Presentation is loading. Please wait.

Presentation is loading. Please wait.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Published byTracy Barton Modified over 8 years ago

Similar presentations

Presentation on theme: "Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow."— Presentation transcript:

1 Community Sign-On and BEN

2 Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow  User interface examples  Next steps

3 What is community sign on?  Single sign-on (SSO): a specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems (e.g., Web sites)  Community sign-on (CSO): an application of SSO to a specific community, such as NSDL

4 Benefits: Users  Single username and password: user has to sign in only once to gain access to the entire community  Single registration: user doesn’t need multiple registrations, multiple usernames, etc. – just one  Security: user’s personal information is kept in only one place. Users access multiple Web sites but personal info not transmitted

5 Benefits: content providers  Reduced friction: users less likely to abandon a site if additional registration not required  Personalization: customize your site based on members’ attributes  Scalability: set up CSO once and use same technology for additional partner sites  Simplified account administration: user updates his/her info at one site so your site need not maintain redundant (or out-of-date) information  Access control: permit or deny access to different parts of your site based on a member’s attributes  Remote access: users can access your site from any computer because access controlled by login, not by physical location of the user’s computer  More members: implementing CSO effectively pre-approves all existing community users for your site (you can allow or restrict access as you choose)  Integration with other sites: integrate services, such as tools from other sites, within your site and allow user seamless access

6 How it works  CSO for NSDL uses Shibboleth, an Internet2 Middleware Initiative project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure  In English: Shibboleth allows users from different institutions or groups to obtain access to protected content anywhere on the Web. Users log in locally and their privacy is maintained  Federated identity allows for information about users in one security domain to be provided to other organizations in a common federation (e.g., NSDL)

7 Origin of “Shibboleth” Judges 12:5-6

8 Shibboleth components  Federation: a group of organizations who join together to use Shibboleth software to share access to resources in a common way  Service provider (SP): Web site with protected content requiring a login  Identity provider (IdP): authenticates users and provides attributes to a given SP  “Where are you from?” page (WAYF): page requiring users to identify their IdP so that they can log in appropriately  Attributes: info about the user that gets released from the IdP to the SP, according to IdP policy

9 Get Attributes CSO workflow EcoEdNet Unprotected content EcoEdNet Protected content BEN IdP Login Page WAYF Logged In? Login Success? No Yes User self-identifies as “member of BEN”

10 Get Attributes CSO workflow EcoEdNet Unprotected content EcoEdNet Protected content BEN IdP Login Page ASM IdP Login Page WAYF Logged In? Login Success? No Login Success? No Yes User self-identifies as “member of ASM” User self-identifies as “member of BEN”

11 User interface example 1.Engineering PathwayEngineering Pathway 2.BEN User selects protected content

12 User interface example (SP) User clicks this link

13 User interface example (WAYF) User clicks this link

14 User interface example (IdP) User logs in

15 User interface example: request for additional info Note that name and email address not here; obtained as attributes from IdP. Password not needed at all.

16 Next steps  Consult the CSO Roadmap for NSDL Sites: http://www.columbia.edu/dlc/nsdl/sign-on/sso-roadmap.html http://www.columbia.edu/dlc/nsdl/sign-on/sso-roadmap.html  Non-NSDL BEN partners: contact Isovera to request setup  Contact us!  Rob Lane  Carol Kassel  Andrew Johnston  David Millman

17 Questions?

Download ppt "Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
FAME-PERMIS Project University of Manchester University of Kent London, July 2006.

FAME-PERMIS Project University of Manchester University of Kent London, July 2006.
Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Financial Aid Management System Account Registration and Confirmation.

Financial Aid Management System Account Registration and Confirmation.
Members Only & Login Modules Members Only works with the Login module to provide password protection to Web pages and files. Login Groups may be created.

Members Only & Login Modules Members Only works with the Login module to provide password protection to Web pages and files. Login Groups may be created.
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.

Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Single Sign-On 1. What is Single Sign-On? 2 The Florida Department of Education (FLDOE) Single Sign-On (SSO) provides a simpler way for educators to access.

Single Sign-On 1. What is Single Sign-On? 2 The Florida Department of Education (FLDOE) Single Sign-On (SSO) provides a simpler way for educators to access.
Enterprise Single Sign On Identity management for web applications.

Enterprise Single Sign On Identity management for web applications.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Similar presentations

Ads by Google