1. Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie Universität Berlin, Department of Computer Science, Networked Information Systems (http://www.ag-nbi.de) ‏http://www.ag-nbi.de 2 Freie Universität Berlin, Botanic Garden and Botanical Museum Berlin-Dahlem (BGBM) ‏ Find more information at http://www.e-taxonomy.eu or contact Lutz Suhrbier (suhrbier@inf.fu-berlin.de) ‏ Picture copyrights (top-left corner):© Copyright Person The following pictures are under Creative Commons 3.0: XXXX 2005 Protects and provides access to all EDIT platform components Built up on the Security Assertion Markup Language (SAML) web profile (e.g. Shibboleth, OpenSSO) ‏ Only a single identity per user required only one user id and password to remember accounts at home institution can be reused Attribute Based Access Control (ABAC) for service providers considerably reduced administrative costs definition of individual access control policies EDIT's Community Single Sign-On (CSSO) security infrastructure EDIT federation Abides organisations by a common set of policies & practices operational procedures and security mechanisms attributes & entitlements to be exchanged (eduPerson) ‏ identical attribute interpretation (role/group assignment) ‏ Legal issues like Intellectual Property Rights and privacy Enables trusted interaction without bilateral agreements Open to all biodiversity institutions or service contributors as Identity Provider(IdP) and/or Service Provider(SP) ‏ Vision: Build up a biodiversity community federation The EDIT platform provides a multitude of web-based taxonomic applications and services. The diversity of service providers reflects the highly distributed, cross-national organisational infrastructure of biodiversity institutions and collections in general Result is a problem of identity management system administrators have to register users and maintain several access control lists for each service individually users have to remember a variety of login/password combinations to access all these different services Need for a comfortable single sign-on (SSO) solution reflecting the specifics of biodiversity infrastructures Why Community Single Sign-On ? Source: http://switch.ch/aai/about/federation/ Join the federation as IdP and/or SP Identity Provider (IdP) is responsible for an organisation's secure user login and attribute delivery to SPs integration of existing identity management solutions data privacy management for user attributes Service Provider (SP) provides cross-organisational access to EDIT web resources for federated users based on individual access control policies for resources Support and demo installations available dedicated server and hosted web space environments Integration of Drupal, Spring, Trac, etc. Looking for further application scenarios Information flow of the CSSO login procedure Typical SAML-based federation infrastructure