TERENA EUROCamp 2010 Dyonisius Visser

Slides:

Advertisements

Similar presentations

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board

Advertisements

Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki Mikael Linden, CSC – IT Center for Science

DK update David Simonsen, WAYF (the federation formerly known as DK-AAI) It's a WAYFIt's about consentIt's a project.

Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.

TERENA TF-EMC2 15 feb 2011 Dyonisius Visser

TERENA EUROCamp 2010 Dyonisius Visser

SWITCHaai Team Federated Identity Management.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

In the web address box enter Enter your user ID (first and last initial 7 digit ID number) Select Log in.

Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.

Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.

Federated Identity and Shibboleth Concepts Rick Summerhill Chief Technology Officer Internet2 GEC3 October 29, 2008 Slides by Nate Klingenstein

Kalmar Union lessons: Findings in federation harmonisation REFEDS Mikael Linden, CSC.

Overview of schemas used for IdM community Setting up of identity provider Motonori Nakamura, National Institute of Informatics, Japan 2nd TEIN IAM Workshop.

Page 1 User Accounts Lecture 3 Hassan Shuja 09/21/2004.

Implementing and Using the SIRWEB Interface Setup of the CGI script and web procfile Connecting to your database using HTML Retrieving data using the CGI.

Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent.

Federating non-web services with LDAP-Façade

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Brown University Leveraging Social Identities Steve Carmody CSG, May 15, 2013.

Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team

DANTE AAI Training: Part 2: Under the Hood Nicole Harris, TERENA.

Identities and Azure AD Premium

REFEDs Wiki A test-bed for cross-federation practices ? Firstname Lastname Job title

Networks ∙ Services ∙ People Andrea Biancini #TNC15, Porto, Portugal Implementing Grouper to federate user authorization Federated Authorization.

How eduGAIN can help education: a real life story Sabita Behari Product Manager TNC14.

Gmail Customer Service Phone Number

Access Policy - Federation March 23, 2016

The EGI AAI “CheckIn” Service

Cross-sector and user-centric AAI

EuroCAMP Authentication (AuthN)

TrustTech - Task Overview (GN4-2 JRA3-T3)

EGI Updates Check-in Matthew Viljoen – EGI Foundation

 Xfinity is an American based company  Xfinity is basically a telecommunication company  They provide network services to the people of America  Xfinity.

Federation made simple

Federation Systems, ADFS, & Shibboleth 2.0

Bring the WLCG federation Home

eduTEAMS platform for collaboration Niels Van Dijk

Identity Federations - Overview

Jean-François Perrin (ILL) - Umbrella Annual Meeting 2015

CheckIn: the AAI platform for EGI

AAI Alignment Nicolas Liampotis (based on the work of Mikael Linden)

Are you ready for a federated security incident?

Active Directory Administration

AARC2 JRA1 Nicolas Liampotis

dCache, towards Federated Identities and Anonymized Delegation

Fix The logging Issue Onto Apple 4 th Generation device for HBO GO Smart Tv Help Line Toll Free ( )

Yahoo tech support Services Contact Now For more details visit at:- support-numberus.com/yahoo-support-number/ support-numberus.com/yahoo-support-number/

Centurylink Password Recovery Number

GÉANT 4-2 JRA3 T1 and T2 Federations and Campus (CaFe) e-Infrastructures and Service Providers (RASP) Daniela Pöhn JRA3 T1 LRZ/DFN-AAI Technology Exchange.

Quicken Connection issues Number More info :

Quicken Contact Support Number More info :

Juno Password Reset Number

How Can I Create A Gmail Account

How To Add Non-DOD Staff to RMS 3.0 Government Mode

Create an Account Click on the button next to the Create Account Click

AARC Blueprint Architecture and Pilots

Supporting communities with harmonized policy

Mechanisms for Distributed Global Authentication David R Newman.

EuroCAMP Authentication (AuthN)

Welcome to Support Assistant AOL Support Service - Get instantaneous resolution for any type of errors or issues or problems you might come.

UK Access Management Federation

Community AAI with Check-In

Training 101 : Accessing iBoomerang Tools

LinkedIn /ˌlɪŋkt.ˈɪn/ is a business-oriented social networking service. It was founded in December 2002 and launched on May , it is mainly used for.

Help Me FedEx – Installing and Using

WELCOME How to Setup Yahoo Account Key Feature in Browser? CONTACT US

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

INTEGRATIONS WITH Enterprise HRIS

Presentation transcript:

AAI @ TERENA EUROCamp 2010 Dyonisius Visser visser@terena.rg www.terena.org AAI @ TERENA

Where it all started REFEDS Wiki Dog food MediaWiki + SimpleSAMLphpAuth One SP Accumulated > 20 IdPs  <lastname@terena.org>

Next SP comes along TACAR  Will need to contact several IdPs again to exchange metadata  3rd SP 4th SP etc etc

Too many IdP-SP combinations Difficult to manage:

New approach: cheating Create one SP to connect all our IdPs to “Hide” all our REAL SPs behind that External IdPs only do business with a single TERENA SP We get to do fancy stuff at our magic SP

Password hashes….

What could be the “?” Attribute injection authproc: SmartAttr.php

SmartAttr.php Generate globally unique identifier for ALL possible users Pick first available attribute name+value from: eduPersonTargetedID eduPersonPRincipalName openid sha1(salt.serialize(attributes)) Append @$IdP Results:

SmartID exa,mples: urn:mace:dir:attribute-def:eduPersonTargetedID:c4bcbe7ca8eac074565291fd5524caa88f3115c8@terena.org@https://login.terena.org/idp/saml2/idp/metadata.php urn:mace:dir:attribute-def:eduPersonPrincipalName:horvath@terena.org@https://login.terena.org/idp/saml2/idp/metadata.php openid:https://www.google.com/accounts/o8/id?id=AItOawk1wEwIIRLSKf6kWb_1Rb0X00psc3lPqWU@https://login.terena.org/bridge/saml2/idp/metadata.php

More attributes Fullname: Stolen from Olav  Organisation: first available from: organizationName Uppercase version of schacHomeOrganization, without TLD Uppercase version of email domain without TLD Uppercase version of eduPersonPrincipalName domain without TLD String ‘MY_ORG’ Country, fname, lname, email, etc

Group membership To be implemented…..

Concepts We will have homeless users -> guest accounts Everyone can login to any service “logged-in” does not mean anything (well….) https://tnc2010.omega.terena.org One page to manage all your data (‘profile’ page) Similar to Switch.ch javascript sidebar To be implemented

Issues encountered Changing your SP metadata at remote parties takes a long time  non-technical, so think twice Non-federated users – don’t run ourselves Too may guest options now!!! Provisioning before users log in -> not possible Globally persistent ID