacerbates the “Which password?” problem for users with lots of accounts Builds a “link” between NASA/ESDIS and commercial providers

Earthdata Login and OpenID Questions and Answers

Earthdata Login and Open ID A Look at Federated User Identities Brett McLaughlin ESDIS Project April 4, 2017 This work was supported by NASA/GSFC under Raytheon Co. contract number NNG10HP02C

This work was supported by NASA/GSFC under Raytheon Co This work was supported by NASA/GSFC under Raytheon Co. contract number NNG10HP02C

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.