Presentation is loading. Please wait.

Presentation is loading. Please wait.

OOI-CI–Ragouzis–2007.10.15 Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop 17-19 October 2007.

Similar presentations


Presentation on theme: "OOI-CI–Ragouzis–2007.10.15 Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop 17-19 October 2007."— Presentation transcript:

1 OOI-CI–Ragouzis– Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop October 2007

2 OOI-CI–Ragouzis– Core Interaction Patterns of an Identity Federation Framework OASIS SAMLv2.0 Liberty Alliance ID-WSF2.0

3 OOI-CI–Ragouzis– Core Interaction Patterns of an Identity Federation Framework Explore general interaction aspects Using Interactions to integrate an architecture –By example

4 OOI-CI–Ragouzis– OASIS SAML v2.0

5 OOI-CI–Ragouzis– OASIS SAML v2.0

6 OOI-CI–Ragouzis– COI-Core Connectivities –Data Network Messages from & about interactions –Control Network Realizes interactions for Observations –Process Network Plays and constrains interactions to plan

7 OOI-CI–Ragouzis– Interaction: Messages of Authn The Message “Object” Evolution of semantic richness

8 OOI-CI–Ragouzis– Interaction: Exchanges of Authn The art of the coddle: –Bootstrapping –Referrals –Proxy –Hiding

9 OOI-CI–Ragouzis– Identity Federation Framework Identity-enabled … Privacy-respecting … Regulatory/Governance-tractable … Composable … Domain-cognizant … Dynamically-configurable … Resource-aware … Deployment-time extensible … Process-instantiating … Network services … Framework

10 OOI-CI–Ragouzis– Key Characteristics Identity as organizing principle Subject identification +[transient | persistent, opaque] Sharing identifiers across trust domains Confirming rights to authenticate Authentication context Discovery Interaction Attributed as first class objects Privacy preferences, and policies General application-level services framework Extensible metadata for description & verification

11 OOI-CI–Ragouzis– Liberty ID-WSF v2.0

12 OOI-CI–Ragouzis– OASIS SAML v2.0 Stylized from:

13 OOI-CI–Ragouzis– Subject Subject’s Identifier | implied SubjectConfirmation –Who are you to talk to me about this subject? … now? –You know what I want to hear –Encryption options Extensible The Subject SAML v2.0 context: assertion

14 OOI-CI–Ragouzis– Name Identifiers Abstract and Concrete types –Extend your own Pair-wise semantics –Peering-mechanics Extensible Typing (Format) Privacy-preserving –EncryptedID –Pseudonyms The Principal SAML v2.0

15 OOI-CI–Ragouzis– SAML v2.0 Assertions Statements From SAML authority About the Subject (or application-implied Subject(s)) And other coordination (conditions, advice, encrypt) Extensible Kinds of Statements from SAMLAuthority about Subject: –Authentication Statement –Attribute Statement –Authorization Decision Statement –Statement (Extension point) SAML v2.0

16 OOI-CI–Ragouzis– Authentication Context Context Class or Specific Context Declarations Data Model: –Identification –Technical Protection –Operational Protection –Authentication Method –Governing Agreements Authentication Contexts, before your extensions: –IP, IP password, Kerberos, time sync token, XML Signature, X.509 –mobile [one|two]-factor [contract|unregistered] –[authenticated] telephony, nomadic telephony, personal telephony –password-protected transport, SSL certificate, [secure remote] password –previous session, PGP, software PKI, SPKI, smartcard [PKI] SAML v2.0

17 OOI-CI–Ragouzis– SAML v2.0 Protocols* Statements From SAML authority About the Subject (or application-implied Subject(s)) And other coordination (conditions, advice, encrypt) Extensible Kinds of Statements from SAMLAuthority about Subject: –Authentication Statement –Attribute Statement –Authorization Decision Statement –Statement (Extension point) SAML v2.0 * and Bindings, and Profiles

18 OOI-CI–Ragouzis– OASIS SAML v2.0

19 OOI-CI–Ragouzis– OASIS SAML v2.0

20 OOI-CI–Ragouzis– Liberty ID-WSF v2.0

21 OOI-CI–Ragouzis– Modern Authentication Architectures General interaction architectures Decorated for identity Attractive for specialization At level of message exchange, and At level of message object

22 OOI-CI–Ragouzis– Core Interaction Patterns of an Identity Federation Framework Explore general interaction aspects Using Interactions to integrate an architecture –By example


Download ppt "OOI-CI–Ragouzis–2007.10.15 Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop 17-19 October 2007."

Similar presentations


Ads by Google