Presentation is loading. Please wait.

Presentation is loading. Please wait.

Earthdata Login and Open ID A Look at Federated User Identities

Published byMervin Wells Modified over 6 years ago

Similar presentations

Presentation on theme: "Earthdata Login and Open ID A Look at Federated User Identities"— Presentation transcript:

1 Earthdata Login and Open ID A Look at Federated User Identities
Brett McLaughlin ESDIS Project April 4, 2017 This work was supported by NASA/GSFC under Raytheon Co. contract number NNG10HP02C

2 Agenda What are Earthdata Login’s Goals? A Brief Primer on OpenID
Pros and Cons Questions and Answers

3 What are Earthdata Login’s Goals?
Earthdata Login and OpenID What are Earthdata Login’s Goals?

4 Abbreviated Goals Provide user access information related to ESDIS- and ESDIS-affiliated systems for use in metrics and analysis Allow users to create and maintain a profile for preference-based data sharing between applications. Lower the barrier of entry to application from true authentication to user “identification.”

5 Audience Internal to NASA, internal to ESDIS
NASA IDs, government affiliation, trusted* Internal to NASA, external to ESDIS Nasa IDs, government affiliation, semi-trusted External to NASA, “trusted” by ESDIS Possible government affiliation, semi-trusted External to NASA, unknown by ESDIS Doubtful government affiliation, untrusted * Trust here is related to screening prior to providing access to ESDIS systems.

6 It’s… Complicated Lower complexity Higher security
Decreasing Ease of Use

7 Challenges The “one more password” problem
Identification “feels like” authentication to users The “one more password” problem Passwords are a can of worms… ...moreso if you aren’t even an authentication system!

8 Wouldn’t it be dreamy if someone else
could handle this authentication stuff, and just TELL ME who a user is?

9 A Brief Primer on OPenID
Earthdata Login and OpenID A Brief Primer on OPenID

10 What is OpenID?* “OpenID allows you to use an existing account to sign in to multiple websites, without needing to create new passwords.” *

11 What is OpenID Connect?*
“It lets app and site developers authenticate users without taking on the responsibility of storing and managing passwords in the face of an Internet that is well-populated with people trying to compromise your users’ accounts for their own gain.” *

12 Open ID first, Earthdata Login (and OAuth 2.0) second
identity-authentication-oauth-openid-connect/

13 In other words…

14 Participating Providers
AOL Google PayPal Verisign Yahoo * u-s-government-openid-pilot-program-participants/

15 Earthdata Login and OpenID
Pros and Cons

16 A Point of Clarity We are talking about…

17 Pros Transfers the burden of authentication from a managed system to a trusted one Introduces best practices in password/account management Relies on established OpenID Connect partners: Google, PayPal, etc.

18 Cons Introduces additional API (OpenID Connect) and interoperability concerns Could result in information redundancy between Earthdata Login and OpenID Connect partner Exacerbates the “Which password?” problem for users with lots of accounts Builds a “link” between NASA/ESDIS and commercial providers

19 Earthdata Login and OpenID
Questions and Answers

20 Earthdata Login and Open ID A Look at Federated User Identities
Brett McLaughlin ESDIS Project April 4, 2017 This work was supported by NASA/GSFC under Raytheon Co. contract number NNG10HP02C

21 This work was supported by NASA/GSFC under Raytheon Co
This work was supported by NASA/GSFC under Raytheon Co. contract number NNG10HP02C

Download ppt "Earthdata Login and Open ID A Look at Federated User Identities"

Similar presentations

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board
How is OpenID helping Google? Steven Bazyl Developer Advocate

How is OpenID helping Google? Steven Bazyl Developer Advocate
Identity Theft and Online Identity Solutions Heidi Inman May 29, 2008.

Identity Theft and Online Identity Solutions Heidi Inman May 29, 2008.
Managing your Network using Joint-Techs Lightning Talk Fermilab David Farmer July 18 th 2007.

Managing your Network using Joint-Techs Lightning Talk Fermilab David Farmer July 18 th 2007.
‘Lord’ was a click away from £229m “They installed software on the company computers allowing them to steal [Sumitomo bank] staff user names and passwords”

‘Lord’ was a click away from £229m “They installed software on the company computers allowing them to steal [Sumitomo bank] staff user names and passwords”
By: Ansuya Chauhan.

By: Ansuya Chauhan.
The Widgets Shall Inherit the Web Widget Summit 4 November 2008.

The Widgets Shall Inherit the Web Widget Summit 4 November 2008.
Lots of sites care about “who you know”… Lots of talk about “opening up the social web”…

Lots of sites care about “who you know”… Lots of talk about “opening up the social web”…
Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.

Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.
Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.

Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.
In a world with lots of socially-aware sites… …and lots of “open social web” building blocks…

In a world with lots of socially-aware sites… …and lots of “open social web” building blocks…
Introduction to OpenID Huanxing Shen WHIM 2009Spring.

Introduction to OpenID Huanxing Shen WHIM 2009Spring.
Account Management Best Practices OpenID for Mobile Webfinger Allen Tom Yahoo! Membership

Account Management Best Practices OpenID for Mobile Webfinger Allen Tom Yahoo! Membership
CESA #1 IPAD BOOTCAMP A 60 minute intro to the CESA #1 IPad for use in agency services.

CESA #1 IPAD BOOTCAMP A 60 minute intro to the CESA #1 IPad for use in agency services.
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.
Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.

Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions.

NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions.
What makes users refuse web single sign-on? An empirical investigation of OpenID S.-T. Sun, E. Pospisil, I. Muslukhov, N. Dindar, K. Hawkey, and K. Beznosov.

What makes users refuse web single sign-on? An empirical investigation of OpenID S.-T. Sun, E. Pospisil, I. Muslukhov, N. Dindar, K. Hawkey, and K. Beznosov.

Similar presentations

Ads by Google