Presentation is loading. Please wait.

Presentation is loading. Please wait.

TERENA EUROCamp 2010 Dyonisius Visser

Published byOtto Elstelä Modified over 5 years ago

Similar presentations

Presentation on theme: "TERENA EUROCamp 2010 Dyonisius Visser"— Presentation transcript:

1 AAI @ TERENA EUROCamp 2010 Dyonisius Visser visser@terena.rg
TERENA

2 Where it all started REFEDS Wiki Dog food
MediaWiki + SimpleSAMLphpAuth One SP Accumulated > 20 IdPs 

3 Next SP comes along TACAR 
Will need to contact several IdPs again to exchange metadata  3rd SP 4th SP etc etc

4 Too many IdP-SP combinations
Difficult to manage:

5 New approach: cheating
Create one SP to connect all our IdPs to “Hide” all our REAL SPs behind that External IdPs only do business with a single TERENA SP We get to do fancy stuff at our magic SP

6 Password hashes….

7 What could be the “?” Attribute injection authproc: SmartAttr.php

8 SmartAttr.php Generate globally unique identifier for ALL possible users Pick first available attribute name+value from: eduPersonTargetedID eduPersonPRincipalName openid sha1(salt.serialize(attributes)) Results:

9 SmartID exa,mples:

10 More attributes Fullname: Stolen from Olav 
Organisation: first available from: organizationName Uppercase version of schacHomeOrganization, without TLD Uppercase version of domain without TLD Uppercase version of eduPersonPrincipalName domain without TLD String ‘MY_ORG’ Country, fname, lname, , etc

11 Group membership To be implemented…..

12 Concepts We will have homeless users -> guest accounts
Everyone can login to any service “logged-in” does not mean anything (well….) One page to manage all your data (‘profile’ page) Similar to Switch.ch javascript sidebar To be implemented

13 Issues encountered Changing your SP metadata at remote parties takes a long time  non-technical, so think twice Non-federated users – don’t run ourselves Too may guest options now!!! Provisioning before users log in -> not possible Globally persistent ID

Download ppt "TERENA EUROCamp 2010 Dyonisius Visser"

Similar presentations

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board
Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki 2.10.2013 Mikael Linden, CSC – IT Center for Science

Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki Mikael Linden, CSC – IT Center for Science
DK update David Simonsen, WAYF (the federation formerly known as DK-AAI) It's a WAYFIt's about consentIt's a project.

DK update David Simonsen, WAYF (the federation formerly known as DK-AAI) It's a WAYFIt's about consentIt's a project.
Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.

Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.
TERENA TF-EMC2 15 feb 2011 Dyonisius Visser

TERENA TF-EMC2 15 feb 2011 Dyonisius Visser
TERENA EUROCamp 2010 Dyonisius Visser

TERENA EUROCamp 2010 Dyonisius Visser
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
In the web address box enter https:\\password.sau.edu Enter your user ID (first and last initial 7 digit ID number) Select Log in.

In the web address box enter Enter your user ID (first and last initial 7 digit ID number) Select Log in.
Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.

Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.

Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
Federated Identity and Shibboleth Concepts Rick Summerhill Chief Technology Officer Internet2 GEC3 October 29, 2008 Slides by Nate Klingenstein

Federated Identity and Shibboleth Concepts Rick Summerhill Chief Technology Officer Internet2 GEC3 October 29, 2008 Slides by Nate Klingenstein
Kalmar Union lessons: Findings in federation harmonisation REFEDS 7.6.2009 Mikael Linden, CSC.

Kalmar Union lessons: Findings in federation harmonisation REFEDS Mikael Linden, CSC.
Overview of schemas used for IdM community Setting up of identity provider Motonori Nakamura, National Institute of Informatics, Japan 2nd TEIN IAM Workshop.

Overview of schemas used for IdM community Setting up of identity provider Motonori Nakamura, National Institute of Informatics, Japan 2nd TEIN IAM Workshop.
Page 1 User Accounts Lecture 3 Hassan Shuja 09/21/2004.

Page 1 User Accounts Lecture 3 Hassan Shuja 09/21/2004.
Implementing and Using the SIRWEB Interface Setup of the CGI script and web procfile Connecting to your database using HTML Retrieving data using the CGI.

Implementing and Using the SIRWEB Interface Setup of the CGI script and web procfile Connecting to your database using HTML Retrieving data using the CGI.
Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent.

Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent.
Federating non-web services with LDAP-Façade

Federating non-web services with LDAP-Façade
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Similar presentations

Ads by Google