Presentation is loading. Please wait.

Presentation is loading. Please wait.

Brown University Leveraging Social Identities Steve Carmody CSG, May 15, 2013.

Published byAsher Hudson Modified over 8 years ago

Similar presentations

Presentation on theme: "Brown University Leveraging Social Identities Steve Carmody CSG, May 15, 2013."— Presentation transcript:

1 Brown University Leveraging Social Identities Steve Carmody CSG, May 15, 2013

2 2 Topics What Why How Status

3 3 What Support access by people with either Federated or Social Identities Provide application owners with a single authN/Z Framework for both types of Identities Provide info to the application about the user with a single interface, regardless of Identity type Application owner can choose which Social Identity providers to allow

4 4 Why We’re used to working with identities vetted and issued by other campuses But, we already work with people from outside those Communities –Applicants –Parents –Continuing Education/MOOCs Other areas showing interest in working with people outside the traditional communities –Courses -- additional speakers form the community –Research - partners at campuses that are not Shibboleth- enabled

5 5 Why All of those people have identities at one of the social/personal providers Google, Yahoo, FaceBook, etc In some circumstances, this approach may be preferable to issuing campus identities to those people However, there is NO guarantee about who is using a social account

6 6 How Web-based authentication gateway Translates authentication responses from popular “social” ID services into regular SAML 2 Assertions (consumable by Shibboleth) Allows downstream applications which only understand SAML to easily utilize external services using other protocols

7 7 How Does it Work ? Looks like an IDP to the SP Looks like a single SP/app to external services Designed to be as simple and transparent as possible for Application Owners to use

8 8 Maps attributes (if released by service/user) –givenName –Sn –Mail –uid Generated attributes –eduPersonPrincipalName –eduPersonTargetedID (as a SAML 2 NameID) –displayName

9 9 What We’ve Learned Works great for guest authentication Typical use is “pick and choose” among the external services Very powerful when combined with invitation service (eg MACE Grouper)

10 10

11 11

12 12 Issues Consent screen at Social Providers asks user to release attributes to the Gateway, not the SP Each Social Provider provides different attributes Many applications prefer an invitation service (eg MACE Grouper includes one) Should a locally run Gateway instance integrate with the local Person Registry, and register different providers/accounts for each person

13 13 Status Pilot Gateway available since Fall 2012 –Operated by Paul Caskey, UT –NO SLA! –This Pilot will end! 2nd Pilot underway –Gateway provided and operated by Cirrus Identity –Can be used to access I2 Spaces Wiki and InCommon Federation Manager App –Currently only supports Google

14 14 Status, Continued Next Phase –Looking to expand use and use cases –Require definition, testing during Summer 2013 –Campus participants being identified –Hope to have service available to InCommon members for Fall 2013

15 15 Questions?

Download ppt "Brown University Leveraging Social Identities Steve Carmody CSG, May 15, 2013."

Similar presentations

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Grouper Training End Users Lite UI – External Users

Grouper Training End Users Lite UI – External Users
From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…

From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…
Brown University Shibboleth at Brown University James Cramton April 2, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.

Brown University Shibboleth at Brown University James Cramton April 2, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.
Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.
Manifest – the Service Application Manifest is our new service, with Grouper as its logic engine, to manage populations which are known to us and those.

Manifest – the Service Application Manifest is our new service, with Grouper as its logic engine, to manage populations which are known to us and those.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.

2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Brown University Shibboleth at Brown University James Cramton March 5, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.

Brown University Shibboleth at Brown University James Cramton March 5, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.
NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.

NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.

Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.

Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb

InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb

Similar presentations

Ads by Google