Shibboleth Development and Support Services SAML Protected Resources The theory and practice of granularity and management data Ed Dee EDINA.

Slides:



Advertisements
Similar presentations
June Data Practices in Minnesota. June Outline for this presentation Minnesota data practices laws Classification of government data Government.
Advertisements

Richard Jones, Systems Developer Technical Issues for Repository Software Theses Alive! Edinburgh University Library SHERPA Nottingham.
Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
Information Security of Embedded Systems : Design of Secure Systems Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
Lousy Introduction into SWITCHaai
Summary Overview of Vireo Student Submission of ETDs
All About Attributes (in federated identity) Nate Klingenstein 30 January 2007 OGF 19 Chapel Hill.
Enterprise Social Networking Tool Comparison October 2010.
LIFE external communications team AEIDL 1 LIFE+ communication Presentation at LIFE+ Kick-off meeting.
Open Days 2010 D. Gubbels Professionalization within the range of volunteer work New challenges for volunteering organizations - Ehrenamt professionalisieren!
January 12, 2010 Updated February 4, Starting in TEA will collect Teacher Class Assignments and Student Course Completion data at the.
January 12, 2010 Updated April 9, Starting in TEA will collect Teacher Class Assignments and Student Course Completion data at the classroom.
Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.
PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
College An insight Into the College VLE Graham Mason
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.
NJJN JUNE Fulfilling the Promise of Juvenile Justice by Engaging Crime Victims & Survivors and Those Who Serve Them Presented by: ANNE SEYMOUR
® Microsoft Office 2010 Excel Tutorial 3: Working with Formulas and Functions.
HOW MEDIA CONSUMPTION HAS CHANGED SINCE 2000 News is pervasive, portable, personalized, participatory – and a social experience Lee Rainie Director – Pew.
1 Whats Up: P2P news recommender Anne-Marie Kermarrec Joint work with Antoine Boutet, Davide Frey (INRIA) and Rachid Guerraoui (EPFL) Gossple workshop.
® Microsoft Office 2010 Managing Your Files. XP Objectives Develop file management strategies Explore files, folders, and libraries Create, name, copy,
4/6/20100Office/Department || Understanding Academic Probation & Academic Rules and Regulations Presented by the Academic Advisement Center UNVH
August 4, The following PEIMS reporting changes have been made to the PEIMS Collection in order to collect the Classroom Link information.
Hash Tables and Constant Access Time CS-2303, C-Term Hash Tables and Constant Access Time CS-2303 System Programming Concepts (Slides include materials.
Multichannel publishing of statistics (electronic publications and database) - Finnish experience Seminar on dissemination of statistics and launching.
Tutorial 1 Creating a Database
ACOT Intro/Copyright Succeeding in Business with Microsoft Excel 2010: Chapter1.
Anonymizing User Location and Profile Information for Privacy-aware Mobile Services Masanori Mano, Yoshiharu Ishikawa Nagoya University 11/2/
Introduction to Shibboleth and the IAMSECT Project.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
© Wiley Chapter 1 - Introduction to Operations Management Operations Management by R. Dan Reid & Nada R. Sanders 4th Edition © Wiley 2010.
The Digital Library Reference Model: Functionality Domain Carlo Meghini CNR-ISTI DL.org Autumn School, Athens, 3-8 October 2010.
Collaboration Works! 10/20/20101 Planning Research Institutional Effectiveness.
Quick Training Guide New SpringerLink, August 2010.
Chapter 13 – Aggregate Planning
Tutorial 8 Sharing, Integrating, and Analyzing Data
Michael van der Zel HIT-Architect University Medical Center Groningen, Netherlands RIMBAA WGM Cambridge MA, oct-2010.
Superset Me—Not: Why the JPTS Is Sufficient if You Use Appropriate Layer Validation Alexander (“Sasha”) Schwarzman American Geophysical Union (AGU) JATS-Con.
X509-bindings-profiles-sep061 Bindings and Profiles for Attribute-based Authz in the Grid Tom Scavo NCSA.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
Developments in Access and Identity Management Phil Leahy – Athens Product Manager.
Supporting further and higher education AA(A) – What does it mean to the service provider? Alan Robiette, JISC Development Group.
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
Raptor-JUSE Mimas, The University of Manchester. Cardiff University; Cranfield University; EvidenceBase, Birmingham City University.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
The UK Access Management Federation for education and research John Chapman, Project Adviser, Technical Policy & Standards.
Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
The UK Access Management Federation John Chapman Project Adviser – Becta.
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Administrative Information Systems Shibboleth Install Session Technical Information Session for Developers Datta Mahabalagiri.
Understanding deployment issues on the Supply Chain Ann Harding, SWITCH, Nicole Harris, TERENA Cambridge July 2014.
Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA.
Shibboleth Architecture
e-Infrastructure Workshop 28th March 2006, University of Leeds
The French federation Eurocamp 2007 Helsinki
UK Access Management Federation
UK Federation 101 Ian A. Young EDINA, University of Edinburgh (and the UK Federation) Internet2 Fall Member Meeting, 7 Dec Shibboleth Development.
Shibboleth Deployment Overview
Presentation transcript:

Shibboleth Development and Support Services SAML Protected Resources The theory and practice of granularity and management data Ed Dee EDINA

Shibboleth Development and Support Services JIBS User Group 16 June EDINA Service provider – Digimap, Film & Sound Online, etc… Identity provider – Various Federated Access – SDSS Federation – UKAMF: Metadata Management & Tech. Support

Shibboleth Development and Support Services JIBS User Group 16 June Where lies the guilt Service providers Identity providers UK Access Management Federation User Community Granularity and lack of management data from SAML protected resources 50% 30% 10%

Shibboleth Development and Support Services JIBS User Group 16 June SAML Security Assertion Markup Language Standard for Exchanging authentication and authorisation information Identity ProviderService Provider

Shibboleth Development and Support Services JIBS User Group 16 June The Questions Pussy cat pussy cat where have you been? Ive been down to London to visit at the Queen. Pussy cat pussy cat what did you there I frightened a little mouse under her chair.

Shibboleth Development and Support Services JIBS User Group 16 June Shibboleth flow diagram

Shibboleth Development and Support Services JIBS User Group 16 June Technical stuff Identity Provider Service Provider Resource Federation Metadata User SAML Dialogue Attribute Database Authorisation Database Federation Metadata

Shibboleth Development and Support Services JIBS User Group 16 June SAML Dialogue Uninteresting (to us): – Initiation/Termination – Security Interesting (to us): – Scope information Institution/Service who are you – Attributes User-specific information

Shibboleth Development and Support Services JIBS User Group 16 June Q1: Pussy cat pussy cat where have you been? From the IdP: – What resource are being used – Who is using them Shibb 2x IdPs only – Not outsourced IdPs – Not non-Shibb IdPs – Not Shibb 1.3 IdPs eosl date 30 June 2010

Shibboleth Development and Support Services JIBS User Group 16 June Q1: Pussy cat pussy cat where have you been? Shibb 2 IdP Audit log Who (ePPN) When (time stamp) What (relying party id) Analysis Application Federation Metadata Attribute Database Audit Log(s) Access Reports

Shibboleth Development and Support Services JIBS User Group 16 June Tools Project Raptor – Software toolkit for reporting e-resource usage statistics – Shibboleth 2 IdPs & EZproxy – – JISC + Cardiff University + Kidderminster College – V1.0 due Feb 2011

Shibboleth Development and Support Services JIBS User Group 16 June Q2: Pussy cat pussy cat what did you there? Cannot come from IdP Must come from SP – What does SP know about user Service Provider Resource User Identity Provider Attribute Database Attributes

Shibboleth Development and Support Services JIBS User Group 16 June Attributes: EduPerson Object Class – Core Targeted ID Principal name [Scoped] Affiliation Entitlement – Other Nick name Org [Unit] DN

Shibboleth Development and Support Services JIBS User Group 16 June Granularity: Core Attributes – [Scoped] Affiliation Scope Member | {Staff | Student | Employee | Affiliate | Alum | library-walk-in} – Entitlement Service - User Specific conditions urn:mace:dir:entitlement:common-lib-terms

Shibboleth Development and Support Services JIBS User Group 16 June On Passing Attributes Photo: Library of Virginia / Flikr

Shibboleth Development and Support Services JIBS User Group 16 June EDINA Digimap – [Scoped] Affiliation – Targeted ID – Principal Name – Title – Givenname – Sn [surname] – O [organisation] – Ou [organisational unit] – Mail

Shibboleth Development and Support Services JIBS User Group 16 June Reality Identity Provider Service Provider Attribute Release Policy

Shibboleth Development and Support Services JIBS User Group 16 June Reality Most IdPs give out only: – [Scoped] Affiliation Organisational affiliation (ePSA) SP cannot determine department etc. ePSA often just – Targeted Id Service-specific, opaque ID (ePTI) SP cannot determine user SP cannot correlate usage between services. Many IdPs cannot handle entitlement

Shibboleth Development and Support Services JIBS User Group 16 June No one really asks us much for ARP changes IdP administrator

Shibboleth Development and Support Services JIBS User Group 16 June Why? IdPs – Fear of Data Protection legislation – No inclination; No capabilities – No SPs ask for it SPs – Not available from IdPs – No use for data

Shibboleth Development and Support Services JIBS User Group 16 June Stable Deadlock Too hard to ask, so SPs dont IdPs get no requests, think all is well

Shibboleth Development and Support Services JIBS User Group 16 June What Do SPs Do Personalisation – Registration system – Registration database Usage Statistics – Merge logs and registration details EDINA Digimap – Users / Status / Department

Shibboleth Development and Support Services JIBS User Group 16 June Attribute Release Progression Basic Attributes Extended Attributes Personal Attributes

Shibboleth Development and Support Services JIBS User Group 16 June Towards agreement Forums – Small scale – Application-area specific – Agree what is desirable – Agree what is possible – Experiment, agree, deploy, not theorise: No Top-down Dictate

Shibboleth Development and Support Services JIBS User Group 16 June NESLi2 JISC Statistics Portal – Cranfield, Birmingham City University, MIMAS – Database/Journal/article level reporting – Oct 2009 – Dec 2010 – "one-stop shop" could go to view and download their own usage reports from NESLi2 publishers –

Shibboleth Development and Support Services JIBS User Group 16 June Granularity & Management Data Technically Capabilities exist Natural restful inertia - problem large – UKAMF 800+ members SPs IdPs User Driven Tackle from the bottom up

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.