Presentation is loading. Please wait.

Presentation is loading. Please wait.

EuroCAMP Authentication (AuthN)

Published byKajetan Meissner Modified over 5 years ago

Similar presentations

Presentation on theme: "EuroCAMP Authentication (AuthN)"— Presentation transcript:

1 EuroCAMP Authentication (AuthN)
Tuesday, November 23rd, 2010 Brook Schofield Project Development Officer EuroCAMP Authentication (AuthN)

2 Campus Architecture & Middleware Planning…
My Blurb: Focusing on the first step of the 'domestication' progression we'll cover authentication for applications, showing examples of externalising authentication and identifying the technologies of interest to this group. Q: First step? Q: Domestication? applications that work well with enterprise infrastructure, typically by externalizing group management, authentication, and/or authorization COmanage webpage via RL ‘Bob’ Morgan

3 AuthN is easy! That’s why everyone does it!
Previously everyone "had" to do it. Campus' created accounts because their students needed them. Commercial providers created accounts so people could access them. Password synchronization is handled by the user.

4 Remember to squat your name! http://namechk.com/

5 Many campus solutions to the username/password problem.
NIS, Novell Windows for Work Groups LDAP and Microsoft AD Kerberos CAS, WebAuth Limited to the Campus Need to expand outside the Campus

6 We preached it, but didn’t live it.

7 TERENA Externalising AuthN

8 The campus problem disrupted.
Campus’ always had external resources Solved by liberal licensing Reverse Proxies VPN Complicated by: Mobile students Proliferation of Devices IPv6 $ £ € ¥ ₨

9 Storm Brewing. A storm brewing over New South Wales (image credit: Jimmy Deguara)

10 Levels in the AuthN Continuum
1 - Username/Password for All Services Manual sign-up by the user Password reset problem Deprovisioning Problem 2 - Shared Identity LDAP Backend Password Synchronisation (maybe) 3 - Externalised Identity Identity Federation (SAML) Single Point OpenID vs Facebook vs Google

11 How many username/password combinations do use in a day?
Quick Poll… How many username/password combinations do use in a day? Including the ones that your browser / os remember for you. 1 2-5 5-15 15+

12 Do we feel special?

13 Integrating 3rd Party Applications

14 Integrating 3rd Party Applications
Stupid Applications are the easiest Any HTTP Basic Auth? Embedded Username/Password Dialog Hardest to deal with (especially flash) Lots of Options simpleSAMLphp Shibboleth-SP OIOSAML SP Fedlet OpenAM

15 …including the kitchen sink.
Applications are diverse Skinning a Cat Users are diverse From different sources IdPs are diverse No two attributes the same

16 Scaling AuthN

17 skype://brookschofield @BrookSchofield facebook.com/brook.schofield linkedin.com/in/brookschofield Questions? “A man with one watch knows what time it is; a man with two watches is never quite sure.” Lee Segall

Download ppt "EuroCAMP Authentication (AuthN)"

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.

Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.
Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
EIFL Thursday, December 15 th, 2011 Brook Schofield Project Development Officer Slide 1.

EIFL Thursday, December 15 th, 2011 Brook Schofield Project Development Officer Slide 1.
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Team: SuperBad Cats MSIT 458 – Dr. Chen Authentication through Password Protection.

Team: SuperBad Cats MSIT 458 – Dr. Chen Authentication through Password Protection.
Approaches and challenges for a SSO enabled extranet using Jasig CAS Florian Holzschuher René Peinl10.09.2013.

Approaches and challenges for a SSO enabled extranet using Jasig CAS Florian Holzschuher René Peinl
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Virtualization and Cloud Computing

Virtualization and Cloud Computing
TF-EMC2 Tuesday, February 15 th, 2011 Brook Schofield Project Development Officer Slide 1.

TF-EMC2 Tuesday, February 15 th, 2011 Brook Schofield Project Development Officer Slide 1.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Identity Services Goals ① Improved and timely access to MIT services ② Reliable modular utilities (i.e. power, water, phone) ③ Easy integration for.

Identity Services Goals ① Improved and timely access to MIT services ② Reliable modular utilities (i.e. power, water, phone) ③ Easy integration for.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
PKI-Enabled Applications That work! Linda Pruss Office of Campus Information Security

PKI-Enabled Applications That work! Linda Pruss Office of Campus Information Security
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
MOBILE SECURITY MADE EASY. STOCKHOLM SOFTWARE COMPANY.

MOBILE SECURITY MADE EASY. STOCKHOLM SOFTWARE COMPANY.

Similar presentations

Ads by Google