DK update David Simonsen, WAYF (the federation formerly known as DK-AAI) It's a WAYFIt's about consentIt's a project.

Slides:

Advertisements

Similar presentations

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.

Advertisements

Federation management A mess? Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.

>> Fronter Helsinki, April 8 th, 2008 Aleksander Pettersen.

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.

Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki Mikael Linden, CSC – IT Center for Science

Why a special Danish SAML 2.0 profile? Cultural extensions – e.g Attributes like Business number, etc. Remove complexity in subset of standard that fulfills.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

The WAYF way Trusted Third Party federation (TTP) David Simonsen, EMC2 Utrecht December 4, 2008.

Shibboleth at Newcastle Caleb Racey Webteam ISS Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib.

Kalmar Union Mikael Linden CSC, the Finnish IT Center for Science.

Why are HEAnet in this space? –Collaborative, shared and cloud services –IP address access control and IPv6 –Synergy with eduroam (single credential, eduGAIN)

Brown University Shibboleth at Brown University James Cramton May 28, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.

Brown University Shibboleth at Brown University James Cramton March 5, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

TERENA EUROCamp 2010 Dyonisius Visser

SWITCHaai Team Federated Identity Management.

AAI with simpleSAMLphp

Feide is a identity management system on a national level for the educational sector in Norway. Federated Electronic Identity for Norwegian Education Tromsø,

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.

CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science

Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Update Finland TF-EMC Mikael Linden CSC, the Finnish IT Center for Science.

Shibboleth for Real Dave Kennedy

Kalmar Union, a Conferedation of Nordic Identity Federations TNC2009 Mikael Linden, CSC Andreas Solberg, UNINETT.

Shibboleth at the U of M Christopher A. Bongaarts code-people June 2, 2011.

Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.

Towards Interconnecting the Nordic Identity Federations TNC2007 Walter M Tveter, UiO Mikael Linden, CSC/HAKA Ingrid Melve, Uninett/Feide.

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Connect. Communicate. Collaborate Place organisation and project logos in this area AAIEye – A Monitoring Tool For AAI’s Mika Suvanto, CSC TNC 2008, Bruges.

Kalle (Kielipankki) Project Architecture Draft

Kalmar Union lessons: Findings in federation harmonisation REFEDS Mikael Linden, CSC.

Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.

Federations round table Haka federation of Finland EuroCAMP Mikael Linden CSC, the Finnish IT Center for Science.

Shibboleth at the U of M Christopher A. Bongaarts net-people March 10, 2011.

Overview of schemas used for IdM community Setting up of identity provider Motonori Nakamura, National Institute of Informatics, Japan 2nd TEIN IAM Workshop.

Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Services Information University Project Sentinel Middleware & Identity Management for the Health Sciences Chad La Joie Georgetown University.

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

CARSI: Federated Identity and Resource Sharing over CERNET Dr. PING CHEN Peking University( 北京大学 ) Jan, 24 th, 2008.

Why Scoping a is MUST HAVE in a centralized federation model Jacob-Steen Madsen WAYF-sekretariatet

Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.

June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.

Brown University Leveraging Social Identities Steve Carmody CSG, May 15, 2013.

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

Géant-TrustBroker Dynamic inter-federation identity management Daniela Pöhn TNC2014 Dublin, Ireland May 19 th, 2014.

David Millman—Columbia January 2005

The EGI AAI “CheckIn” Service

Federated Identity Management at Virginia Tech

Mechanisms of Interfederation

EGI Updates Check-in Matthew Viljoen – EGI Foundation

Shibboleth Project at GSU

Extending Authentication to Members of Social Networks

Géant-TrustBroker Dynamic inter-federation identity management

John O’Keefe Director of Academic Technology & Network Services

CheckIn: the AAI platform for EGI

Revamping IdP in the Cloud pilot activities

GakuNin: Federated Identity Management Activities in Japan

Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007

Consent and Federated Identity

AAI Architectures – current and future

TERENA EUROCamp 2010 Dyonisius Visser

CSC, the Finnish IT Center for Science

Presentation transcript:

DK update David Simonsen, WAYF (the federation formerly known as DK-AAI) It's a WAYFIt's about consentIt's a project

SAML2 LDAP Host’ed simpleSAMLphp Shibboleth CAS WAYF architecture

Supported interfaces SP: SAML2 SP: Shibboleth 1.3 IdP: SAML2 IdP: LDAP (hosted login page) IdP: CAS + LDAP

IdM requirements Describe your IdP routines (will not be publicly available) 24 hours after status is changed, status is changed... LoA - not supported Strenth of initial authentication not flagged

Attributes MUST ---- Personal information----- SurName GivenName CommonName eduPersonPricipleName Mail eduPersonPrimaryAffiliation Information about the organisation----- schacHomeOrganization MAY ---- Personal information ---- norEduPersonNIN eduPersonScopedAffiliation PreferredLanguage eduPersonEntitelment Information about the organisation Attributtes provided / generated by WAYF eduPersonTargedID (hash (SP-ID + hash (IdP-ID + salt + unique-personID) + salt) OrganizationName

Attribute profiles Normal profile eduPersonPrimaryAffiliation schacHomeOrganization Extended profile with persistent ID eduPersonPrimaryAffiliation schacHomeOrganization eduPersonTargedID Extended profil with persistent ID and name eduPersonPrimaryAffiliation schacHomeOrganization eduPersonTargedID SurName GivenName CommonName Extended profil with persistent ID, name and eduPersonPrimaryAffiliation schacHomeOrganization eduPersonTargedID SurName GivenName CommonName mail

WAYF is live as of 28th of March 2008 All central services running WAYF, consent, consent-admin Central federating component (CFC): simpleSAMLphp Contract draft (turned down yesterday) websites open (Danish only so far) Production evironment + QA Press release to come (with ministers)

Only a few services still Cross federated to FEIDE (OpenWiki, Foodle) WAYF is live

Connected institutions The Royal Library Roskilde University Syddansk University The State Library WAYF Orphanage Århus University Technical University of DK

Planned services Connect, Forskningsnettets videotjeneste DSB NetID BBC Motion Gallery Danske reklamefilm eduMedia, Forskningsnettet Studenterportaler

NIAS, Nordisk Inst. for Asien Studier (Kalmar) Microsoft's 'Dream Sparks' ElseVier (forlag) OVID (forlag) EBSCO (forlag) WAYF-baseret ID-oprettelse Planned services

Users' consent

The users' informed consent Obligation to inform Consent Volontarily Informed Specific No personal info is kept

Ingen personlige oplysninger gemmes 2km4756k4l3n43j34j3 8ds989g+sdfhkjrwk30 !

DEMONSTRATION wiki.dk-aai.dk min.php min.php