Presentation is loading. Please wait.

Presentation is loading. Please wait.

User authentication on the e-Culture Science Gateway with Identity Federations and Identity Providers INDICATE Final Conference, Ankara, 16.10.2010.

Published byFelix Scott Modified over 7 years ago

Similar presentations

Presentation on theme: "User authentication on the e-Culture Science Gateway with Identity Federations and Identity Providers INDICATE Final Conference, Ankara, 16.10.2010."— Presentation transcript:

1 User authentication on the e-Culture Science Gateway with Identity Federations and Identity Providers INDICATE Final Conference, Ankara,

2 Open access vs. AAI AAI : Authentication and Autorization Infrastructure When we need authorize and authenticate users access: To access to private data Non disclosure data, administrative info To access to public/private data to distinguish access depends on users and contents (master copy/low definition copy) accounting feature on user activities reading, writing, uploading and changing contents INDICATE Final Conference, Ankara,

3 the problem of having multiple usernames
INDICATE Final Conference, Ankara,

4 Multiple usernames problem: the user point of view
Bad management potential identity theft unauthorized exchange of identities INDICATE Final Conference, Ankara,

5 Multiple usernames access
University or Research Institute Cultural Institution - National Archive Cultural Institution – National Library Authentication Authorization username&password Multiple usernames access Digital Repository Digital Repository Digital Repository INDICATE Final Conference, Ankara,

6 Federation IDEM and IDEM GARR AAI service
Cultural Institution – National Library Digital Repository Cultural Institution - National Archive Digital Repository University or Research Institute Digital Repository Identity Federation Authentication Authorization username&password INDICATE Final Conference, Ankara,

7 Federated access management environment
Users are registered only in one site (their home organization) and easly can get access to a variety of resources provided by the federation. single central point of identity management the permission to access resources (attributes) is shared INDICATE Final Conference, Ankara,

8 Federated resources: the service point of view
Federated access management reduces the burden that currently exists for the resource owner in managing single usernames, one by one The handshake on user credential is protected by protocols adopted by the Federation Access to data is driven by mean of policies acted to discriminate authorized readers and authorized editors of data. INDICATE Final Conference, Ankara,

9 Identity Federations INDICATE Final Conference, Ankara,

10 Organizations in a Federation
INDICATE Final Conference, Ankara,

11 Secure Assertion Markup Language
The technology SAML Secure Assertion Markup Language INDICATE Final Conference, Ankara,

12 Federations in the world
INDICATE Final Conference, Ankara,

13 IDEM: the Federation in ITALY
42 IDPs 72 resources ~ potential end users … we are growing… INDICATE Final Conference, Ankara,

14 INDICATE e-CSG http://indicate-gw.consorzio-cometa.it
Roberto Barbera Lyon, 20/09/2011 INDICATE Final Conference, Ankara,

15 Integration with identity federations
INDICATE Final Conference, Ankara,

16 More info: Grazie Gabriella Paolini gabriella.paolini@garr.it
Sabrina Tomassini Thanks to their contributions Maria Laura Mantovani (GARR/Università Modena e Reggio Emilia) Roberto Barbera (COMETA) INDICATE Final Conference, Ankara,

Download ppt "User authentication on the e-Culture Science Gateway with Identity Federations and Identity Providers INDICATE Final Conference, Ankara, 16.10.2010."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
CLARIN AAI, Web Services Security Requirements

CLARIN AAI, Web Services Security Requirements
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Federated access to e-Infrastructures worldwide

Federated access to e-Infrastructures worldwide
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
Will Darby 91.514 5 April 2010.  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.

Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.

Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.

Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
Www.eduserv.org.uk/openathens Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.

Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Similar presentations

Ads by Google