Www.eduserv.org.uk/openathens Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.

Slides:



Advertisements
Similar presentations
Secure Single Sign-On Across Security Domains
Advertisements

OpenAthens LA 2.0 implementation Matt Durant. Outline Bath Spa University Why single sign-on? –Improving the user experience The project / decision making.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Introduction to OpenID Huanxing Shen WHIM 2009Spring.
Will Darby April  What is Federated Security  Example Implementations  Security Assertion Markup Language (SAML) Overview  Alternative.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Authentication via campus single sign-on 2012 VIVO Implementation Fest.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.
Developments in Access and Identity Management Phil Leahy – Athens Product Manager.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Catalyst 2002 SAML InterOp July 15, 2002 Prateek Mishra San Francisco Netegrity.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
Aoife Lawton Systems Librarian HSE. Outline eLibrary models of authentication Library/Librarian visibility – some tips Mobile technologies Federated Search.
Identity Management Report By Jean Carreon and Marlon Gonzales.
Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
Integrating with UCSF’s Shibboleth system
Help your users to discover your content With OpenAthens & Link Resolvers Lyn Norris.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
Chad La Joie Shibboleth’s Future.
The I-Trust Federation: Federating the University of Illinois Keith Wessel Identity Management Service Manager University of Illinois at Urbana-Champaign.
Catalyst 2002 SAML InterOp July 15, 2002 San Francisco.
Shibboleth 2.0 IdP Training: Authentication January, 2009.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
LDS Account and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions.
Federated Identity and Shibboleth Concepts Rick Summerhill Chief Technology Officer Internet2 GEC3 October 29, 2008 Slides by Nate Klingenstein
Shibboleth: An Introduction
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
Authentication in the information industry: the challenges Rob Scaysbrook, International Sales Manager
Security Solutions Rachana Ananthakrishnan University of Chicago.
LDS Account and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions.
SSO Challenge s Implementing Identity Management: ADFS and Azure AD Hugh Valentine Head of Business Development Cloud Point Steve Rastall Managing Director.
EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.
Shibboleth for Middle Schools James Burger -
General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Single Sign On Single sign on, more than a single step. Robert Stockton,
IT Services Shibboleth Single Sign-On overview. Overview What/where/why? The UK-Federation/Registration Terminology Configuration Protecting Content Benefits.
Secure Single Sign-On Across Security Domains
Using Your Own Authentication System with ArcGIS Online
Contents Software components All users in one location:
Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
Analyn Policarpio Andrew Jazon Gupaal
Federation made simple
Federation Systems, ADFS, & Shibboleth 2.0
ASP .NET MVC Authorization Training Videos
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Shibboleth Implementation in EZproxy
Linking Users, Resources, & Data Driven Decisions with OpenAthens
IP Filtering is Obsolete Where do we go from here?
GALILEO Approach and implementation
GALILEO & OpenAthens: 21st Century Authentication for GALILEO Participating Libraries Christopher Holly Director of SaaS Innovation, EBSCO
GALILEO & OpenAthens: 21st Century Authentication for GALILEO Participating Libraries Christopher Holly Director of SaaS Innovation, EBSCO
Shibboleth 2.0 IdP Training: Introduction
The OpenAthens Admin Dashboard provides a high-level snapshot of account activity and resource usage, along with shortcuts to other areas of the Admin.
Presentation transcript:

Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager

What are the available solutions for access management?

1.IP authentication – IP address registered with service provider 2.Proxy server – Uses IP authentication 3.Publisher issued username & password – Individual or group login 4.Referrer URL – Issued by publisher, tracks previous visited website 5.OpenAthens or Shibboleth – SAML (Security Assertion Mark-up Language) based authentication

Which solutions work best for alumni authentication?

IP authentication and proxy servers Easy/simple to register IP Most publishers support this approach ×Technical overhead (proxy server) ×No granularity e.g. user categories ×All users anonymous to publisher ×Off-site access can be difficult ×Low-level security

Publisher issued username/password or referrer URL Most publishers support this approach Easy/simple to setup No technical overhead ×Multiple login details ×Lack of Single Sign-On (SSO) ×Very low-level security - Encourages password sharing ×Browser incompatibility (referrer URL)

OpenAthens/Shibboleth Most publishers support this approach High-level security – Industry standard (SAML) Granularity down to individual user Pass “Alumni” attribute to publisher ×Varying technical overhead ×Not always implemented the same across publishers

Ranking 1.OpenAthens/Shibboleth – Most secure, Alumni specific functionality 2.IP authentication/proxy server – Much less secure, difficult to configure for Alumni 3.Publisher username/password and referrer URL – Lowest security, no SSO capability

Challenges Federated (SAML) authentication requires publishers to fully support attribute release Shibboleth/OpenAthens LA require Alumni to exist within Active Directory indefinitely

New Alumni functionality for OpenAthens Permissive/restrictive mode - Blocks unauthorized user authentication Manage Alumni through permission sets Removes reliance on publisher implementation

Conclusions Secure authentication for alumni is possible The access management community should lobby publishers to implement the SAML protocol fully – UK Access Management Federation “town hall” meetings Access management needs are changing - software development should focus on these requirements

Thank you Report: Librarians Experiences and Perceptions of Identity and Access Management:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.