CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. SAML2 draft profile in Haka 17.2.2010 Vienna Mikael Linden.

Slides:

Advertisements

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Advertisements

Dublin Core for Digital Video: Overview of the ViDe Application Profile.

Federation management A mess? Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.

Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) FIM for research collaboration workshop Mikael Linden,

CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. RAKETTI-OPI Integration Workgroup Action Plan.

Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.

5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.

Kalmar Union Mikael Linden CSC, the Finnish IT Center for Science.

® Practical Approaches to Web Services Authentication 72nd OGC Technical Committee Frascati, Italy Fiona Culloch March 9, 2010 Sponsored and hosted by.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. The Language Bank of Finland User Authentication and Authorization Service

GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.

Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.

SWITCHaai Team Federated Identity Management.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

GakuNin Registration System Motonori Nakamura, NII Japan APAN33 rd Meeting (16 Feb. 2012)

SWITCHaai Team Introduction to Shibboleth.

CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science

EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.

Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.

SAML Right Here, Right Now Hal Lockhart September 25, 2012.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Update Finland TF-EMC Mikael Linden CSC, the Finnish IT Center for Science.

The I-Trust Federation: Federating the University of Illinois Keith Wessel Identity Management Service Manager University of Illinois at Urbana-Champaign.

FIM, , Nijmegen CLARIN: status of FIM Dieter Van Uytvanck 1.

SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.

Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.

Authentication and Authorization Overview Kimmo Koskenniemi, Antti Arppe, Mikael Lindén University of Helsinki, CSC – IT Centre for Science Consortium.

CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. TF-Mobility: National update Wenche Backman.

Kalmar Union, a Conferedation of Nordic Identity Federations TNC2009 Mikael Linden, CSC Andreas Solberg, UNINETT.

Shibboleth 2.0 IdP Training: Authentication January, 2009.

Shibboleth at the U of M Christopher A. Bongaarts code-people June 2, 2011.

Towards Interconnecting the Nordic Identity Federations TNC2007 Walter M Tveter, UiO Mikael Linden, CSC/HAKA Ingrid Melve, Uninett/Feide.

10/25/2015 AEB/Yleisesittely Organising Federated Identity in Finnish Higher Education TNC2005 Mikael Linden June 8th, 2005.

Campus Identity Management Requirements (=IAP) REFEDs meeting Mikael Linden,

Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.

Technical Break-out group What are the biggest issues form past projects – need for education about standards and technologies to get everyone on the same.

Kalmar Union lessons: Findings in federation harmonisation REFEDS Mikael Linden, CSC.

SAML 2.0 An InCommon Perspective Scott Cantor The Ohio State University / Internet2

Federations round table Haka federation of Finland EuroCAMP Mikael Linden CSC, the Finnish IT Center for Science.

Shibboleth at the U of M Christopher A. Bongaarts net-people March 10, 2011.

Innovation through participation eduGAIN policy: A worm report TF-EMC2 Vienna Mikael Linden, CSC The worm farmer.

Federations, the Data Protection Directive and WP29 TF-EMC2 Mikael Linden, CSC, the Finnish IT Center for Science.

Refeds update TF-EMC2 Utrecht 3-Dec 2008 Mikael Linden CSC – the Finnish IT Center for Science.

Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent.

Haka federation status  24 institutions and IdPs end users 96% coverage in universities, 41% in polytechnics  41 services Elearning Libraries.

Clain update TF-EMC Mikael Linden, CSC.

Why Scoping a is MUST HAVE in a centralized federation model Jacob-Steen Madsen WAYF-sekretariatet

Globus and ESGF Rachana Ananthakrishnan University of Chicago

EGovernment Commonalities within Europe and beyond Colin Wallis & Fulup Ar Foll European Identity Conference 2011.

Innovation through participation eduGAIN update TF-EMC2 Vienna Valter Nordh, NORDUnet / GU Josh Howlett, JANET.

Innovation through participation EduGAIN policy (working draft) Status update REFEDs 30th May 2010

The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop.

REFEDs Wiki A test-bed for cross-federation practices ? Firstname Lastname Job title

Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.

F5 APM & Security Assertion Markup Language ‘sam-el’

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Innovation through participation Data Protection Code of Conduct (DP CoC) TNC2013 conference, 4 June 2013 Mikael Linden, CSC – IT Center for Science

Using Your Own Authentication System with ArcGIS Online

LIGO Identity and Access Management

Federation Systems, ADFS, & Shibboleth 2.0

TF-EMC2 meeting Mikael Linden,

Identity management Aalto University, autumn 2013.

AARC2 JRA1 Nicolas Liampotis

GEANT Data protection Code of Conduct 2.0 REFEDS meeting 16 June 2019

Presentation transcript:

CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. SAML2 draft profile in Haka Vienna Mikael Linden

Why SAML2 profiles Earlier, everyone used the same product –Shibboleth 1.3, Shibboleth 2, SimpleSAMLphp Now, various products are to be used –Commercial products –Commercial services (SaaS) with federated access Can’t use various products without a common profile

Haka SAML2 profile draft Additions to saml2int.org: https is MUST in endpoints OPTIONAL single logout (MUST use redirect binding, MUST be signed) –SHOULD ”behave well” (inform user on failures, tear down application level sessions…) OPTIONAL IdP Discovery Service Additions to metadata interoperability profile: Providers MUST use a CA approved by the federation (TERENA TCS, Sonera CA) validUntil MUST in metadata root element Valid attribute scopes (e.g. –”operator provides using formats deemed currently appropriate” RequestedAttributes elements primary vehicle to pass ARPs to IdPs

Window of opportunity is still open for a common profile Everyone wins if there are fewer profiles –cross-federation use of software/services –confederations Haka’s draft profile in English: –Will be presented to Haka technical advisory committee on Friday