Helsinki Institute of Physics (HIP) - 2003 Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Slides:



Advertisements
Similar presentations
Lousy Introduction into SWITCHaai
Advertisements

Federation management A mess? Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.
Achieving online trust through Mutual Authentication.
GT 4 Security Goals & Plans Sam Meder
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Network Identity Kai Kang 27 th October Outline Introduction –Definition –Five drivers –Basic services –Roadmap Network Identity management approaches.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Active Directory: Final Solution to Enterprise System Integration
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Tiago Rodrigues Antao. RIPE 45, May 2003, Barcelona. 1 Improved Secure Communication System for RIPE NCC Members Tiago Rodrigues Antao.
© 2010, University of KentPrimeLife Vienna, 10 Sept CardSpace in the Cloud David Chadwick, George Inman University of Kent.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
Copyright 2006 Archistry Limited. All Rights Reserved. SOA Federated Identity Management How much do you really need? Andrew S. Townley Founder and Managing.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
New Developments in Authentication and Access Management Alan Robiette JISC Development Group JISC-NSF-DLI2 Meeting, 2002.
Identity Management Report By Jean Carreon and Marlon Gonzales.
Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.
September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
Integrating Federated Identity and Web services in the RHIO Environment John Richardson Vice-Chair, Liberty Alliance eHealth SIG Intel Corporation Digital.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Kerberos and Identity Federations Daniel Kouřil, Luděk Matyska, Michal Procházka, Tomáš Kubina AFS & Kerberos Best Practices Worshop 2008.
Shibboleth at Columbia Update David Millman R&D July ’05
Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.
Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie.
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Single Sign-On in the Danish Educational Sector Per Thorboll Deputy director UNI-C.
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.
Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.
Overview of “Attribute Aggregation In Federated Identity Management”[1] Presented by Daniel Waymel November 2013 at UT Dallas.
Identity Management and Enterprise Single Sign-On (ESSO)
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
2003 © SWITCH Authentication and Authorisation Infrastructure - AAI Christoph Graf Project Leader AAI SWITCH.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team
b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.
Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.
Project Moonshot Daniel Kouřil EGI Technical Forum
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Copyright © 2009 Trusted Computing Group An Introduction to Federated TNC Josh Howlett, JANET(UK) 11 June, 2009.
The FederID project The First Identity Management and Federation Free Software.
Access Policy - Federation March 23, 2016
Federation made simple
Federation Systems, ADFS, & Shibboleth 2.0
Identity Federations - Overview
Data and Applications Security Developments and Directions
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Presentation transcript:

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th 2003 Mika Silander

Helsinki Institute of Physics (HIP) Background • Liberty Alliance • Formed in September • A large industry driven standardisation organisation, currently 160 collaborating member organisations. • Web site: • Mission • Create open standards and specifications for identity federation and identity-based services. • Favour device neutrality. • Access to many services by logging in once (single sign-on). • Status • Version 1.1 specifications published. • Three groups of specifications.

Helsinki Institute of Physics (HIP) Liberty objectives • Enable end users to protect their identity information on the net • Enable businesses to manage customer relationships without dependence on third-parties • Create an open single sign-on standard for decentralised authentication and authorization • Create a network identity infrastructure that supports all current and emerging network devices

Helsinki Institute of Physics (HIP) The problem and a solution • End users obliged to remember numerous Web site accounts and passwords • Personal information • Accounts, names, phone numbers, addresses, credit card numbers. • Identity as Liberty Alliance sees it • Accounts + passwords. • An end user's other personal information.

Helsinki Institute of Physics (HIP) Federated network identity • Enables single sign-on • Allows a user to "link" her different web accounts together but still control what other personal info is given to the individual service providers. • A user account • The starting point of federation. • An end user's personal info... • that, in all or part, can be distributed within a circle of trust. • whose distribution is completely controled by the end user herself.

Helsinki Institute of Physics (HIP) Liberty principals Figure: Federated Identity and Circles of trust (source: Liberty ID-FF Architecture Overview draft v1.2-03)

Helsinki Institute of Physics (HIP) Liberty principals & concepts • Identity providers (IDPs) • Initiates end user identity federation. • Maintain user profile information. • Distribute (federate) user identities and profiles. • Service providers (SPs) • Affiliate with identity providers. • Maintain user profile information. • Circles of trust • Communities of IDPs and SPs that share federated identities. • Adhere to commonly defined business agreements and procedures. • The end user • Controls what info is federated to whom and how.

Helsinki Institute of Physics (HIP) Liberty architecture Figure: Liberty Alliance architecture (source Liberty ID-FF Architecture Overview draft v1.2-03)

Helsinki Institute of Physics (HIP) Federating an identity

Helsinki Institute of Physics (HIP) Federating an identity (cont.)

Helsinki Institute of Physics (HIP) User login

Helsinki Institute of Physics (HIP) User login (cont.)

Helsinki Institute of Physics (HIP) Liberty security features • Authentication only. • Authorisation based on access rights tied to the local account. • Accounting and billing internal to every service provider. • Single logout. • Mutual authentication using certifates and secured communication channels required for IDP SP interactions, but weaker methods allowed for user authentication. • Standards: SAML, various WS security standards, SSL, TLS, PKI.

Helsinki Institute of Physics (HIP) Security features in grids • PKI solutions. • Authentication handled, authorisation mechanisms with grid-wide scope being developed. • Accounting and billing not yet available. • Web services related security technologies are being adopted.

Helsinki Institute of Physics (HIP) Comparisons & conclusions • Liberty • Security architecture more limited in scope. • Security mechanisms a mixed bag of established and evolving technologies and standards. • Reliance on redirection. • Allows service tailoring based on user profiles. • Needs more adopters. • Apparently device and software neutral but in practise geared towards browser centred usage and devices. • Grids • Security goals more ambitious, extend beyond just simple authentication. • Grid and Liberty interoperability • Various levels of iop and options: turning grid services to Liberty service providers, using grid certs transparently for Liberty auth etc

Helsinki Institute of Physics (HIP) Software • SourceId • Open source solutions for Liberty Alliance identity management. • • Sun One Identity Server • Novell eDirectory's Identity provider • PingId • Provider of Liberty Alliance integration services and interoperability testing. • • Other 3 rd party authentication solutions •.NET/Passport • Ping ID • 3-D Secure • Shibboleth

Helsinki Institute of Physics (HIP) References 1 1 Liberty ID-FF Architecture Overview draft v1.2-03, J.Hodges & T.Wason, Grid and Liberty Alliance Framework: Goals, Architectures and Feasibility Study for Integration, H.Mikkonen & T.Nissi, Helsinki Institute of Physics, Introduction to the Liberty Alliance Identity Architecture, rev. 1.0, Liberty Alliance, Identity Systems and Liberty Specification Version 1.1 Interoperability, Technical White Paper, Liberty Alliance, Liberty ID-FF Protocols & Schema Specification v1.2-08, S.Cantor & J.Kemp, 2003

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.