Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.kennisnet.nl Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.

Published byKaren Merritt Modified over 9 years ago

Similar presentations

Presentation on theme: "Www.kennisnet.nl Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager."— Presentation transcript:

1 www.kennisnet.nl Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager

2 EdReNe expert workshop - 26 February 20091 Identification … a must

3 EdReNe expert workshop - 26 February 20092 Narrowing the scope of identity

4 Kennisnet Entree: providing SSO to VLE/LMS EdReNe expert workshop - 26 February 20093

5 What’s it all about? EdReNe expert workshop - 26 February 20094

6 Some figures Total of 600.000 educational users in the Netherlands: 165 schools connected (300.000 estimated federative users) 300.000 Entree selfservice accounts 13 Service providers: Educational online video streaming service Government sites Educational content providers Webshop EdReNe expert workshop - 26 February 20095

7 Elements of an authentication and authorisation service EdReNe expert workshop - 26 February 20096 Users use different accounts to access websites Websites use centralised userstores (identity providers) Rise of the Learning management systems as identity provider for schools Federated autentication, platforms function as hub

8 Anatomy of the Entree federation EdReNe expert workshop - 26 February 20097

9 Anatomy of the Entree federation hub EdReNe expert workshop - 26 February 20098 2. Go authenticate

10 Confederation 2009 EdReNe expert workshop - 26 February 20099 Kennisnet content, educational publishers & educational video streaming services Primary education, high schools and colleges Higher Education, Universities Surfnet, Universities, Publishers High school teachers and students Educational content providers (publishers) central authorisation via webshop

11 A-Select Dutch authentication platform: www.a-select.orgwww.a-select.org Open Source Not yet using standard SAML 2.0 It does however support Shiboleth via and agent and filter solution Used nationwide in DigID, provides users with a personalised login code for authentication on websites from various governmental bodies EdReNe expert workshop - 26 February 200910

12 A-Select protocol A-Select interfacing: Service Provider EdReNe expert workshop - 26 February 200911 3. Authentication Set SSO token 2. Go authenticate 4. user attributes 5. Set application token with attributes 1. URL 6. Redirect after authorisation

13 A-Select protocol A-Select interfacing: Identity Provider EdReNe expert workshop - 26 February 200912 3. “Go authenticate there” 1. “Where are you from? 2. “I belong to this organisation” 4. “my loginname & password” 5. Interface with userstore 6. “Is ok?” 7. “user authenticated ok” 8. “have a SSO token (cookie)”

14 A-Select IdP interfacing problems A-Select IdP’s are very difficult to set up: Need for ‘foreign’ software in system (A-Select server) Need to develop custom A-Select AuthSP for non LDAP userstores, such as MySQL. A-Select protocol not an international standard, like SAML 2.0, Shiboleth EdReNe expert workshop - 26 February 200913

15 Entree solution: Cookiemonster interface EdReNe expert workshop - 26 February 200914 Requirements: No need for ‘foreign’ software in system Native authentication of user by VLE/LMS Standardisation of user attributes sent to Entree For security purposes assertion of trust needed Consequence: No standard (eg SAML 2.0) fit the bill on ‘easy to implement’ due to maturity differences in VLE/LMS providers. Goal: Virtual Learning Environments and Learning Management Systems shall be connected to Entree using easy to implement webservices.

16 A-Select Cookiemonster protocol A-Select Entree expansion: LMS IdP webservices EdReNe expert workshop - 26 February 200915 3. “Go authenticate there” 4. “my loginname & password” 6. User attributes using EduPerson schema 1. “Where are you from? 2. “I belong to this organisation” 5. Get attributes 8. “have a SSO token (cookie)”

17 Cookiemonster interface: results EdReNe expert workshop - 26 February 200916 Solution provides Single Sign On path directly from VLE/LMS to Service Provider. 1 month after introducing new interfacing method 100 schools were connected. Average development time for VLE/LMS provider is 2 weeks

18 Next step: building bigger bridges EdReNe expert workshop - 26 February 200917

19 The standards SAML 2.0 en OpenId are selected for these bridges EdReNe expert workshop - 26 February 200918

20 You? EdReNe expert workshop - 26 February 200919 Questions?

Download ppt "Www.kennisnet.nl Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager."

Similar presentations

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.

Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.
Digital DNA Server Login People ®. Login People ˃ IT security vendor ˃ Patented Digital DNA ® technology innovation Digital DNA Server Multi-factor Authentication.

Digital DNA Server Login People ®. Login People ˃ IT security vendor ˃ Patented Digital DNA ® technology innovation Digital DNA Server Multi-factor Authentication.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Will Darby 91.514 5 April 2010.  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.

Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.

Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.
A-Select: Hitchhiking in authentication space Ton Verschuren Innovation Management – SURFnet – NL TERENA TF-AACE workshop, Stockholm,

A-Select: Hitchhiking in authentication space Ton Verschuren Innovation Management – SURFnet – NL TERENA TF-AACE workshop, Stockholm,
Www.eduserv.org.uk/openathens Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.

Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.
Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo

Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo

Similar presentations

Ads by Google