Presentation is loading. Please wait.

Presentation is loading. Please wait.

IdP Selection WG A proposal to next steps (Draft) Version v0.2.

Published byPeter Copeland Modified over 9 years ago

Similar presentations

Presentation on theme: "IdP Selection WG A proposal to next steps (Draft) Version v0.2."— Presentation transcript:

1 IdP Selection WG A proposal to next steps (Draft) Version v0.2

2 Identified requirements  Input requirements identified in the IDP Selection MRD can be divided into 4 main categories :  Possibility for the SP to delegate the selection of the user's IDP to an ISA and express some criteria to be considered for that selection process.  Discovery of the user's preferred IDP(s) by ISAs.  Possibility for the ISA to obtain user's IDP(s) capabilities as well as other data (metadata).  GUI and UX guidelines for SP and ISA.

3 Envisioned next step 1/2  Delegate to the ISA –Extract from MRD all needed claims, both by IdP and by RP –Technical way to integrate the ISA on SP side using RP metadata (aim : same metadata for both ISA in the browser and in the network)  Discovery of the user's preferred IDP –Mainly internal to the ISA (to be assessed based on MRD) : should be described into an "ISA implementation guidelines" document (common guidelines for both ISA in the browser and in the network ?).

4 Envisioned next step 2/2  IDP's capabilities –Lacks in existing IdP metadata specifications already identified in the "Gap analysis" document : requires evolutions on these specifications. –E.g. Supported authentication context by IDP Logo and display name for each IDP …  GUI and UX guidelines for SP and ISA. –Common guidelines for both ISA in the browser and in the network.

5 Pending point to be discussed: which strategy ? 3 possible models for an ISA in the network a.The ISA as a facilitator : just allows the user to choose the IDP and everything else is done directly between RP and IDP b.The ISA as an IDP proxy, as defined in the Liberty/SAML specifications c.the ISA acts on behalf of the SP and just convert flows from a protocol to an other if needed

6 ISA as a facilitator ISA Relying Party Identity Provider     ISA used only during the IDP choice  The ISA is not aware of the rest of the transaction  The RP must implement all protocols corresponding to the various IDP

7 ISA is as an IDP proxy Identity Provider      Protocol on link  and  can be any widely spread protocol.  As a proxy, the ISA must implement fully the chosen protocol(s) for links  and .  Possibly single protocol between ISA and RP  IDP doesn't have knowledge of the RP and vice versa.  In case of ISA failure, users can't access the RP anymore (or with complex failover mecanism)  Users must exist in the ISA database (needs provisioning)  Might be a problem for the RP to access to IDP APIs User database ISA Relying Party   Note : depending on the protocol, links , ,  and  may or may not go through the browser.

8 ISA acts on behalf of the SP ISA Identity Provider      Protocol on links  and  can be any widely spread protocol.  As an intermediary, the ISA must implement fully the chosen protocol(s) for links  and .  Single protocol between ISA and RP  Opportunity to specify a simplified SSO profile of existing specs for steps  and   In case of ISA failure, SP can use another one or no ISA. Relying Party   Note : depending on the protocol, links , ,  and  may or may not go through the browser.

9 Roadmap proposal March plenary First draft for "Technical way to integrate the ISA" First draft for "metadata specs evolution" GUI and UX guidelines ISA implementation guidelines July October

Download ppt "IdP Selection WG A proposal to next steps (Draft) Version v0.2."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
UKOLN is supported by: JISC Information Environment update Repositories and Preservation Programme meeting, October 24-25, 2006 Rachel Heery UKOLN www.ukoln.ac.uk.

UKOLN is supported by: JISC Information Environment update Repositories and Preservation Programme meeting, October 24-25, 2006 Rachel Heery UKOLN
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
19/06/2002WP4 Workshop - CERN WP4 - Monitoring Progress report

19/06/2002WP4 Workshop - CERN WP4 - Monitoring Progress report
The ISA concept in the Telco Environment Philippe Clement Lannion, Telco WG 08 9 2011.

The ISA concept in the Telco Environment Philippe Clement Lannion, Telco WG
Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.

Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.
IdP Selection WG Hillsboro, March 10th Version v0.

IdP Selection WG Hillsboro, March 10th Version v0.
Direct Congress Dan Skorupski Dan Vingo 15 October 2008.

Direct Congress Dan Skorupski Dan Vingo 15 October 2008.
Philips Research France Delivery Context in MPEG-21 Sylvain Devillers Philips Research France Anthony Vetro Mitsubishi Electric Research Laboratories.

Philips Research France Delivery Context in MPEG-21 Sylvain Devillers Philips Research France Anthony Vetro Mitsubishi Electric Research Laboratories.
LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.

LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.

A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.

Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
RDA Wheat Data Interoperability Working Group Outcomes RDA Outputs P5 9 th March 2015, San Diego.

RDA Wheat Data Interoperability Working Group Outcomes RDA Outputs P5 9 th March 2015, San Diego.
RDA Wheat Data Interoperability Working Group Outcomes RDA Outputs P5 9 th March 2015, San Diego.

RDA Wheat Data Interoperability Working Group Outcomes RDA Outputs P5 9 th March 2015, San Diego.
NSTIC ID Ecosystem A Conceptual Model v03 Andrew Hughes October 2013 - October 2013 - IDESG Version 1.

NSTIC ID Ecosystem A Conceptual Model v03 Andrew Hughes October October IDESG Version 1.
SASL-SAML update Klaas Wierenga Kitten WG 9-Nov-2010.

SASL-SAML update Klaas Wierenga Kitten WG 9-Nov-2010.
Unrestricted Connection manager MIF WG IETF 78, Maastricht 2010-07-29 Gaëtan Feige, Cisco (presenter) Pierrick Seïté, France Telecom -

Unrestricted Connection manager MIF WG IETF 78, Maastricht Gaëtan Feige, Cisco (presenter) Pierrick Seïté, France Telecom -
The NISO Question/Answer Transaction Protocol (QATP) AVIAC January 2004 Donna Dinberg Library and Archives Canada Mark Needleman Sirsi Corporation.

The NISO Question/Answer Transaction Protocol (QATP) AVIAC January 2004 Donna Dinberg Library and Archives Canada Mark Needleman Sirsi Corporation.
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.

Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.

Similar presentations

Ads by Google