IdP Selection WG A proposal to next steps (Draft) Version v0.2.

Slides:



Advertisements
Similar presentations
Secure Single Sign-On Across Security Domains
Advertisements

UKOLN is supported by: JISC Information Environment update Repositories and Preservation Programme meeting, October 24-25, 2006 Rachel Heery UKOLN
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
19/06/2002WP4 Workshop - CERN WP4 - Monitoring Progress report
The ISA concept in the Telco Environment Philippe Clement Lannion, Telco WG
Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.
IdP Selection WG Hillsboro, March 10th Version v0.
Direct Congress Dan Skorupski Dan Vingo 15 October 2008.
Philips Research France Delivery Context in MPEG-21 Sylvain Devillers Philips Research France Anthony Vetro Mitsubishi Electric Research Laboratories.
LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
RDA Wheat Data Interoperability Working Group Outcomes RDA Outputs P5 9 th March 2015, San Diego.
RDA Wheat Data Interoperability Working Group Outcomes RDA Outputs P5 9 th March 2015, San Diego.
NSTIC ID Ecosystem A Conceptual Model v03 Andrew Hughes October October IDESG Version 1.
SASL-SAML update Klaas Wierenga Kitten WG 9-Nov-2010.
Unrestricted Connection manager MIF WG IETF 78, Maastricht Gaëtan Feige, Cisco (presenter) Pierrick Seïté, France Telecom -
The NISO Question/Answer Transaction Protocol (QATP) AVIAC January 2004 Donna Dinberg Library and Archives Canada Mark Needleman Sirsi Corporation.
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Web Services Igor Wasinski Olumide Asojo Scott Hannan.
SAML Right Here, Right Now Hal Lockhart September 25, 2012.
Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.
Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC
Cloud Use Cases, Required Standards, and Roadmaps Excerpts From Cloud Computing Use Cases White Paper
Chad La Joie Shibboleth’s Future.
Rights, exceptions, usages…1 Rights, exceptions, usages… But no expectations, please! Leonardo Chiariglione, Martin Springer 3 rd DRM Conference Berlin.
SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.
MPTCP – MULTIPATH TCP Interim meeting #3 20 th October 2011 audio Yoshifumi Nishida Philip Eardley.
Component Technology. Challenges Facing the Software Industry Today’s applications are large & complex – time consuming to develop, difficult and costly.
AIA RFID Data Exchange Guideline Status AIA / Electronics Enterprise Integration Committee May 10, 2005.
AUKEGGS Architecturally Significant Issues (that we need to solve)
1 Strategic Plan for Digital Archives Programme DAP PROJECT SCOPE OVERVIEW STATUS.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
Access and Query Task Force Status at F2F1 Simon Miles.
Work Group / Work Item Proposal Slide 1 © 2012 oneM2M Partners oneM2M-TP oneM2M_Work_Group_Work_Item_Proposal Group name: Technical Plenary Source:
Shibboleth 2.0 Update Ken Klingenstein. 2 Topics Shib v1.3 Status SAML new features Shibboleth 2.0 Features Shibboleth 2.x Features We Need Feedback.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Access and Query Task Force Status at F2F1 Simon Miles.
Towards a Reference Quality Model for Digital Libraries Maristella Agosti Nicola Ferro Edward A. Fox Marcos André Gonçalves Bárbara Lagoeiro Moreira.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
WISE Working Group D September 2009, Brussels Jon Maidens.
Interfederation RL “Bob” Morgan University of Washington and Internet2 Internet2 Member Meeting Chicago, Illinois December 2006.
“Custom” Checks/Constraints/Actions A proposal for the OASIS SDD TC Rich Aquino, Macrovision Julia McCarthy, IBM March 1, 2007.
Introduction & use-cases FedAuth IETF78 Maastricht, July 27, 2010
Experiences Deploying OpenID for a Broad User Base Security and Usability Considerations Breno de Medeiros Identity Management 2009, September
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
Fostering Autonomy in Language Learning. Developing Learner Autonomy in a School Context  The development of learner autonomy is a move from a teacher-directed.
15 May 2009 WG Core variables in social surveys 1 Point Educational attainment.
© 2006 Open Grid Forum Joint Session on Information Modeling for Computing Resources OGF 21, Seattle, Tuesday 16 October 2007.
United Nations Economic Commission for Europe Statistical Division GSBPM in Documentation, Metadata and Quality Management Steven Vale UNECE
Enabling Grids for E-sciencE Agreement-based Workload and Resource Management Tiziana Ferrari, Elisabetta Ronchieri Mar 30-31, 2006.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Jim McEachern Senior Technology Consultant ATIS July 8, 2015.
Interface Concepts Modeling Core Team
Secure Single Sign-On Across Security Domains
OGSA Data Architecture WG Data Transfer Discussion
SAML New Features and Standardization Status
Identity Federations - Overview
DataNet Collaboration
European AFS & Kerberos Conference 2010
SP Roadmap Identifies “current”, “next”, and possibly “future” releases along with links.
European Network of e-Lexicography
AARC2 JRA1 Update Nicolas Liampotis
Orange ID Selector A Necessary Evolution in Authentication Tools
RECARE set-up Rudi Hessel on behalf of coordination team
Document 2.2: ESS group structure working under the ITDG and the DIME
Presentation transcript:

IdP Selection WG A proposal to next steps (Draft) Version v0.2

Identified requirements  Input requirements identified in the IDP Selection MRD can be divided into 4 main categories :  Possibility for the SP to delegate the selection of the user's IDP to an ISA and express some criteria to be considered for that selection process.  Discovery of the user's preferred IDP(s) by ISAs.  Possibility for the ISA to obtain user's IDP(s) capabilities as well as other data (metadata).  GUI and UX guidelines for SP and ISA.

Envisioned next step 1/2  Delegate to the ISA –Extract from MRD all needed claims, both by IdP and by RP –Technical way to integrate the ISA on SP side using RP metadata (aim : same metadata for both ISA in the browser and in the network)  Discovery of the user's preferred IDP –Mainly internal to the ISA (to be assessed based on MRD) : should be described into an "ISA implementation guidelines" document (common guidelines for both ISA in the browser and in the network ?).

Envisioned next step 2/2  IDP's capabilities –Lacks in existing IdP metadata specifications already identified in the "Gap analysis" document : requires evolutions on these specifications. –E.g. Supported authentication context by IDP Logo and display name for each IDP …  GUI and UX guidelines for SP and ISA. –Common guidelines for both ISA in the browser and in the network.

Pending point to be discussed: which strategy ? 3 possible models for an ISA in the network a.The ISA as a facilitator : just allows the user to choose the IDP and everything else is done directly between RP and IDP b.The ISA as an IDP proxy, as defined in the Liberty/SAML specifications c.the ISA acts on behalf of the SP and just convert flows from a protocol to an other if needed

ISA as a facilitator ISA Relying Party Identity Provider     ISA used only during the IDP choice  The ISA is not aware of the rest of the transaction  The RP must implement all protocols corresponding to the various IDP

ISA is as an IDP proxy Identity Provider      Protocol on link  and  can be any widely spread protocol.  As a proxy, the ISA must implement fully the chosen protocol(s) for links  and .  Possibly single protocol between ISA and RP  IDP doesn't have knowledge of the RP and vice versa.  In case of ISA failure, users can't access the RP anymore (or with complex failover mecanism)  Users must exist in the ISA database (needs provisioning)  Might be a problem for the RP to access to IDP APIs User database ISA Relying Party   Note : depending on the protocol, links , ,  and  may or may not go through the browser.

ISA acts on behalf of the SP ISA Identity Provider      Protocol on links  and  can be any widely spread protocol.  As an intermediary, the ISA must implement fully the chosen protocol(s) for links  and .  Single protocol between ISA and RP  Opportunity to specify a simplified SSO profile of existing specs for steps  and   In case of ISA failure, SP can use another one or no ISA. Relying Party   Note : depending on the protocol, links , ,  and  may or may not go through the browser.

Roadmap proposal March plenary First draft for "Technical way to integrate the ISA" First draft for "metadata specs evolution" GUI and UX guidelines ISA implementation guidelines July October

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.