1. https://aarc-project.eu Authentication and Authorisation for Research and Collaboration TeSS Service Provider Training, Manchester Authentication and Authorisation for Research and Collaboration The Benefits of Federated Identity Management 14 September 2015 Ari-Matti Sarén

2. https://aarc-project.eu 2 Identifying End Users Across Organizations (”Federated Identity”) Organization A Local user accounts WWW e.g. a service portal WebCT e.g. a virtual learning platform Local user accounts End users use their home organization identity (user account) to sign in. Organization B

3. https://aarc-project.eu Service will be easier to use End user does not need to register and learn new username and password Service has access to reliable and up-to-date user information The service receives user information directly from end user’s home organization (e.g. student register, staff register) E.g: name, e-mail address, role (student/staff), position, department, registration for a course… Service providers can manage restricting and profiling access to the service E.g. define that service is open for only medical students 3 Benefits for Service Owners? Service provider can outsource the user mangement to end user’s home organization and concentrate on providing service content!

4. https://aarc-project.eu No need to deal with forgotten passwords Authentication done by the home organization No need to create and manage end user accounts Home Organization registers users and stores information about them No need to track affiliation to close accounts when end user leaves an organization Home organization makes sure the account is closed 4 Benefits for Service Administrators?

5. https://aarc-project.eu One username and one password The end user can use one username and one password in all federated services (Single Sign-On,SSO) Easier to adopt new services No need to register for each service separately No need for new username and password No need to update personal information for each service Services receive updated information automatically 5 Benefits for End User?

6. https://aarc-project.eu Implementing federated identity means (partially) moving user management out of the application 1. No need to maintain passwords in the application Authentication done in home organization 2. No need to maintain user accounts and most user information Most information provided by the end user’s home organization It may still be necessary to maintain application specific user profiles etc in the application 3. Authorization can be based on user attributes Example: restricting access to just students in Shibboleth/Apache-environment: require affiliation student 6 Federated identity = outsourcing the user management

7. https://aarc-project.eu Style Guide A Guide to Using the AARC Template This template is to present information on behalf of the AARC Project Font is Calibri and will auto-size. Avoid using a font size less than 18pt. Main font colour is Teal, highlight colour is Orange and should be used sparingly. If the colours are not shown in PowerPoint use the colour picker to select the correct colour from the logo or these samples The title slide has space for the speaker’s own organisation logo which should be no larger than the main AARC logo The end slide includes EU logo, copyright, and funding statement and must be included in any slide packs distributed or printed. 7

8. https://aarc-project.eu Trial Text here 8 Title Subtitle

9. https://aarc-project.eu Thank you Any Questions? © GÉANT on behalf of the AARC project. The work leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 653965 (AARC). https://aarc-project.eu ari-matti.saren@csc.fi