Presentation is loading. Please wait.

Presentation is loading. Please wait.

The FederID project The First Identity Management and Federation Free Software.

Published byDustin Wiggins Modified over 8 years ago

Similar presentations

Presentation on theme: "The FederID project The First Identity Management and Federation Free Software."— Presentation transcript:

1 The FederID project The First Identity Management and Federation Free Software

2 Page  2 Table of contents  A question of Identity  Liberty Alliance  The FederID architecture  Demo (hope it works)

3 Page  3 A question of Identity  A digital entity is a set of attributes describing an entity  A subset named credentials are used for authentication  An entity (a user) can own many identities  Each identity has roles and rights within an application (service provider)

4 Page  4 A question of Identity  Services provider manage the identities : -For a service provider : 1 user = 1 identity -For an user : 1 service = 1 identity

5 Page  5 A question of Identity  We need Identity Management ! -Referential of identities (LDAP Directory) -Provisioning services -Access control on data (LDAP ACLs) -Access control on applications (SSO rules)  We need Identity Federation ! -Keep different identities for private life purpose -Federate accounts to benefits from other services

6 Page  6 Federation standards  Parallel standards: -Liberty Alliance : ID-FF, ID-WSF, ID-SIS -Shibboleth (Internet2) -WS-* (Microsoft) -SAML (OASIS) -OpenID (the newcomer)  Standards convergence: -Shibboleth and Liberty Alliance will share a common standard: SAML 2.0

7 Page  7 Liberty Alliance  Grounded in 2001 by SUN and 13 others partners  More than 150 members  Goals: -Open Federation Standard -Respect of private life in numeric space  3 frameworks: -ID-FF (Federation Framework) [now SAML 2.0]: SSO, SLO,... -ID-WSF (Web Services Framework): attributes sharing,... -ID-SIS (Service Interface Specifications): services interactions,...

8 Page  8 Liberty Alliance consortium members

9 Page  9 A simple Liberty Alliance Circle of Trust (CoT) Service Provider Identity Provider Service Provider Attributes Provider

10 Page  10 Identity federation workflow

11 Page  11 More than one circle of trust

12 Page  12 FederID components  The developments done for FederID are all under free software licenses and published on projects forges, mainly hosted by OW2 consortium.  FederID, it is also the integration of existing free software, known for their functional wealth and improved security: -Lasso: library for Liberty Alliance, SAML2 and ID-WSF2 protocols. -Authentic: identity provider based on Lasso, complying with SAML2 and Liberty Alliance ID-WSF 1.2. -LemonLDAP::NG: web application firewall with graphical management console and LDAP based authorization, using SAML2 authentication. -InterLDAP: identity management, provisioning, web service attributes sharing. = +++

13 Page  13 Sample architecture LDAP Director y Circl e ofTrust Authenti c Identity Provider Content Management [WUI] Attribut e Provider [LAAP] SSO & Authorization s Service Provider Standard Web application Standard Web application

14 Page  14 FederID Identity Provider  Authentic : -Liberty Alliance identity provider -Authentication of users against an LDAP server, a database or simple flat text files -Forcing LDAP authentication within FederID -Capable of forwarding LDAP attributes into SAML responses

15 Page  15 FederID WebSSO  LemonLDAP::NG: -WebSSO product based on Apache Perl Handler technology. -Offering three modules : -Handler: protect the application -Portal: where the user is redirected when not authenticated -Manager: graphical interface enabling the configuration of LemonLDAP::NG.

16 Page  16 Standard SSO infrastructure

17 Page  17 SSO in the federation world Agent (Handler) Session s LDAP Login Password Assertion Consumer 1 2 3 4 5 6 7 8 9 1010 1 1212 1313 1414 1515 Identity Provider SSO & Authorizations Standard Web Application

18 Page  18 Attributes Sharing over Web Services LAAP Attributes Provider LDAP Directory Service Provider (Attributes Consumer) Identity Provider

19 Page  19 FederID Directory Content Management  InterLDAP-WUI: -Content Management System for an LDAP directory -Enriched schema designing the interface “on the fly” -Authorization back-end -Delegation is enabled by setting trees and groups properties for each part of the Directory Information Tree

20 Page  20 LDAP content management system

21 Join us! http://www.federid.org #federid @ freenode http://www.federid.org

Download ppt "The FederID project The First Identity Management and Federation Free Software."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
MyProxy Jim Basney Senior Research Scientist NCSA

MyProxy Jim Basney Senior Research Scientist NCSA
ESUP-Portail: a pure WebDAV-based Network attached Storage Pierre Gambarotto Pascal Aubry.

ESUP-Portail: a pure WebDAV-based Network attached Storage Pierre Gambarotto Pascal Aubry.
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Access management: challenges and approaches James Dalziel Adjunct Professor and Director Macquarie E-learning Centre of Excellence

Access management: challenges and approaches James Dalziel Adjunct Professor and Director Macquarie E-learning Centre of Excellence
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Understanding Active Directory

Understanding Active Directory
SharePoint Design Tools Office Applications.

SharePoint Design Tools Office Applications.
T-110.456 Next Generation Cellular Networks/13.04.2005/YR Mobile Web Services T-110.456 Next Generation Cellular Networks 13.04.2005 Yrjö Raivio 28916V.

T Next Generation Cellular Networks/ /YR Mobile Web Services T Next Generation Cellular Networks Yrjö Raivio 28916V.
AAI with simpleSAMLphp

AAI with simpleSAMLphp
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Similar presentations

Ads by Google