Presentation is loading. Please wait.

Presentation is loading. Please wait.

Helsinki Institute of Physics (HIP) - 2003 Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Published byDerek Bradford Modified over 9 years ago

Similar presentations

Presentation on theme: "Helsinki Institute of Physics (HIP) - 2003 Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th."— Presentation transcript:

1 Helsinki Institute of Physics (HIP) - 2003 Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th 2003 Mika Silander

2 Helsinki Institute of Physics (HIP) - 2003 Background • Liberty Alliance • Formed in September 2001. • A large industry driven standardisation organisation, currently 160 collaborating member organisations. • Web site: www.projectliberty.org • Mission • Create open standards and specifications for identity federation and identity-based services. • Favour device neutrality. • Access to many services by logging in once (single sign-on). • Status • Version 1.1 specifications published. • Three groups of specifications.

3 Helsinki Institute of Physics (HIP) - 2003 Liberty objectives • Enable end users to protect their identity information on the net • Enable businesses to manage customer relationships without dependence on third-parties • Create an open single sign-on standard for decentralised authentication and authorization • Create a network identity infrastructure that supports all current and emerging network devices

4 Helsinki Institute of Physics (HIP) - 2003 The problem and a solution • End users obliged to remember numerous Web site accounts and passwords • Personal information • Accounts, names, phone numbers, addresses, credit card numbers. • Identity as Liberty Alliance sees it • Accounts + passwords. • An end user's other personal information.

5 Helsinki Institute of Physics (HIP) - 2003 Federated network identity • Enables single sign-on • Allows a user to "link" her different web accounts together but still control what other personal info is given to the individual service providers. • A user account • The starting point of federation. • An end user's personal info... • that, in all or part, can be distributed within a circle of trust. • whose distribution is completely controled by the end user herself.

6 Helsinki Institute of Physics (HIP) - 2003 Liberty principals Figure: Federated Identity and Circles of trust (source: Liberty ID-FF Architecture Overview draft v1.2-03)

7 Helsinki Institute of Physics (HIP) - 2003 Liberty principals & concepts • Identity providers (IDPs) • Initiates end user identity federation. • Maintain user profile information. • Distribute (federate) user identities and profiles. • Service providers (SPs) • Affiliate with identity providers. • Maintain user profile information. • Circles of trust • Communities of IDPs and SPs that share federated identities. • Adhere to commonly defined business agreements and procedures. • The end user • Controls what info is federated to whom and how.

8 Helsinki Institute of Physics (HIP) - 2003 Liberty architecture Figure: Liberty Alliance architecture (source Liberty ID-FF Architecture Overview draft v1.2-03)

9 Helsinki Institute of Physics (HIP) - 2003 Federating an identity

10 Helsinki Institute of Physics (HIP) - 2003 Federating an identity (cont.)

11 Helsinki Institute of Physics (HIP) - 2003 User login

12 Helsinki Institute of Physics (HIP) - 2003 User login (cont.)

13 Helsinki Institute of Physics (HIP) - 2003 Liberty security features • Authentication only. • Authorisation based on access rights tied to the local account. • Accounting and billing internal to every service provider. • Single logout. • Mutual authentication using certifates and secured communication channels required for IDP SP interactions, but weaker methods allowed for user authentication. • Standards: SAML, various WS security standards, SSL, TLS, PKI.

14 Helsinki Institute of Physics (HIP) - 2003 Security features in grids • PKI solutions. • Authentication handled, authorisation mechanisms with grid-wide scope being developed. • Accounting and billing not yet available. • Web services related security technologies are being adopted.

15 Helsinki Institute of Physics (HIP) - 2003 Comparisons & conclusions • Liberty • Security architecture more limited in scope. • Security mechanisms a mixed bag of established and evolving technologies and standards. • Reliance on redirection. • Allows service tailoring based on user profiles. • Needs more adopters. • Apparently device and software neutral but in practise geared towards browser centred usage and devices. • Grids • Security goals more ambitious, extend beyond just simple authentication. • Grid and Liberty interoperability • Various levels of iop and options: turning grid services to Liberty service providers, using grid certs transparently for Liberty auth etc

16 Helsinki Institute of Physics (HIP) - 2003 Software • SourceId • Open source solutions for Liberty Alliance identity management. • www.sourceid.org • Sun One Identity Server • Novell eDirectory's Identity provider • PingId • Provider of Liberty Alliance integration services and interoperability testing. • www.pingid.com • Other 3 rd party authentication solutions •.NET/Passport • Ping ID • 3-D Secure • Shibboleth

17 Helsinki Institute of Physics (HIP) - 2003 References 1 1 Liberty ID-FF Architecture Overview draft v1.2-03, J.Hodges & T.Wason, 2003 2 2 Grid and Liberty Alliance Framework: Goals, Architectures and Feasibility Study for Integration, H.Mikkonen & T.Nissi, Helsinki Institute of Physics, 2003 3 3 Introduction to the Liberty Alliance Identity Architecture, rev. 1.0, Liberty Alliance, 2003 4 4 Identity Systems and Liberty Specification Version 1.1 Interoperability, Technical White Paper, Liberty Alliance, 2003 5 5 Liberty ID-FF Protocols & Schema Specification v1.2-08, S.Cantor & J.Kemp, 2003

Download ppt "Helsinki Institute of Physics (HIP) - 2003 Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Federation management A mess? 9.4.2008 Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.

Federation management A mess? Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.
Achieving online trust through Mutual Authentication.

Achieving online trust through Mutual Authentication.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.

Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Network Identity Kai Kang 27 th October 2004. Outline Introduction –Definition –Five drivers –Basic services –Roadmap Network Identity management approaches.

Network Identity Kai Kang 27 th October Outline Introduction –Definition –Five drivers –Basic services –Roadmap Network Identity management approaches.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

Similar presentations

Ads by Google