Overview of schemas used for IdM community Setting up of identity provider Motonori Nakamura, National Institute of Informatics, Japan 2nd TEIN IAM Workshop.

Slides:



Advertisements
Similar presentations
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Advertisements

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
Update of Japanese Academic Access Management Federation GakuNin in 2011 Nakamura, M, Yamaji, K.
Federated Identity, Shibboleth, and InCommon Tom Barton University of Chicago © 2009 The University of Chicago.
Introduction to Identity Management Federation Kazu Yamaji, National Institute of Informatics, Japan.
Intra-campus Web SSO Management Topics for Deployed Campuses Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
TERENA TF-EMC2 15 feb 2011 Dyonisius Visser
TERENA EUROCamp 2010 Dyonisius Visser
Development and Implementation of Multifactor Authentication Motonori Nakamura at National Institute of Informatics and Takuya Matsuhira at Kanazawa University,
Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.
REFEDS RESEARCH AND EDUCATION (R&S) ENTITY CATEGORY NICOLE HARRIS.
University of Chicago University of Illinois Indiana University University of Iowa University of Maryland University of Michigan Michigan State University.
Enabling Cloud Services & Federated Authentication UPN & Infrastructure Changes Chris Pruess ITS AIS Directory & Authentication Services.
Creating a Single Sign On Account. To create a Single Sign On ID please visit and select the option to create a new account.
SWITCHaai Team Federated Identity Management.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
AAI with simpleSAMLphp
© Australian Access Federation Inc. P RIVACY AND T HE A USTRALIAN A CCESS F EDERATION Presented by: Terry Smith 1 st June 2010 Supported by the Australian.
EduGAIN Code of Conduct Workshop, , Brussels GEANT eduGAIN Data Protection "Code of Conduct" Workshop Dieter Van Uytvanck
GakuNin Registration System Motonori Nakamura, NII Japan APAN33 rd Meeting (16 Feb. 2012)
SWITCHaai Team Introduction to Shibboleth.
CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science
Attribute Resolution. 2 © 2010 SWITCH Terms: Attribute A piece of information about a user. Each attribute has a unique ID and has zero of more values.
Maturation & Convergence in Authentication & Authorization Services in US Higher Education: Keith Hazelton, Sr. IT Architect, University.
UK e-Science All Hands Meeting, September 2007 The GLASS Project: Supporting Secure Shibboleth-based Single Sign-On to Campus Resources John Watt (
01 February 2002 Directories are Fundamental Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect University.
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
TEIN Shibboleth Training Course Introduction to SAML/Shibboleth at ComLabs USDI ITB, (updated version)
InCommon as Infrastructure: How Recommended Practices and Federation Features Help Scale Federated Identity Management Michael R. Gettes, Carnegie Mellon.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Networks ∙ Services ∙ People David Groep TCS TNC2015 Workshop TCS SAML demo background June 16, 2015 TCS PMA.
Shibboleth as Attribute Delivery for Authorization Renee Shuey Penn State University June 27, 2006.
The I-Trust Federation: Federating the University of Illinois Keith Wessel Identity Management Service Manager University of Illinois at Urbana-Champaign.
SAML 2.0: Federation Models, Use-Cases and Standards Roadmap
Internet2 CAMP Shibboleth Scott Cantor (Hey, that’s my EPPN too.) Tom Dopirak Scott Cantor (Hey, that’s my.
The UK Access Management Federation for education and research John Chapman, Project Adviser, Technical Policy & Standards.
Kalmar Union, a Conferedation of Nordic Identity Federations TNC2009 Mikael Linden, CSC Andreas Solberg, UNINETT.
Shibboleth at the U of M Christopher A. Bongaarts code-people June 2, 2011.
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Kalmar Union lessons: Findings in federation harmonisation REFEDS Mikael Linden, CSC.
Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.
Copyright JNT Association 20051Optional Copyright JNT Association The UK federation Mark Tysom, JANET(UK) 9 October 2007.
Shibboleth at the U of M Christopher A. Bongaarts net-people March 10, 2011.
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent.
The UK Access Management Federation John Chapman Project Adviser – Becta.
Copyright JNT Association 20051Optional Copyright JNT Association The UK federation TNC - 22 nd May 2007 Mark Tysom, UKERNA.
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
2003 © SWITCH Authentication and Authorisation Infrastructure - AAI Christoph Graf Project Leader AAI SWITCH.
Shib Enable: Taming the beast Ken Klingenstein Director, Internet2 Middleware and Security.
Brown University Leveraging Social Identities Steve Carmody CSG, May 15, 2013.
126/02/2016 META ACCESS MANAGEMENT SYSTEM A Ship on the Grid – Interoperability between Shibboleth and the Grid – Dr. Erik Vullings Programme Manager Macquarie.
Attribute Filtering. © 2010 SWITCH 2 Terms: Attribute Filter Policy A policy containing a trigger, that indicates if the policy is active, and a set of.
Introduction to Shibboleth Attribute Delivery for Campuses New to Shibboleth Paul Caskey The University of Texas System.
Networks ∙ Services ∙ People Mandeep Saini TNC15, Porto, Portugal Virtual organisation Authorisation Management Practices in Research and.
Ad-hoc Lists / Opt-In Problem Definition Access rules for many applications and services cannot be derived from an authoritative source and must therefore.
Security Assertion Markup Language, v2.0 Chad La Joie Georgetown University / Internet2.
The EGI AAI “CheckIn” Service
Identity Federations - Overview
e-Infrastructure Workshop 28th March 2006, University of Leeds
GakuNin: Federated Identity Management Activities in Japan
Identity & Access Management InCommon Research and Scholarship
Shibboleth Implementation in EZproxy
Shibboleth as Attribute Delivery for Authorization
Consent and Federated Identity
TERENA EUROCamp 2010 Dyonisius Visser
Identity Management: Shibboleth Activity Update
Presentation transcript:

Overview of schemas used for IdM community Setting up of identity provider Motonori Nakamura, National Institute of Informatics, Japan 2nd TEIN IAM Workshop in Kuala Lumpur 1

2 SP IdP (Identity Provider) DS (Discovery Service) SP (Service Provider) SP (Service Provider) SAML (Attribute)

3 Name (abbreviation)Description OrganizationName (o) English name of the organization jaOrganizationName (jao)Japanese name of the organization OrganizationalUnit (ou)English name of a unit in the organization jaOrganizationalUnit (jaou)Japanese name of a unit in the organization eduPersonPrincipalName (eppn)Uniquely identifies an entity in GakuNin eduPersonTargetedIDA pseudonym of an entity in GakuNin eduPersonAffiliationStaff, Faculty, Student, Member eduPersonScopedAffiliationStaff, Faculty, Student, Member with scope eduPersonEntitlementQualification to use a specific application SurName (sn)Surname in English jaSurName (jasn)Surname in Japanese givenNameGiven name in English jaGivenNameGiven name in Japanese displayNameDisplayed name in English jaDisplayNameDisplayed name in Japanese mail address gakuninScopedPersonalUniqueCodeStudent or faculty, staff number with scope Attributes managed by an IdP Released attributes are different among SPs SP-A (2 attr.s required) eppn (mandatory) eduPersonAffiliation (optional) SP-B (1 attr. required) eduPersonAffiliation (mandatory) SP-C (2 attr.s required) eduPersonTargetedID (mandatory) eduPersonEntitlement eduPersonScopedAffiliation (one of them is mandatory)

4  Anonymous  Any identifier is not sent  Fit for e-Journals (a member (of a department) of the organization can access)  Autonymous  eduPersonPrincipalName is sent  Unique identifier shared by all SPs (globally unique)  Similar to address  Pseudonymous  eduPersonTargetedID is sent [hash(ePPN, entityID of SP)]  Persistent unique identifier to each SP  To avoid correlation of user activities among SPs

5 Name (abbreviation)Description OrganizationName (o) English name of the organization jaOrganizationName (jao)Japanese name of the organization OrganizationalUnit (ou)English name of a unit in the organization jaOrganizationalUnit (jaou)Japanese name of a unit in the organization eduPersonPrincipalName (eppn)Uniquely identifies an entity in GakuNin eduPersonTargetedIDA pseudonym of an entity in GakuNin eduPersonAffiliationStaff, Faculty, Student, Member eduPersonScopedAffiliationStaff, Faculty, Student, Member with scope eduPersonEntitlementQualification to use a specific application SurName (sn)Surname in English jaSurName (jasn)Surname in Japanese givenNameGiven name in English jaGivenNameGiven name in Japanese displayNameDisplayed name in English jaDisplayNameDisplayed name in Japanese mail address gakuninScopedPersonalUniqueCodeStudent or faculty, staff number with scope Not much used Static Not much used Generated from ID From LDAP tree Not so difficult to map the Shib Attr and LDAP Not so difficult to map the Shib Attr and LDAP urn:mace:dir:entitlement:common-lib-terms

 6

 ments/AttributeUsage ments/AttributeUsage 7

8  To send out requested attributes  There are other related topics  Attribute release user consent mechanism (uApprove)   ?pageId= (uApproveJP) ?pageId=  Shibboleth 3.0 will have user consent feature.  Automatic attribute-filter generation cooperated with GakuNin Registration System  ?pageId= (In Japanese only, sorry) ?pageId=

9

 Users can choose optional attributes to be released.  Users can also select future action. Mandatory attributes Optional attributes Agree to release for all SPs in the future Agree to release for this SP in the future Need to confirmation again for next access even to the same SP √ √ √

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.