Presentation is loading. Please wait.

Presentation is loading. Please wait.

Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.

Published byرقيه حسنی Modified over 6 years ago

Similar presentations

Presentation on theme: "Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini."— Presentation transcript:

1 Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN
Andrea Biancini

2 The architecture eduGAIN is a SAML based identity federation, in this scenario Attribute Providers has been implemented leveraging two main protocols: the Attribute Authority role for a SAML federation entity, for orline information flows to be retrieved during user login; the VOOT protocol (based on SCHIM) to describe groups and memberships offline from user authentication.

3 Interactions - AA

4 Interactions - VOOT VOOT is a protocol for exchanging group information externally to applications. Very simple API:

5 Benefits and issues The architecture shown permitted to:
Distribute the responsibility to provide information about known users to different subjects within the federation. Decouple authentication and authorization processes. AAs in eduGAIN still have some significant limitation: AAs still have some issue regarding privacy and security. User enrolment must be supported to reduce effort.

6 Conclusions, challenges addressed
Permit delegation of the management of user information in a clear and secure way. Provide new architectural elements that could seamlessly integrate with existing architectures (to simplify technical adoption of such a solution by all the participants to the federation). Leverage the existing federations in building the reciprocal trust, needed to guarantee security.

Download ppt "Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini."

Similar presentations

Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.

May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
Identity Management, what does it solve By Gautham Mudra.

Identity Management, what does it solve By Gautham Mudra.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.

GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.
Online AAI José A. Montenegro GISUM Group Security Information Section University of Malaga Malaga (Spain) Web:

Online AAI José A. Montenegro GISUM Group Security Information Section University of Malaga Malaga (Spain) Web:
Claims Based Authentication

Claims Based Authentication
Cancún - Mexico, 28.05.2014 Andrea Biancini Towards a Federation as a Service From IdP in the Cloud project to FaaS.

Cancún - Mexico, Andrea Biancini Towards a Federation as a Service From IdP in the Cloud project to FaaS.
Report from Breakout Session 1.2 Secure Consumerization: the Genuine Trustworthiness Revolution Chair: Craig Lee Rapporteur: Paolo Mazzetti.

Report from Breakout Session 1.2 Secure Consumerization: the Genuine Trustworthiness Revolution Chair: Craig Lee Rapporteur: Paolo Mazzetti.
Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.

SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Kuali Identity Management Overview. Why did we write KIM? Common Interface for Kuali Applications Provide a Fully-Functional Product A Single API for:

Kuali Identity Management Overview. Why did we write KIM? Common Interface for Kuali Applications Provide a Fully-Functional Product A Single API for:
Shibboleth: An Introduction

Shibboleth: An Introduction
OGSA Security Roadmap Discussion GGF5 – 7/24/02. Outline l Introduction l Architecture Goal l Roadmap Goal l Proposed Specs l Challenges l Next Steps.

OGSA Security Roadmap Discussion GGF5 – 7/24/02. Outline l Introduction l Architecture Goal l Roadmap Goal l Proposed Specs l Challenges l Next Steps.

Similar presentations

Ads by Google