TERENA EUROCamp 2010 Dyonisius Visser

Slides:

Advertisements

Similar presentations

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board

Advertisements

Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki Mikael Linden, CSC – IT Center for Science

2006 © SWITCH Group Management Tool Lukas Haemmerle

Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) FIM for research collaboration workshop Mikael Linden,

DK update David Simonsen, WAYF (the federation formerly known as DK-AAI) It's a WAYFIt's about consentIt's a project.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

TERENA TF-EMC2 15 feb 2011 Dyonisius Visser

Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.

SWITCHaai Team Federated Identity Management.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

GakuNin Registration System Motonori Nakamura, NII Japan APAN33 rd Meeting (16 Feb. 2012)

CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science

Identity Management Report By Jean Carreon and Marlon Gonzales.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

Textual Password How to use the Textual Authentication Model (AC)

Supporting Are we ready? REFEDS, Oct 2013 Ann Harding

Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.

Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.

Introducing HingX now with Capacity Development Network.

Federated Identity and Shibboleth Concepts Rick Summerhill Chief Technology Officer Internet2 GEC3 October 29, 2008 Slides by Nate Klingenstein

Kalmar Union lessons: Findings in federation harmonisation REFEDS Mikael Linden, CSC.

Géant-TrustBroker project overview Slides assembled by the Géant-TrustBroker team at Leibniz Supercomputing Centre, Germany for a short presentation by.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Overview of schemas used for IdM community Setting up of identity provider Motonori Nakamura, National Institute of Informatics, Japan 2nd TEIN IAM Workshop.

Page 1 User Accounts Lecture 3 Hassan Shuja 09/21/2004.

MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.

Implementing and Using the SIRWEB Interface Setup of the CGI script and web procfile Connecting to your database using HTML Retrieving data using the CGI.

Facebook is a social utility that connects you with the people around you. Use Facebook to…  Keep up with friends and family  Share photos and videos.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Our Destiny Has Arrived (at least at the library).

Brown University Leveraging Social Identities Steve Carmody CSG, May 15, 2013.

Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team

DANTE AAI Training: Part 2: Under the Hood Nicole Harris, TERENA.

REFEDs Wiki A test-bed for cross-federation practices ? Firstname Lastname Job title

Networks ∙ Services ∙ People Andrea Biancini #TNC15, Porto, Portugal Implementing Grouper to federate user authorization Federated Authorization.

Open Collaboration Exchange Alexander Blanc, Niels van Dijk, Jocelyn Manderveld, Remco Poortinga - van Wijnen VAMP 2013, Espoo.

How eduGAIN can help education: a real life story Sabita Behari Product Manager TNC14.

Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.

Access Policy - Federation March 23, 2016

The EGI AAI “CheckIn” Service

Boosting AAI for research and collaboration

Cross-sector and user-centric AAI

EuroCAMP Authentication (AuthN)

EGI Updates Check-in Matthew Viljoen – EGI Foundation

Federation made simple

eduTEAMS platform for collaboration Niels Van Dijk

Identity Federations - Overview

CheckIn: the AAI platform for EGI

Boosting AAI for research and collaboration

AARC2 JRA1 Nicolas Liampotis

dCache, towards Federated Identities and Anonymized Delegation

Fix The logging Issue Onto Apple 4 th Generation device for HBO GO Smart Tv Help Line Toll Free ( )

GÉANT project update eduTEAMS - AAI as a Service for Collaborative organisations Introduction Status Pilots New Features – input requested InAcademia –

GÉANT 4-2 JRA3 T1 and T2 Federations and Campus (CaFe) e-Infrastructures and Service Providers (RASP) Daniela Pöhn JRA3 T1 LRZ/DFN-AAI Technology Exchange.

Website: Contact No: ID:

AAI For Researchers Licia Florio AARC Project Coordinator GÉANT DI4R

AARC Blueprint Architecture and Pilots

AARC2 JRA1 Update Nicolas Liampotis

Mechanisms for Distributed Global Authentication David R Newman.

EuroCAMP Authentication (AuthN)

TERENA EUROCamp 2010 Dyonisius Visser

UK Access Management Federation

Creating (or linking) an ORCID profile from within Pure

Community AAI with Check-In

LinkedIn /ˌlɪŋkt.ˈɪn/ is a business-oriented social networking service. It was founded in December 2002 and launched on May , it is mainly used for.

WELCOME How to Setup Yahoo Account Key Feature in Browser? CONTACT US

INTEGRATIONS WITH Single Sign-On

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

INTEGRATIONS WITH Enterprise HRIS

Presentation transcript:

TERENA EUROCamp 2010 Dyonisius Visser

Slide 2 Where it all started ›REFEDS Wiki ›Dog food ›MediaWiki + SimpleSAMLphpAuth ›One SP ›Accumulated > 20 IdPs

AuthZ – sort of Slide 3

Next SP comes along ›TACAR ›Will need to contact several IdPs again to exchange metadata  ›3 rd SP ›4 th SP etc etc Slide 4

Too many IdP-SP combinations ›Difficult to manage: Slide 5

New approach: cheating ›Create one SP to connect all our IdPs to ›“Hide” all our REAL SPs behind that ›External IdPs only do business with a single TERENA SP ›We get to do fancy stuff at our magic SP Slide 6

Slide 7

What could be the “?” ›Attribute injection ›authproc: SmartAttr.php Slide 8

SmartAttr.php ›Generate globally unique identifier for ALL possible users ›Pick first available attribute name+value from: ›eduPersonTargetedID ›eduPersonPRincipalName ›openid ›sha1(salt.serialize(attributes)) ›Results: Slide 9

SmartID exa,mples: ›urn:mace:dir:attribute- def:eduPersonTargetedID:c4bcbe7ca8eac a.php ›openid: d=AItOawk1wEwIIRLSKf6kWb_1Rb0X00psc3lPqW adata.php Slide 10

More attributes ›Fullname: Stolen from Olav ›Organisation: first available from: ›organizationName ›Uppercase version of schacHomeOrganization, without TLD ›Uppercase version of domain without TLD ›Uppercase version of eduPersonPrincipalName domain without TLD ›String ‘MY_ORG’ ›Country, fname, lname, , etc Slide 11

Group membership ›To be implemented….. Slide 12

Concepts ›We will have homeless users -> guest accounts ›Everyone can login to any service ›“logged-in” does not mean anything (well….) › ›One page to manage all your data (‘profile’ page) ›Similar to Switch.ch javascript sidebar ›To be implemented Slide 13

Issues encountered ›Changing your SP metadata at remote parties takes a long time non-technical, so think twice ›Non-federated users – don’t run ourselves ›Too may guest options now!!! ›Provisioning before users log in -> not possible ›Globally persistent ID Slide 14