Brown University Leveraging Social Identities Steve Carmody CSG, May 15, 2013.

Slides:

Advertisements

Similar presentations

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Advertisements

Grouper Training End Users Lite UI – External Users

From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…

Brown University Shibboleth at Brown University James Cramton April 2, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

Manifest – the Service Application Manifest is our new service, with Grouper as its logic engine, to manage populations which are known to us and those.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Brown University Shibboleth at Brown University James Cramton March 5, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.

NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.

Widely Distributed Access Management Tom Barton University of Chicago.

Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.

Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

SWITCHaai Team Federated Identity Management.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb

BfB: Supporting Collaboration with Infrastructure.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.

Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.

Integrating with UCSF’s Shibboleth system

ADFS in the U.T. System U.S. Federations Call - May 18, 2011 Paul Caskey System-wide Information Services.

InCommon as Infrastructure: How Recommended Practices and Federation Features Help Scale Federated Identity Management Michael R. Gettes, Carnegie Mellon.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

Michael Ghens Information Systems Specialist Santa Barbara City College.

UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma

The I-Trust Federation: Federating the University of Illinois Keith Wessel Identity Management Service Manager University of Illinois at Urbana-Champaign.

GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

User Provisioning Project Presented to ITLC September 28, 2010 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary Doyle,

Shibboleth at the U of M Christopher A. Bongaarts code-people June 2, 2011.

Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.

Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.

COmanage and InCommon: Present and Future Activities and Interactions Heather Flanagan, COmanage Project Coordinator, Internet2.

Shibboleth at the U of M Christopher A. Bongaarts net-people March 10, 2011.

Federated Authentication at NIH: Trusting External Credentials at Known Levels of Assurance Debbie Bucci and Peter Alterman November, 2009.

Overview of schemas used for IdM community Setting up of identity provider Motonori Nakamura, National Institute of Informatics, Japan 2nd TEIN IAM Workshop.

SAML a mature six year old? Glenn Wearen, Paul Caskey & Josh Howlett.

Shibboleth 2.0 Update Ken Klingenstein. 2 Topics Shib v1.3 Status SAML new features Shibboleth 2.0 Features Shibboleth 2.x Features We Need Feedback.

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.

Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,

Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.

Introduction to Shibboleth Attribute Delivery for Campuses New to Shibboleth Paul Caskey The University of Texas System.

Tutorial on Science Gateways, Roma, Riccardo Rotondo Introduction on Science Gateway Understanding access and functionalities.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.

Networks ∙ Services ∙ People Andrea Biancini #TNC15, Porto, Portugal Implementing Grouper to federate user authorization Federated Authorization.

Géant-TrustBroker Dynamic inter-federation identity management Daniela Pöhn TNC2014 Dublin, Ireland May 19 th, 2014.

Federated Identity Management at Virginia Tech

LIGO Identity and Access Management

Shibboleth Roadmap

Federation Systems, ADFS, & Shibboleth 2.0

OMG, Another Simple, Lightweight Authentication Service???

eduTEAMS platform for collaboration Niels Van Dijk

eduTEAMS – Current status & Future Plans

Géant-TrustBroker Dynamic inter-federation identity management

John O’Keefe Director of Academic Technology & Network Services

Guests and Collaborators

Shibboleth 2.0 IdP Training: Introduction

NSF Middleware Initiative: GridShib

Presentation transcript:

Brown University Leveraging Social Identities Steve Carmody CSG, May 15, 2013

2 Topics What Why How Status

3 What Support access by people with either Federated or Social Identities Provide application owners with a single authN/Z Framework for both types of Identities Provide info to the application about the user with a single interface, regardless of Identity type Application owner can choose which Social Identity providers to allow

4 Why We’re used to working with identities vetted and issued by other campuses But, we already work with people from outside those Communities –Applicants –Parents –Continuing Education/MOOCs Other areas showing interest in working with people outside the traditional communities –Courses -- additional speakers form the community –Research - partners at campuses that are not Shibboleth- enabled

5 Why All of those people have identities at one of the social/personal providers Google, Yahoo, FaceBook, etc In some circumstances, this approach may be preferable to issuing campus identities to those people However, there is NO guarantee about who is using a social account

6 How Web-based authentication gateway Translates authentication responses from popular “social” ID services into regular SAML 2 Assertions (consumable by Shibboleth) Allows downstream applications which only understand SAML to easily utilize external services using other protocols

7 How Does it Work ? Looks like an IDP to the SP Looks like a single SP/app to external services Designed to be as simple and transparent as possible for Application Owners to use

8 Maps attributes (if released by service/user) –givenName –Sn –Mail –uid Generated attributes –eduPersonPrincipalName –eduPersonTargetedID (as a SAML 2 NameID) –displayName

9 What We’ve Learned Works great for guest authentication Typical use is “pick and choose” among the external services Very powerful when combined with invitation service (eg MACE Grouper)

10

11

12 Issues Consent screen at Social Providers asks user to release attributes to the Gateway, not the SP Each Social Provider provides different attributes Many applications prefer an invitation service (eg MACE Grouper includes one) Should a locally run Gateway instance integrate with the local Person Registry, and register different providers/accounts for each person

13 Status Pilot Gateway available since Fall 2012 –Operated by Paul Caskey, UT –NO SLA! –This Pilot will end! 2nd Pilot underway –Gateway provided and operated by Cirrus Identity –Can be used to access I2 Spaces Wiki and InCommon Federation Manager App –Currently only supports Google

14 Status, Continued Next Phase –Looking to expand use and use cases –Require definition, testing during Summer 2013 –Campus participants being identified –Hope to have service available to InCommon members for Fall 2013

15 Questions?