Download presentation
Presentation is loading. Please wait.
Published byElizabeth Perry Modified over 6 years ago
1
OMG, Another Simple, Lightweight Authentication Service???
Keith Hazelton University of Wisconsin-Madison Internet2 MACE Jasig, Denver, 25 May 2011
2
BUT… (.org) Bamboo sites want to accept user authentication
From SAML identity providers e.g. Univ. members of InCommon running Shib) And from Social Identity providers (e.g. Google, Yahoo, Facebook, OpenID,...) BUT…
3
But each week brings a cool new Social identity Service
Developers know how to configure & run SAML Service and Resource Providers No free cycles for social development They don't want to give up that big federation win
4
is a green field project
no legacy code our developers are eager to hear recommendations on good practices
5
Sad but true Gateways that convert social-identity-based authentication into SAML assertions are a necessary part of the picture given current state of affairs.
6
But Relying Parties (Bamboo sites) want control
Control over the gateway operations E.g., "do not allow authN via FB” They will (initially at least) run their OWN Bamboo gateway.
7
Over time, that will mean LOTS of gateways
9
UNLESS We are able to agree on common solutions
The SAML assertion from the Gateway must minimally include the following information Identifier for the gateway, identifier for the identity provider, identifier for the authenticated user The value of the user identifier for person A from a given IdP should be the same regardless of the gateway being traversed
10
UNLESS We are able to agree on common solutions
Those pieces of information should be expressed as consistently as possible by different gateways Decisions are required on how attr/values appear in the app space Means forging community agreements on attributes and values for carrying that information Those recommendations are being developed as we speak
11
The Bamboo RPs should support discovery
Helping the user specify their choice of IdP Keeps the existence of the gateway invisible to the user, so if gateways go away someday.... Application developers may not like this: “Why can’t the gateway do the discovery bit?”
12
The Bamboo app should not have to know anything about
SAML or Oauth 1.0 or Oauth 2.0 or OpenID OpenID ABC or… The application developers don't care and should not have to care about the protocol
13
OK, expert, did Bamboo hear you correctly?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.