Identity management, authentication and registration at the University of Helsinki Tietotekniikkaosasto Ismo Aulaskari 2.9.2008.

Slides:



Advertisements
Similar presentations
eduroam Delegate Authentication System with Shibboleth SSO
Advertisements

>> Fronter Helsinki, April 8 th, 2008 Aleksander Pettersen.
Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.
Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Copyright Dave Steiner and Jeremy Rosenberg This work is the intellectual property of the authors. Permission is granted for this material to be.
Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.
FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
C2G and B2G Authentication and Authorization in Finland Special Discussion Topic Kantara Initiative eGov Working Group Prepared by: Keith Uber Ubisecure.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Peter Deutsch Director, I&IT Systems July 12, 2005
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
SIMI: ISO Perspective Al ISO CSU Northridge
The Homegrown Single Sign On (SSO) Project at UM – St. Louis.
Identity Management: The Legacy and Real Solutions Project Overview.
Widely Distributed Access Management Tom Barton University of Chicago.
UAGSharePoint InternetIntranet.
AAI with simpleSAMLphp
Unified Student-Centric Authentication and Authorization Nathan Wilder Special Assistant - Technology Office of the CIO.
Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.
Identity Management: Past, Present, and Future Wait, the requirements have changed again.
Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?
HAKA project HAKA User administration inside Finnish Higher Education Institutes results from the KATO project Barbro Sjöblom EDS 2003 Uppsala.
Michael Ghens Information Systems Specialist Santa Barbara City College.
The I-Trust Federation: Federating the University of Illinois Keith Wessel Identity Management Service Manager University of Illinois at Urbana-Champaign.
EMI INFSO-RI AAI in EEF Projects John White (Helsinki University) EMI Security Area Leader.
Future Guest System (FGS) not FPS NOTE: the FGS does not represent a real name. I just made it up.
Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.
® Gradient Technologies, Inc. Inter-Cell Interworking Access Control Across the Boundary Open Group Members Meeting Sand Diego, CA USA April 1998 Brian.
Requirement for Enterprise Directory Services A Customer Influenced Perspective TOG DCE Program Group ® Brian Breton Gradient Technologies, Inc.
Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,
Using RADIUS as a AAA backbone for Windows networks Kostas Kalevras NTUA Network Operations Centre.
Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies cru.fr 7th.
Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, am.
Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.
Federations round table Haka federation of Finland EuroCAMP Mikael Linden CSC, the Finnish IT Center for Science.
VETUMA, the web portal for strong authentication Tietotekniikkaosasto Ismo Aulaskari
SAML a mature six year old? Glenn Wearen, Paul Caskey & Josh Howlett.
February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, am.
Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005.
IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)
Identities and Azure AD Premium
CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,
Fermilab supports several authentication mechanisms for user and computer authentication. This talk will cover our authentication systems, design considerations,
Oracle Virtual Directory
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Secure Connected Infrastructure
New Developments in Central Directory Service and Account Provisioning Dan Menicucci Enterprise Architect - University of Pittsburgh.
Using Your Own Authentication System with ArcGIS Online
LIGO Identity and Access Management
Shibboleth Integration Fairfield University
Extending Authentication to Members of Social Networks
John O’Keefe Director of Academic Technology & Network Services
ESA Single Sign On (SSO) and Federated Identity Management
Office 365 Identity Management
Office 365 Identity Management
Cal Poly Pomona Identity Management
Device Registration and Multi-Factor Authentication
Presentation transcript:

Identity management, authentication and registration at the University of Helsinki Tietotekniikkaosasto Ismo Aulaskari

Service perspective – bunch of applications Some authentication PortalWiki Blog Moodle Webmail Homegrown app X

Technologies used Central/Internal Authentication (University): radius, ldap, shibboleth (SAML2)‏ Common federation (Haka) with other universities: shibboleth/SAML2. Radius for eduroam State-wide: Vetuma, which uses Tupas

Authentication and IDM perspective Radius LDAP ADUnixNetware Shibbleth IDP Web applications, desktop applications, workstations, , servers Light- account Lotus Notes Strong auth

Tupas Tupas is a certification service that’s standardized by Finnish Bankers’ Association Standard for authenticating and paying Costs per authentication/paying event Most citizens currently have internet banking accounts Usage in University of Helsinki requires Finnish SSN More information: &docid=11302&sec=&ext=.pdf

User account management perspective Oracle (master)‏ LDAP AD Unix Netware Pull Student registry Employee registry The others ? To centralized authenticati on & authroziati on

Tools Master/Lohju: Oracle 10 database (and application) that includes all the information of the users and their accounts Synchronization scripts Huge automated script to populate LDAP Openldap 2.3 Two backend db:sdb:s Hot-swap-replicated Real cluster coming

Future perspective Even more centralized authentication Homegrown SSO - or better? Authorization by SAML? PortalWiki Blog Moodle Webmail Homegrown app X Hupnet

What?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.