Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAML a mature six year old? Glenn Wearen, Paul Caskey & Josh Howlett.

Published byRuth Ford Modified over 9 years ago

Similar presentations

Presentation on theme: "SAML a mature six year old? Glenn Wearen, Paul Caskey & Josh Howlett."— Presentation transcript:

1 SAML a mature six year old? Glenn Wearen, Paul Caskey & Josh Howlett

2 Introduction Identity Management Edugate project

3 Firstly Identity Management (IdM) Identity and Access Management (IAM)

4 Identity Management -who?

5 Who? Students –Onsite / Offsite –Local / Remote –Undergraduate / Postgraduate –Full-time / Part-time –Primary / Post-primary

6 Who? Employees –Full-time –Part-time –Contractors –Temporary –Teaching –Administrative

7 Identity Management -what?

8 What? User –Firstname –Lastname –Password –Group –Role –Email –Id –X500 –Active Directory –eduPerson –SCHAC –Custom

9 Identity Management -when?

10 When? Registration –New Student –Transfer Re-registration –Undergraduate > Postgraduate > Lecturer Graduation Alumni

11 When? IdM Lifecycle –Provision –Promote –Demote –Disable –Enable –Deprovision –Reprovision –Synchronise

12 Identity Management -where?

13 Where? Registry HR Alumni database Email Directory Database Library External Services

14 Where? Resources –Application Webmail Portal VLE Device –Computing Resource Desktop Server Grid

15 Where? Resources Internal –Remotely Accessible? External –Remotely Accessible?

16 Identity Management -why?

17 Why? Because we have to......as part of day to day responsibility

18 Why? Because we have to......if we get it wrong, the consequences can be far reaching.

19

20 Why? Because we have to......our users expect to be able to have some control over their digital identity.

21

22 Why? Because we have to...... Student and employee login accounts are valuable.

23

24 Identity Management -how?

25 What is the best practice? Kim Cameron’s 7 Laws of Identity. –1. User Control and Consent –2. Minimal Disclosure for a Constrained Use –3. Justifiable Parties –4. Directed Identity –5. Pluralism of Operators and Technologies –6. Human Integration –7. Consistent Experience Across Contexts

26 What is the best framework? Centralised

27

28 What is the best framework? Centralised Devolved

29

30 What is the best framework? Centralised Devolved –SAML (or similar) –Active Directory Inter-domain Trust –Kerberos –RADIUS User-centric

31

32 What is the best framework? Centralised Devolved User-centric Hybrid

33 ?

34

35 Edugate e-INIS PRTLI Cycle 4 Research Federated Access Technology Trial Pilot Project

36 Edugate Research Federated Models Existing Federations –Schema (x500, eduPerson, SCHAC) –Protocols (SAML based only) Policy –Governance (Direction) –Membership (Rules)

37 Edugate Technology Trial Protocols and Standards –Shibboleth 1.3 & 2.0 –ADFS –SAML –eduPerson Interoperability Performance and scalability

38 Edugate Pilot Project Services –Managed IdP –Hosted IdP –Hosted SP Applications –Web-based –GRID

39 Summary IAM Who What When Where Why How Edugate Research Trial Pilot

40 Lastly Questions Athens Federated Access as SSO for Campus. Federated Access for HEI

Download ppt "SAML a mature six year old? Glenn Wearen, Paul Caskey & Josh Howlett."

Similar presentations

Federated Access implementation: experience of AUCA Library - Kyrgyzstan 4 th -7 th June, 2008, Aberdeen, Scotland Sania Battalova, EIFL Country and FOSS.

Federated Access implementation: experience of AUCA Library - Kyrgyzstan 4 th -7 th June, 2008, Aberdeen, Scotland Sania Battalova, EIFL Country and FOSS.
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
1 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any.

1 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Identity Management Choosing and Using Sun’s Identity Management Suite March 13 th, 2007 Kim Tracy Executive Director University Computing Services Northeastern.

Identity Management Choosing and Using Sun’s Identity Management Suite March 13 th, 2007 Kim Tracy Executive Director University Computing Services Northeastern.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.

Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.

UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.
NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.

NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.
LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.

LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Feide is a identity management system on a national level for the educational sector in Norway. Federated Electronic Identity for Norwegian Education Tromsø,

Feide is a identity management system on a national level for the educational sector in Norway. Federated Electronic Identity for Norwegian Education Tromsø,
1 A Case for Collaborative Identity Management in a Complex Decentralized Environment Andrea Beesing Assistant Director, IT Security and David Yeh Assistant.

1 A Case for Collaborative Identity Management in a Complex Decentralized Environment Andrea Beesing Assistant Director, IT Security and David Yeh Assistant.
A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s.

A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s.
CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science

CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science

Similar presentations

Ads by Google