Presentation is loading. Please wait.

Presentation is loading. Please wait.

® Practical Approaches to Web Services Authentication 72nd OGC Technical Committee Frascati, Italy Fiona Culloch March 9, 2010 Sponsored and hosted by.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "® Practical Approaches to Web Services Authentication 72nd OGC Technical Committee Frascati, Italy Fiona Culloch March 9, 2010 Sponsored and hosted by."— Presentation transcript:

1 ® Practical Approaches to Web Services Authentication 72nd OGC Technical Committee Frascati, Italy Fiona Culloch March 9, 2010 Sponsored and hosted by ESA/ESRIN

2 OGC ® Federated Authentication

3 OGC ® User Selects Identity Provider

4 OGC ® Enters Credentials at IdP

5 OGC ® Logged in to Service Provider

6 OGC ® Browser-Based Federation Mature Implementations –Open-source Shibboleth SimpleSAMLphp, … –Commercial OpenAthens Sun Novell, … Policy infrastructure –Many national federations

7 OGC ® But… Doesn’t work for non-browser clients!

8 OGC ® Why Not? The protocols (SAML) require: –HTTP redirection –Cookies –SSL/TLS –User input (usernames, passwords, etc.) –(X)HTML processing Web service clients may not support any of these! –(OGC Authentication IE client survey) Making IdP discovery/interaction impossible

9 OGC ® One Solution Identified By UK JISC-funded EDINA project SEE-GEO (2006–08) –Initiated and led by EDINA geospatial team –With input from AM Consult (Andreas Matheus) UK federation (JISC/EDINA SDSS project) Shibboleth Core Team (Chad La Joie)

10 OGC ® Concept Separate –Client flow (XML over HTTP) –From browser authentication flow (HTML, SAML over HTTP) In the client flow –URI must contain valid token –Token validated by browser authentication flow

11 OGC ® Authenticating Proxy (“Façade”) OWS Façade Client http://proxy/...438657... XML

12 OGC ® Façade Has Two Faces OWS Façade Client http://url1/...438657... XML Browser SAML HTML SP http://url2/...438657...

13 OGC ® Façade Separates Auth. from Application FaçadeOWS SAML, Fed., X.509, Auth. Policy, … OWS, WMS, WFS, … Sys. admin., Auth. policy (Someone else’s problem!) App. design, OGC standards,… (Your problem)

14 OGC ® SEE-GEO Work Being Taken Forward In the OGC (1H 2010) –Authentication Interoperability Experiment Interoperability testing Investigate best choice of SAML protocols, bindings At EDINA –JISC-funded project WSTIERIA (2010) Generalise from OWS to any WS Abstract from SAML protocols, bindings to Shibboleth concept of “protected service”

15 OGC ® Meanwhile, Elsewhere… Shibboleth Core Team / U. of Chicago have developed –Shibboleth extension for web services Based on SAML 2.0 Enhanced Client Proxy (ECP) Client libraries (for Java, …) Supports N-tier use cases!

16 OGC ® So Why Bother With Façade? No client library required SAML 2.x / Shibboleth 2.x not required –As of December 2009, only ~20% of UK federation IdPs SAML 2.0 Few / zero client modifications required WSTIERIA taking both approaches forward

17 OGC ® Call to Action Any volunteer clients? Contact us! fiona.culloch@ed.ac.uk

Download ppt "® Practical Approaches to Web Services Authentication 72nd OGC Technical Committee Frascati, Italy Fiona Culloch March 9, 2010 Sponsored and hosted by."

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Suchin Rengan Principal Technical Architect Salesforce.com
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.

Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
EMI Development Plans for Identity Management Henri Mikkonen / HIP Moonshot, Grid and HPC Workshop 7.7.2011 London, UK.

EMI Development Plans for Identity Management Henri Mikkonen / HIP Moonshot, Grid and HPC Workshop London, UK.
Contrail and Federated Identity Management

Contrail and Federated Identity Management
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Ray Denenberg Ralph LeVan Workshop 20 March 25, 2006; Washington Metasearch - the NISO Initiative.

Ray Denenberg Ralph LeVan Workshop 20 March 25, 2006; Washington Metasearch - the NISO Initiative.
Secure access to spatial data for academia – the UK experience Workshop, Authentication, Authorization and Accounting for Data and Services in EU Public.

Secure access to spatial data for academia – the UK experience Workshop, Authentication, Authorization and Accounting for Data and Services in EU Public.
Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.

Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.

Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

Similar presentations

Ads by Google