May 7, 2013 CEOS WGISS-35 Meeting 1 GEOSS Authentication and Single Sign-On Steven F. Browdy OMS Tech, Inc. IEEE.

Slides:



Advertisements
Similar presentations
March 28-29, AIP-6 Data Sharing Working Group Breakout Steven F. Browdy OMS Tech, Inc. IEEE.
Advertisements

Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.
Virtualization and Cloud Computing
DRAGOLJUB NESIC 08/12/2013 DOES IDENTITY MANAGENT REALLY HAVE TO BE DIFFICULT?
Secure access to spatial data for academia – the UK experience Workshop, Authentication, Authorization and Accounting for Data and Services in EU Public.
Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
AIP Data Sharing investigations for GEOSS Summary of AIP-3 Data Sharing Guidelines Working Group George Percivall AIP Task Leader Open Geospatial Consortium.
By: Ansuya Chauhan.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Will Darby April  What is Federated Security  Example Implementations  Security Assertion Markup Language (SAML) Overview  Alternative.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
1 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions.
COBWEB, AIP-6 and Access Management Federations Chris Higgins, Project Coordinator, University of Edinburgh. Andreas Matheus, Technical.
Identity Management Report By Jean Carreon and Marlon Gonzales.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
Security and Information Assurance UC San Diego CSE 294 Winter Quarter 2008 Barry Demchak.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
WS-Trust Joseph Calandrino Vincent Noël Department of Computer Science University of Virginia February 9, 2004.
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
Catalyst 2002 SAML InterOp July 15, 2002 San Francisco.
Openid Connect
An XML based Security Assertion Markup Language
Navigating the Standards Landscape Andrew Owen SEARCH.
Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.
Shibboleth: An Introduction
Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.
Windows CardSpace Martin Parry Developer Evangelist Microsoft
State of e-Authentication in Higher Education August 20, 2004.
E-Authentication in Higher Education April 23, 2007.
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
Payment in Identity Federations David J. Lutz Universitaet Stuttgart.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
January 19-21, 2011 Washington, D.C. GEOSS Data Sharing Task Force 2011 Scoping Meeting 1 GEOSS Data CORE and the GCI User Registration.
1 Overall Architectural Design of the Earth System Grid.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.
b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.
SEPARATE ACCOUNTS FOR PROSPECTS? WHAT A HEADACHE! Ann West Assistant Director, InCommon Assurance and Community Internet2 at Michigan Tech.
F5 APM & Security Assertion Markup Language ‘sam-el’
GEOSS Future Products Workshop: Session 5 – Interoperability and Resource Discovery NOAA, Silver Spring, MD 27 March 2013 Moderator: Steve Browdy Rapporteur:
Access Policy - Federation March 23, 2016
GEOSS Federated Single Sign-On
Earthdata Login and Open ID A Look at Federated User Identities
Federation made simple
OMG, Another Simple, Lightweight Authentication Service???
User Authentication and Metrics Parallel Session 4b - Friday, May 4 at 09:00 in Room 4 - Session Leaders: Steve Browdy, Lucia Lovison AIP-5 Kickoff.
GEOSS Future Products Workshop Session 5 Introduction & Agenda
Data Sharing Guidelines
Office 365 Identity Management
AIP Disaster Management Using Single-Sign-On
Mechanisms for Distributed Global Authentication David R Newman.
Authentication and Authorization Federation
GEOSS AIP-5 Data Sharing Working Group
Community AAI with Check-In
Shibboleth 2.0 IdP Training: Introduction
Martin Parry Developer Evangelist Microsoft
Presentation transcript:

May 7, 2013 CEOS WGISS-35 Meeting 1 GEOSS Authentication and Single Sign-On Steven F. Browdy OMS Tech, Inc. IEEE

May 7, 2013 CEOS WGISS-35 Meeting 2 Background and History Initial research started during AIP-3 –Motivated by the DSWG Implementation Guidelines of the Data Sharing Principles. –Is not bring viewed as data access restriction. –Initially considered OpenID, OAuth, and Shibboleth Decided to drop OAuth –Not concerned at this point with authorization (access control), just authentication. –DSWG has many examples of data providers that just want to know “who is using my data.”

May 7, 2013 CEOS WGISS-35 Meeting 3 User Resources (Data and Services) Authorization Service Provider’s Site Authentication Service Answers “is this User XYZ?” by verifying the identity Answers “what can User XYZ do?” by checking identity against stored access constraint rules

May 7, 2013 CEOS WGISS-35 Meeting 4 Background and History Decided to drop Shibboleth –To hard an impact to require of data providers. –Examples of implementation case studies that concluded Shibboleth took a lot of effort to implement. No work on this for AIP-4 Picked up again in AIP-5 –Decided to include SAML 2.0 (Security Assertion Markup Language) to exchange user credentials via XML. Works with many user management security systems Lightweight implementation requirements –Developed use cases to implement in AIP-6.

May 7, 2013 CEOS WGISS-35 Meeting 5 Main Goals Federated solution that has minimal to no impact on the GCI. Lightweight implementation requirements for data providers. A solution that can evolve.

May 7, 2013 CEOS WGISS-35 Meeting 6 Current Use Cases Registration for Authentication via OpenID Organizational user registration for Authentication via SAML2 Registration as OpenID user for SAML2 Users OpenID-Protected Data Access via OpenID Authentication SAML2-Protected Data Access via OpenID Authentication OpenID-Protected Data Access via SAML2 Authentication SAML2-Protected Data Access via SAML2 Authentication Registering and Modifying a New Identity or Service Provider for SAML2 Trust Gateway Identification as "GEOSS User" During Registration

May 7, 2013 CEOS WGISS-35 Meeting 7 Unofficial Tentative Plan

May 7, 2013 CEOS WGISS-35 Meeting 8 AIP-6 Plans Implement the use cases to test the federated authentication and single sign-on solution. Will work with partners that have an interest in establishing the viability of the solution in terms of meeting the goals. –COBWEB project –NASA –CUAHSI Create demo for GEO Summit in January, 2014 Generate appropriate documentation

May 7, 2013 CEOS WGISS-35 Meeting 9 Some OpenID-Approved Identity Servers US Government –Google –Equifax –PayPal –VeriSign –Verizon EC – INSPIRE ???

May 7, 2013 CEOS WGISS-35 Meeting 10 Q & A