Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.eduserv.org.uk/openathens Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.

Published byBeatrice Nicholson Modified over 9 years ago

Similar presentations

Presentation on theme: "Www.eduserv.org.uk/openathens Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager."— Presentation transcript:

1 www.eduserv.org.uk/openathens Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager

2

3

4

5

6 What are the available solutions for access management?

7 1.IP authentication – IP address registered with service provider 2.Proxy server – Uses IP authentication 3.Publisher issued username & password – Individual or group login 4.Referrer URL – Issued by publisher, tracks previous visited website 5.OpenAthens or Shibboleth – SAML (Security Assertion Mark-up Language) based authentication

8 Which solutions work best for alumni authentication?

9 IP authentication and proxy servers Easy/simple to register IP Most publishers support this approach ×Technical overhead (proxy server) ×No granularity e.g. user categories ×All users anonymous to publisher ×Off-site access can be difficult ×Low-level security

10 Publisher issued username/password or referrer URL Most publishers support this approach Easy/simple to setup No technical overhead ×Multiple login details ×Lack of Single Sign-On (SSO) ×Very low-level security - Encourages password sharing ×Browser incompatibility (referrer URL)

11 OpenAthens/Shibboleth Most publishers support this approach High-level security – Industry standard (SAML) Granularity down to individual user Pass “Alumni” attribute to publisher ×Varying technical overhead ×Not always implemented the same across publishers

12 Ranking 1.OpenAthens/Shibboleth – Most secure, Alumni specific functionality 2.IP authentication/proxy server – Much less secure, difficult to configure for Alumni 3.Publisher username/password and referrer URL – Lowest security, no SSO capability

13 Challenges Federated (SAML) authentication requires publishers to fully support attribute release Shibboleth/OpenAthens LA require Alumni to exist within Active Directory indefinitely

14 New Alumni functionality for OpenAthens Permissive/restrictive mode - Blocks unauthorized user authentication Manage Alumni through permission sets Removes reliance on publisher implementation

15

16

17

18

19

20 Conclusions Secure authentication for alumni is possible The access management community should lobby publishers to implement the SAML protocol fully – UK Access Management Federation “town hall” meetings Access management needs are changing - software development should focus on these requirements

21 Thank you Report: Librarians Experiences and Perceptions of Identity and Access Management: http://www.eduserv.org.uk/openathensreport2015 robert.scaysbrook@eduserv.org.uk

Download ppt "Www.eduserv.org.uk/openathens Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
OpenAthens LA 2.0 implementation Matt Durant. Outline Bath Spa University Why single sign-on? –Improving the user experience The project / decision making.

OpenAthens LA 2.0 implementation Matt Durant. Outline Bath Spa University Why single sign-on? –Improving the user experience The project / decision making.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
Will Darby 91.514 5 April 2010.  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.

Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Introduction to OpenID Huanxing Shen WHIM 2009Spring.

Introduction to OpenID Huanxing Shen WHIM 2009Spring.
Will Darby 91.514 5 April 2010.  What is Federated Security  Example Implementations  Security Assertion Markup Language (SAML) Overview  Alternative.

Will Darby April  What is Federated Security  Example Implementations  Security Assertion Markup Language (SAML) Overview  Alternative.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Authentication via campus single sign-on 2012 VIVO Implementation Fest.

Authentication via campus single sign-on 2012 VIVO Implementation Fest.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Www.kennisnet.nl Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.

Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.
Developments in Access and Identity Management Phil Leahy – Athens Product Manager.

Developments in Access and Identity Management Phil Leahy – Athens Product Manager.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Catalyst 2002 SAML InterOp July 15, 2002 Prateek Mishra San Francisco Netegrity.

Catalyst 2002 SAML InterOp July 15, 2002 Prateek Mishra San Francisco Netegrity.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education www.netprof.us.

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
Aoife Lawton Systems Librarian HSE. Outline eLibrary models of authentication Library/Librarian visibility – some tips Mobile technologies Federated Search.

Aoife Lawton Systems Librarian HSE. Outline eLibrary models of authentication Library/Librarian visibility – some tips Mobile technologies Federated Search.
Identity Management Report By Jean Carreon and Marlon Gonzales.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Similar presentations

Ads by Google