SAML a mature six year old? Glenn Wearen, Paul Caskey & Josh Howlett.

Slides:



Advertisements
Similar presentations
Federated Access implementation: experience of AUCA Library - Kyrgyzstan 4 th -7 th June, 2008, Aberdeen, Scotland Sania Battalova, EIFL Country and FOSS.
Advertisements

Identity Network Ideals – Heterogeneity & Co-existence
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
1 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Identity Management Choosing and Using Sun’s Identity Management Suite March 13 th, 2007 Kim Tracy Executive Director University Computing Services Northeastern.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.
NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.
LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.
Microsoft Identity and Access Solutions Market Trends and Futures
SWITCHaai Team Federated Identity Management.
Feide is a identity management system on a national level for the educational sector in Norway. Federated Electronic Identity for Norwegian Education Tromsø,
1 A Case for Collaborative Identity Management in a Complex Decentralized Environment Andrea Beesing Assistant Director, IT Security and David Yeh Assistant.
A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s.
CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science
A Claims Based Identity System Steve Plank Identity Architect Microsoft UK.
1 Access Control and the student career Mark Norman, Systems Development and Support Team, OUCS.
UK e-Science All Hands Meeting, September 2007 The GLASS Project: Supporting Secure Shibboleth-based Single Sign-On to Campus Resources John Watt (
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Shibboleth and Grids Oxford Internet Institute, Oxford e-Science Centre and e-Horizons Institute Mark Norman 10 May 2006.
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
Identity management, authentication and registration at the University of Helsinki Tietotekniikkaosasto Ismo Aulaskari
Kerberos and Identity Federations Daniel Kouřil, Luděk Matyska, Michal Procházka, Tomáš Kubina AFS & Kerberos Best Practices Worshop 2008.
Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie.
Edugate Glenn Wearen HEAnet.. Summary 1 year Pilot Project / 2 years in production All IoT’s, Universities, Colleges, but only half of HEAnet’s members.
Federations round table Haka federation of Finland EuroCAMP Mikael Linden CSC, the Finnish IT Center for Science.
Athens – integrated AMS services Ed Zedlewski JISC/CNI Conference Edinburgh, June 2002.
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
- NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points - Identacor at NCSU - Identacor Features - NCSU Key Benefits.
Identity Management and Enterprise Single Sign-On (ESSO)
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Brown University Leveraging Social Identities Steve Carmody CSG, May 15, 2013.
Programme ›TERENA ›Overview of the middleware initiatives in the European Higher Education ›What is eduroam: the technology and how to set up eduroam ›eduroam-in-a-box:
Introduction & use-cases FedAuth IETF78 Maastricht, July 27, 2010
A uthentication & A uthorization for R esearch & C ollaboration Pilots in SA1 Paul van Dijk, SURFnet AARC.
Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.
Introduction to Shibboleth Attribute Delivery for Campuses New to Shibboleth Paul Caskey The University of Texas System.
CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
The FederID project The First Identity Management and Federation Free Software.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Web SSO with Cloud Resources using AD Federation Services
Identity and Access Management
David Millman—Columbia January 2005
Azure Active Directory - Business 2 Consumer
LIGO Identity and Access Management
Identity Management (IdM)
Federation Systems, ADFS, & Shibboleth 2.0
University of Texas System
Data and Applications Security Developments and Directions
9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.
ESA Single Sign On (SSO) and Federated Identity Management
Laws for Secure Credentialing
An Identity on the Internet
Some data about the CBIC Federation
Matthew Levy Azure AD B2B vs B2C Matthew Levy
Single Sign-On (SSO) Authentication
James Cowling Senior Technical Architect
December 2007 Dave Anderson IT Services
TeraGrid Identity Federation Testbed Update I2MM April 25, 2007
Presentation transcript:

SAML a mature six year old? Glenn Wearen, Paul Caskey & Josh Howlett

Introduction Identity Management Edugate project

Firstly Identity Management (IdM) Identity and Access Management (IAM)

Identity Management -who?

Who? Students –Onsite / Offsite –Local / Remote –Undergraduate / Postgraduate –Full-time / Part-time –Primary / Post-primary

Who? Employees –Full-time –Part-time –Contractors –Temporary –Teaching –Administrative

Identity Management -what?

What? User –Firstname –Lastname –Password –Group –Role – –Id –X500 –Active Directory –eduPerson –SCHAC –Custom

Identity Management -when?

When? Registration –New Student –Transfer Re-registration –Undergraduate > Postgraduate > Lecturer Graduation Alumni

When? IdM Lifecycle –Provision –Promote –Demote –Disable –Enable –Deprovision –Reprovision –Synchronise

Identity Management -where?

Where? Registry HR Alumni database Directory Database Library External Services

Where? Resources –Application Webmail Portal VLE Device –Computing Resource Desktop Server Grid

Where? Resources Internal –Remotely Accessible? External –Remotely Accessible?

Identity Management -why?

Why? Because we have to......as part of day to day responsibility

Why? Because we have to......if we get it wrong, the consequences can be far reaching.

Why? Because we have to......our users expect to be able to have some control over their digital identity.

Why? Because we have to Student and employee login accounts are valuable.

Identity Management -how?

What is the best practice? Kim Cameron’s 7 Laws of Identity. –1. User Control and Consent –2. Minimal Disclosure for a Constrained Use –3. Justifiable Parties –4. Directed Identity –5. Pluralism of Operators and Technologies –6. Human Integration –7. Consistent Experience Across Contexts

What is the best framework? Centralised

What is the best framework? Centralised Devolved

What is the best framework? Centralised Devolved –SAML (or similar) –Active Directory Inter-domain Trust –Kerberos –RADIUS User-centric

What is the best framework? Centralised Devolved User-centric Hybrid

?

Edugate e-INIS PRTLI Cycle 4 Research Federated Access Technology Trial Pilot Project

Edugate Research Federated Models Existing Federations –Schema (x500, eduPerson, SCHAC) –Protocols (SAML based only) Policy –Governance (Direction) –Membership (Rules)

Edugate Technology Trial Protocols and Standards –Shibboleth 1.3 & 2.0 –ADFS –SAML –eduPerson Interoperability Performance and scalability

Edugate Pilot Project Services –Managed IdP –Hosted IdP –Hosted SP Applications –Web-based –GRID

Summary IAM Who What When Where Why How Edugate Research Trial Pilot

Lastly Questions Athens Federated Access as SSO for Campus. Federated Access for HEI

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.