Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

Slides:



Advertisements
Similar presentations
Lousy Introduction into SWITCHaai
Advertisements

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Single Sign-On 1. What is Single Sign-On? 2 The Florida Department of Education (FLDOE) Single Sign-On (SSO) provides a simpler way for educators to access.
Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
SWITCHaai Team Federated Identity Management.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
The InCommon Federation The U.S. Access and Identity Management Federation
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.
Identity Management Report By Jean Carreon and Marlon Gonzales.
Document Management CategoryTracking Information Company:Citrix Systems, Inc. Author(s):Adolfo Montoya Owner(s):Worldwide Support Readiness Last modified:2/20/2012.
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.
Integrating with UCSF’s Shibboleth system
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:
National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications.
Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.
Shibboleth: An Introduction
Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie.
Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.
Access Control and Markup Languages Pages 183 – 187 in the CISSP 1.
1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.
Information on the Australian Access Federation (AAF) For Service Desk staff February 2013 Visit us online: aaf.edu.au or contact:
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Identity Management and Enterprise Single Sign-On (ESSO)
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Transforming the Existing User Credentials.
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Simplified Credential Management Henri.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
The FederID project The First Identity Management and Federation Free Software.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.
Access Policy - Federation March 23, 2016
Using Your Own Authentication System with ArcGIS Online
Law Enforcement Information Sharing Program (LEISP) Federated Identity Management Pilot February 27, 2006.
Federation made simple
Data and Applications Security Developments and Directions
Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.
Shibboleth 2.0 IdP Training: Introduction
Successful Implementation of Identity Management Systems Integration
Presentation transcript:

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting Anchorage, Alaska

Challenge Many valuable online information resources, But managing access is increasingly unwieldy: Too many accounts...too many passwords... Too many support requests

Access Without Federation Everyone has many accounts Access based on location Every information provider has to manage many accounts Adding new users or new information resources takes a lot of work (many places to update)

Access With Federation User has a single login; home provides login and users’ roles Resource providers need not manage/support user accounts Access based on users’ roles instead of account or location New users and new resources integrated quickly (only one Place to update)

What’s the Magic? Without federation, access is based on many:many trust relations (resources:users) Unsustainable to manage and support as number of users and number of resources increase In a federation, the resources and users’ home institutions establish trust via their trust in the federation Each new resource, home, or user requires only a single additional trust relation: user-home for new user; home-federation for a new home; or resource- federation for new resource

How Federation Works 1 Each resource or information provider establishes trust with the federation A one-time event, with a single external entity

How Federation Works 2 Each school or other institution with users establishes trust with the federation A one-time event, with a single external entity

How Federation Works 3 Each user has one home institution That’s the one login that user needs

Benefits for Resources Reduce or even eliminate the burden of managing user accounts and passwords Determine what users can access or do based on the users’ home institution assertion of roles (e.g., HS Biology Instructor or Honors English Student) Quickly deploy new resources to federation members (no elaborate provisioning)

Benefits for Schools No need to provision accounts (or revoke them) at every resource Enable appropriate access to resources by changing role or other attribute to accurately reflect status Provide access to more resources via the federation than could provide by negotiating for each

Benefits for students / users Keep track of just a single username and password for access to all federation resources Reduced threat of identity theft because passwords are not shared with information providers (login at home institution only) Increase privacy: resources receive only the data they need to provide appropriate access; may not even include name. Supports Single Sign-On: login once for access to multiple resources

Demonstration: Single Sign-On in Federation Model is higher education federation InCommon Provides SSO access with UA credentials to multiple services Services hosted both at UA and elsewhere Simple uniform experience gaining access to multiple resources while protecting personal info

How To Establish agreements defining what federation members do to establish trust relations and operate federation Federation operation is essentially a repository of certificates (like the certificates used for secure web browsing) for every member Agree to utilize common open technologies for exchanging identity information (e.g., SAML protocol) Modest budget for federation operation and technical support to resources and schools to use it

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.