Identity Management: Shibboleth Activity Update

Slides:

Advertisements

Similar presentations

All About Attributes (in federated identity) Nate Klingenstein 30 January 2007 OGF 19 Chapel Hill.

Advertisements

PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

College An insight Into the College VLE Graham Mason

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

Schema: eduPerson views Michael R Gettes Duke University EuroCAMP, November 2005.

Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.

Cañon City Weather Averages Boulder Weather Averages Denver Weather Averages Colorado Springs Weather Averages Fort Collins Weather Averages Total Avg.

Graduate Catalog Automation & Publication Project Graduate Catalog Automation & Publication Project.

Feide is a identity management system on a national level for the educational sector in Norway. Federated Electronic Identity for Norwegian Education Tromsø,

Extranet Enhancements JTC Spring 2015 May 13, 2015.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Attribute Resolution. 2 © 2010 SWITCH Terms: Attribute A piece of information about a user. Each attribute has a unique ID and has zero of more values.

Single Sign-On Offerings Dustin MacIver EBSCO Publishing 6/4/2011.

Login Screen: Login Screen is the first screen. We need to enter valid user name and password to login into colleges main dashboard. Enter valid user name.

01 February 2002 Directories are Fundamental Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect University.

Colorado’s Universities & Schools of Engineering.

DLM: The uPortal Pushmi-Pullyu JA-SIG with Altitude, Denver 2007 Susan Bramhall,Yale University Jim Helwig, University of Wisconsin-Madison.

Shibboleth as Attribute Delivery for Authorization Renee Shuey Penn State University June 27, 2006.

R utgers C ommunity R epository RU CORE 1 A Statewide Community of Trust: An RUcore Implementation using Shibboleth and XACML The Fourth International.

Directories Keith Hazelton, University of Wisconsin Brendan Bellina, University of Notre Dame Tom Barton, University of Chicago.

Shibboleth for Real Dave Kennedy

The UK Access Management Federation for education and research John Chapman, Project Adviser, Technical Policy & Standards.

Schema: eduPerson views Michael R Gettes Duke University EuroCAMP, March 2005.

Shibboleth at Columbia Update David Millman R&D July ’05

Digital Preservation Ontario Consortium of University Libraries (OCUL) Caitlin Tillman OCUL IR Chair With notes from Kathy Scardellato, OCUL Executive.

Overview of schemas used for IdM community Setting up of identity provider Motonori Nakamura, National Institute of Informatics, Japan 2nd TEIN IAM Workshop.

Gold Rush Electronic Resource Discovery and Management System George Machovec Colorado Alliance of Research Libraries

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

The UK Access Management Federation John Chapman Project Adviser – Becta.

Shibboleth Trust Model Shibboleth/SAML Communities (aka Federated Administrations) Club Shib Club Shib Application process Policy decision points at the.

Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

Filling institutional repositories: considering copyright issues Susan Veldsman eIFL Content Manager

May I introduce you to eduPerson? Keith Hazelton Sr. IT Architect, UW-Madison TNC 2001, Antalya, Turkey, 15-May-2001.

A Member of StarDyne Technologies Revised on April 7, 2013 Task Manager QUICK REFERENCE FOR AUTHORIZERS.

Middleware: Directories LDAP-Recipe Michael R Gettes Georgetown University.

Attribute Filtering. © 2010 SWITCH 2 Terms: Attribute Filter Policy A policy containing a trigger, that indicates if the policy is active, and a set of.

Building Foundations: Fedora, Fez, and the ADR prepared by Jessica Branco Colati ADR Project Director, Colorado Alliance of Research Libraries

Fedora, Fez, and the ADR an ePoster presented at Institutional Repositories: Disseminating, Promoting, and Preserving Scholarship Utah State University.

Middleware: Directories Metadirectories Related Work Brendan Bellina, University of Notre Dame.

David Millman—Columbia January 2005

Guidelines for attribute translation to X.509

Using Your Own Authentication System with ArcGIS Online

Federated Identity Management at Virginia Tech

CollegeSource Security Application &

Shibboleth Integration Fairfield University

LMEvents SharePoint Portal How-to Guide

GakuNin: Federated Identity Management Activities in Japan

Chapter 6: Community Features.

AARC2 JRA1 Nicolas Liampotis

Shibboleth Implementation in EZproxy

Cloud Connect Seamlessly

Prospector: Back to the Basics

Shared Shelf User Group

Digital Repositories The management of learning objects

Dartmouth College Status Report

The French federation Eurocamp 2007 Helsinki

Shibboleth as Attribute Delivery for Authorization

JSTOR as a Shibboleth Target

IPMA Portal Presentation

Identity Management at the University of Florida

Shibboleth Deployment Overview

Shibboleth Service Providers: Technical Requirements and Considerations or How I Spent My Winter/Spring/Summer Vacation Scott Cantor Copyright.

The Attribute and the ecosystem

Data, Policy, Stakeholders, and Governance

The OpenAthens Admin Dashboard provides a high-level snapshot of account activity and resource usage, along with shortcuts to other areas of the Admin.

Presentation transcript:

Identity Management: Shibboleth Activity Update Authentication and Authorization in the ADR

Alliance Member Institutions University of Colorado Boulder, Denver (Downtown/Anschutz Medical Campus), Colorado Springs Colorado State University Fort Collins University of Northern Colorado University of Denver Regis University Colorado College Denver Public Library University of Wyoming Colorado School of Mines

Shifting Paradigms

Shifting Paradigms

http://adr.coalliance.org

Screenshots of Institutional Fez Portal Main Pages

FezACML Authorization LEVELS Community Collection Record Primary Content File Datastream ROLES Lister Viewer Creator Editor Approver Commentor Comment Viewer Archival Master Viewer OBJECT CLASSES/ ATTRIBUTES AD Fez eduPerson

Leaving the librarians with a BIG question…

What do we put here?

What do we put here? Should I put staff or employee? Is this attribute available? What’s the OrgUnitDN for the Physics Department? For Alumni Relations?

Configurations and Sign-ons Authentication Configurations and Sign-ons

Shib LDAP

eduPerson Attributes eduPersonAffiliation eduPersonEntitlement eduPersonNickname eduPersonOrgDN eduPersonOrgUnitDN eduPersonPrimaryAffiliation eduPersonPrimaryOrgUnitDN eduPersonPrincipalName eduPersonScopedAffiliation eduPersonTargetedID

Attribute Considerations eduPersonScopedAffiliation Technically “scope” is a security domain. Institutions need to define and publish available scopes. (e.g. giltner@colorado.edu vs. giltner@its.colorado.edu) Can multiple apply? (Use scope to get more granular)?

Attribute Considerations eduPersonEntitlement Value is a URI (either URL or URN). Could be a name or locator of the “allowed” resource: https://domain.edu/collection/record?read Or could be a name of a “resource attribute” about the user: urn:mace:colorado.edu:course:psyc:1200:student