Presentation is loading. Please wait.

Presentation is loading. Please wait.

South African Identity Federation

Published byTyrone Singleton Modified over 6 years ago

Similar presentations

Presentation on theme: "South African Identity Federation"— Presentation transcript:

1 South African Identity Federation
Library IT Network Usage Enhancement Workshop 2016/08/30

2 Identity Federations An introduction

3 A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems Federated Identity Explain the concepts of identity, attributes, and identity management systems

4 The problem we’re trying to solve

5 Federated Identity vs Single Sign-On
Key concept to use the same set of credentials to obtain access to multiple resources Specifically tries to avoid duplication of credentials Key concept is to provide credentials once and obtain access to multiple resources Each system may maintain its own set of credentials (e.g. password synchronisation) Separate concepts, but a single technology may achieve both goals People sometimes use the terms interchangeably, because it’s common to solve both problems together

6 End User Federation Actors
The end user is typically a real person who belongs to one or more organisations, and would like access to one or more resources or services Federation Actors End users have personal information associated with them – their name, address, job title, etc

7 Identity Provider Federation Actors
An Identity Provider knows the End User, and can provide information about that user with a high degree of certainty Typically an organisation to which the End User belongs or works for – e.g. students at a university, staff at a research council Also known as their Home Organisation Federation Actors Examples of personal information held about a student (name, student number, address, degree registered for, etc)

8 Service Provider Federation Actors
A Service Provider operates a resource the End User wishes to gain access to, and needs/wants information about the End User Can be a third party (e.g. a publisher or research facility) Also known as the Visited Organisation Federation Actors Examples of information a service provider might want – display name, , etc. Talk about need vs want

9 Federation Operator Federation Actors
A Federation Operator acts as a trusted intermediary between the Identity Provider and the Service Provider Provides the glue (metadata) that makes the federation work Also known as the Roaming Operator Federation Actors

10 Academic Identity Federations

11 Why not just use Google? donald.trump17@gmail.com
All the major social network platforms provide federated identities… … so why don’t we just use these? They all have one major drawback – they are self asserted This means you cannot trust any of the attributes This is often okay, but… Why not just use Google? Would you allow access to sensitive medical records?

12 Academic Identity Federations
Academic identity federations exist to solve the trust problem Your home organisation – university, research council, etc – knows a lot about you They also know stuff specific to higher education More importantly, most of this information has been checked and may be subject to audit This makes them ideal to act as identity providers Academic Identity Federations

13 Academic Federation Operators
All federations have operators Facebook Inc operates Facebook Connect Academic federations are usually operated by the National Research and Education Network Typically only one per country 63 known academic federations worldwide International collaboration through REFEDS Academic Federation Operators

14 Academic Identity Federations Around the World

15 Inter-federation is the linking of one (academic) federation to another
Through inter-federation we can gain access to services that are not available in our own country Service providers can gain access to customers Inter-federation

16 Federation Technologies
Social networks tend to favour OAuth But OAuth does not lend itself to inter- federation Academic federations tend to favour SAML2 This is commonly misnamed as Shibboleth Shibboleth was an early version of the SAML protocol – no longer in use Shibboleth is also the name of a software vendor who makes SAML2 software Federation Technologies

17 SAFIRE – South African Identity Federation

18 SAFIRE History Project started as a pilot 2.5 years ago
Joint project of ASAUDIT, SANReN Competency Area & TENET Functional pilot, but… … struggled to gain traction Eight universities agreed to fund SAFIRE (NWU, RU, SU, UCT, UJ, UKZN, UP, UWC) TENET nominated as juristic body of record Appointed a full time project director in April 2016 SAFIRE History

19 Policy, practice statements, and other governance documentation has been developed
Technology roadmap available Covers next ~ 18 months, to full production First phase of implementation underway Preparing to join eduGAIN Had some discussions with ORCID University IT departments should know all this SAFIRE Status

20 Why does all of this matter?
AKA What is in it for us?

21 Use cases Many libraries are providing access to electronic resources
Often there’s a demand for off campus access to these Current mechanisms for doing so are dated and problematic There may be benefit from supporting more granular licensing structures What if only academic staff could access it? Use cases Access to electronic resources Talk about the problems with IP based access control, SSL certs, etc. Talk about integration alternatives. Talk about resources already federated.

22 Use cases Access to electronic resources
Scaled by number of federations the publisher is a member of Rhodes University Library & eduGAIN MET

23 Use cases Many universities are making use of shared systems
Libraries have OPACs, repository systems, etc. But also research management, funding, etc. Typically these have their own credentials, which leads to confusion for end users And those identities need to be maintained Use cases Shared systems SEALS, Calico. But also research partnerships. Mention ORCID

24 Libraries who publish (e. g
Libraries who publish (e.g. journals) may want to become service providers Get reliable data about end users and affiliations Makes access control simpler – one mechanism for all participants Simplify login / sign-up mechanisms Through eduGAIN you can gain access to international markets Use cases Library publishers

25 Benefits of federating
Reduced integration costs / economies of scale Easier access to resources Fewer data inconsistencies No / less end user identity management Improved user experiences e.g. off campus users Benefits of federating

26 Questions?

Download ppt "South African Identity Federation"

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Standard License Expression CNI Meeting Arlington, VA April 4, 2006 Christopher McKenzie John Wiley & Sons, Inc.

Standard License Expression CNI Meeting Arlington, VA April 4, 2006 Christopher McKenzie John Wiley & Sons, Inc.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
PERFORMANCE FOR ALL The Project & the System. A HE project co-ordinated by University of Bristol, open to HE internationally. Developing the requirements.

PERFORMANCE FOR ALL The Project & the System. A HE project co-ordinated by University of Bristol, open to HE internationally. Developing the requirements.
Copyright JNT Association 20051Optional www.ukfederation.org.uk Copyright JNT Association 2007 1 Joining the UK Access Management Federation 4th April.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.

June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.
Bringing XBRL tax filing to the UK Jeff Smith, Customer Contact, Online Services,

Bringing XBRL tax filing to the UK Jeff Smith, Customer Contact, Online Services,
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk An Introduction to Access Management and the UK Federation Simon Cooper.

Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
Electronic Theses at Rhodes University presented by Irene Vermaak Rhodes University Library National ETD Project CHELSA Stakeholder Workshop 5 November.

Electronic Theses at Rhodes University presented by Irene Vermaak Rhodes University Library National ETD Project CHELSA Stakeholder Workshop 5 November.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Similar presentations

Ads by Google