Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, 30396468 Supervisor: Dr. Steve Cassidy.

Slides:

Advertisements

Similar presentations

Lousy Introduction into SWITCHaai

Advertisements

Identity Network Ideals – Heterogeneity & Co-existence

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

OOI-CI–Ragouzis– Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop October 2007.

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)

Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.

Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.

Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

WebFTS as a first WLCG/HEP FIM pilot

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

Copyright 2006 Archistry Limited. All Rights Reserved. SOA Federated Identity Management How much do you really need? Andrew S. Townley Founder and Managing.

Catalyst 2002 SAML InterOp July 15, 2002 Prateek Mishra San Francisco Netegrity.

SWITCHaai Team Introduction to Shibboleth.

EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

Integrating with UCSF’s Shibboleth system

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

1 Emergency Alerts as RSS Feeds with Interdomain Authorization Filippo Gioachin 1, Ravinder Shankesi 1, Michael J. May 1,2, Carl A. Gunter 1, Wook Shin.

Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.

An XML based Security Assertion Markup Language

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Navigating the Standards Landscape Andrew Owen SEARCH.

Kerberos and Identity Federations Daniel Kouřil, Luděk Matyska, Michal Procházka, Tomáš Kubina AFS & Kerberos Best Practices Worshop 2008.

Federated Identity and Shibboleth Concepts Rick Summerhill Chief Technology Officer Internet2 GEC3 October 29, 2008 Slides by Nate Klingenstein

Shibboleth: An Introduction

Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.

Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.

Infrastructure Service Approach to Handling Security in Service-Oriented Architecture Business Applications Doina Iepuras.

GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.

PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.

Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.

Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent.

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Policy-Based Dynamic Negotiation for Grid Services Authorization Ionut Constandache, Daniel Olmedilla, Wolfgang Nejdl Semantic Web Policy Workshop, ISWC’05.

Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt

Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.

The FederID project The First Identity Management and Federation Free Software.

Shibboleth Roadmap

Federation Systems, ADFS, & Shibboleth 2.0

HMA Identity Management Status

Identity Federations - Overview

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

Technical Approach Chris Louden Enspier

Overview and Development Plans

Shibboleth 2.0 IdP Training: Introduction

Presentation transcript:

Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy

Workshop Presentation [2] Talk Outline Introduction to Federated Identity Management –Example Multiple Frameworks –Shibboleth –Liberty Alliance Project Objectives and Motivation Deconstructing the Frameworks Conclusion

Workshop Presentation [3] Federated Identity Management (FIM) Reduce number of online identities Reduce privacy exposure User controls who sees what Enables easy sharing of resources

Workshop Presentation [4] Main Actors in FIM Users –Using a User Agent (Browser) Service Provider –Provide resources and services –Protect resources and services Identity Provider –Authenticates users –Provides security assertions to Service Providers

Workshop Presentation [5] Example Interaction 1.Resource Request 2.Redirection to IdP SAML Authentication Request IdP authenticates User 3.Form Response SAML Authentication Response 4.Automatic Form Submission Process Assertion 5.Resource Acquired

Workshop Presentation [6] Multiple Frameworks Shibboleth –Higher Education focus –Resource Sharing, privacy, security –InCommon, AAF Liberty Alliance –Commercial sector focus –Service integration, privacy, security –Intel, GM

Workshop Presentation [7] Issues with Multiple Frameworks User perspective –More credentials due to technology limitation –Less privacy Unnecessary federations –Formed from having to support multiple technologies Increases difficulty of forming federations –Need to support services within each framework? What do you do?

Workshop Presentation [8] Project Objectives Investigating whether we can extend a federation beyond the boundaries imposed by the technologies it employs – integration…

Workshop Presentation [9] Deconstructing the Frameworks Both frameworks base on SAML specification Identified the following: –Assertions – identical to each other (both SAML) –Protocols – identical (SAML) –Bindings - Different –Profiles – Similar enough (derived from SAML).

Workshop Presentation [10] Relevant Logical Subcomponents Service Provider –Attribute Requester –Assertion Consumer Service Identity Provider –Attribute Authority –Single Sign On Service

Workshop Presentation [11] Technology Example Shibboleth Identity Provider –Java Web Application based –Employs servlets as endpoint processors –Has filter capabilities (interceptor pattern)

Workshop Presentation [12] Conclusion Identified the binding differences and conversions –Message structure –Parameter referencing Identified strategic architectural locations for adaptation Provided technology example Identified implementation as future work