Www.kennisnet.nl Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.

Slides:



Advertisements
Similar presentations
Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
Advertisements

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Lousy Introduction into SWITCHaai
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
FI-WARE Testbed Access Control temporary solution.
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.
Digital DNA Server Login People ®. Login People ˃ IT security vendor ˃ Patented Digital DNA ® technology innovation Digital DNA Server Multi-factor Authentication.
WSO2 Identity Server Road Map
Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.
A-Select: Hitchhiking in authentication space Ton Verschuren Innovation Management – SURFnet – NL TERENA TF-AACE workshop, Stockholm,
Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.
Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
High-quality Internet for higher education and research do you like to puzzle, build an AAI ! xxx AA systems 2nd EuroCAMP - Porto November 8, 2005
1 Emergency Alerts as RSS Feeds with Interdomain Authorization Filippo Gioachin 1, Ravinder Shankesi 1, Michael J. May 1,2, Carl A. Gunter 1, Wook Shin.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
Introduction Moonshot workshop
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.
Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,
Single Sign-On for Professionals & Patients Phil Stradling.
Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.
Shibboleth: An Introduction
Edugate Glenn Wearen HEAnet.. Summary 1 year Pilot Project / 2 years in production All IoT’s, Universities, Colleges, but only half of HEAnet’s members.
What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID Daniel Smith.
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.
Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.
Federating non-web services with LDAP-Façade
1 Earth System Grid Center for Enabling Technologies ESG-CET Security January 7, 2016 Frank Siebenlist Rachana Ananthakrishnan Neill Miller ESG-CET All-Hands.
June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.
WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.
Non Web-based Identity Federations - Moonshot Daniel Kouril, Michal Prochazka, Marcel Poul ISGC 2015.
Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
The FederID project The First Identity Management and Federation Free Software.
Web SSO with Cloud Resources using AD Federation Services
Access Policy - Federation March 23, 2016
Using Your Own Authentication System with ArcGIS Online
GEOSS Federated Single Sign-On
Ask the Experts – Building Login-Based Sites in AEM
WLCG Update Hannah Short, CERN Computer Security.
AAI for a Collaborative Data Infrastructure
Federation made simple
HMA Identity Management Status
Identity Federations - Overview
Data and Applications Security Developments and Directions
John O’Keefe Director of Academic Technology & Network Services
User Authentication and Metrics Parallel Session 4b - Friday, May 4 at 09:00 in Room 4 - Session Leaders: Steve Browdy, Lucia Lovison AIP-5 Kickoff.
Scalability of trust and metadata exchange across federations
GÉANT project update eduTEAMS - AAI as a Service for Collaborative organisations Introduction Status Pilots New Features – input requested InAcademia –
ESA Single Sign On (SSO) and Federated Identity Management
The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.
Single Sign-On (SSO) Authentication
Community AAI with Check-In
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager

EdReNe expert workshop - 26 February Identification … a must

EdReNe expert workshop - 26 February Narrowing the scope of identity

Kennisnet Entree: providing SSO to VLE/LMS EdReNe expert workshop - 26 February 20093

What’s it all about? EdReNe expert workshop - 26 February 20094

Some figures Total of educational users in the Netherlands: 165 schools connected ( estimated federative users) Entree selfservice accounts 13 Service providers: Educational online video streaming service Government sites Educational content providers Webshop EdReNe expert workshop - 26 February 20095

Elements of an authentication and authorisation service EdReNe expert workshop - 26 February Users use different accounts to access websites Websites use centralised userstores (identity providers) Rise of the Learning management systems as identity provider for schools Federated autentication, platforms function as hub

Anatomy of the Entree federation EdReNe expert workshop - 26 February 20097

Anatomy of the Entree federation hub EdReNe expert workshop - 26 February Go authenticate

Confederation 2009 EdReNe expert workshop - 26 February Kennisnet content, educational publishers & educational video streaming services Primary education, high schools and colleges Higher Education, Universities Surfnet, Universities, Publishers High school teachers and students Educational content providers (publishers) central authorisation via webshop

A-Select Dutch authentication platform: Open Source Not yet using standard SAML 2.0 It does however support Shiboleth via and agent and filter solution Used nationwide in DigID, provides users with a personalised login code for authentication on websites from various governmental bodies EdReNe expert workshop - 26 February

A-Select protocol A-Select interfacing: Service Provider EdReNe expert workshop - 26 February Authentication Set SSO token 2. Go authenticate 4. user attributes 5. Set application token with attributes 1. URL 6. Redirect after authorisation

A-Select protocol A-Select interfacing: Identity Provider EdReNe expert workshop - 26 February “Go authenticate there” 1. “Where are you from? 2. “I belong to this organisation” 4. “my loginname & password” 5. Interface with userstore 6. “Is ok?” 7. “user authenticated ok” 8. “have a SSO token (cookie)”

A-Select IdP interfacing problems A-Select IdP’s are very difficult to set up: Need for ‘foreign’ software in system (A-Select server) Need to develop custom A-Select AuthSP for non LDAP userstores, such as MySQL. A-Select protocol not an international standard, like SAML 2.0, Shiboleth EdReNe expert workshop - 26 February

Entree solution: Cookiemonster interface EdReNe expert workshop - 26 February Requirements: No need for ‘foreign’ software in system Native authentication of user by VLE/LMS Standardisation of user attributes sent to Entree For security purposes assertion of trust needed Consequence: No standard (eg SAML 2.0) fit the bill on ‘easy to implement’ due to maturity differences in VLE/LMS providers. Goal: Virtual Learning Environments and Learning Management Systems shall be connected to Entree using easy to implement webservices.

A-Select Cookiemonster protocol A-Select Entree expansion: LMS IdP webservices EdReNe expert workshop - 26 February “Go authenticate there” 4. “my loginname & password” 6. User attributes using EduPerson schema 1. “Where are you from? 2. “I belong to this organisation” 5. Get attributes 8. “have a SSO token (cookie)”

Cookiemonster interface: results EdReNe expert workshop - 26 February Solution provides Single Sign On path directly from VLE/LMS to Service Provider. 1 month after introducing new interfacing method 100 schools were connected. Average development time for VLE/LMS provider is 2 weeks

Next step: building bigger bridges EdReNe expert workshop - 26 February

The standards SAML 2.0 en OpenId are selected for these bridges EdReNe expert workshop - 26 February

You? EdReNe expert workshop - 26 February Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.