Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 eAuthentication in Higher Education Tim Bornholtz Session #47."— Presentation transcript:

1 1 eAuthentication in Higher Education Tim Bornholtz Session #47

2 2 What is the problem? We all have different passwords to many different systems. We should be able to log in once and use those credentials as we move from site to site. Must be able to securely pass credentials without compromising passwords.

3 3 Transitive Property of Equality If a = b and b = c, then a = c Note: This is a property of equality and inequalities. One must be cautious, however, when attempting to develop arguments using the transitive property in other settings.

4 4 Mathematics and Trust A trusts B and B trusts C. Does this mean that A will trust C? These trust relationships can only go so far. We probably would not trust a friend of a friend of a friend of a friend. There are not indefinite levels of trust. The boundaries of your trust make up the Federation.

5 5 Federations A Federation is a group of organizations that have agreed to trust each other. All members of the Federation trust all other members within the Federation. Separate agreements with each and every member not necessary.

6 6 Rules of a Federation Members agree to abide by rules of the Federation. Each Federation has some sort of “steering committee” that decides on the rules: –Legal rules – who can participate and what can they do within the Federation. –Technical rules – technical infrastructure and specifications necessary to communicate with other Federation members.

7 7 So what is eAuthentication? eAuthentication is a Federation of US government agencies and private sector organizations. GSA is coordinating the Federation –Determined the legal policies required for joining the network. –Specified the technical requirements to participate.

8 8 How do Federations work? Security Assertion Markup Language (SAML). Security authentication statements are passed as XML from one provider to the next. Passwords are never sent across the wire. Assertions are signed with XML signatures and verified as valid participants within the Federation.

9 9 Some Current Federations Shibboleth based federations (InCommon) ‏ Federal Government (eAuthentication) ‏ Meteor

10 10 Shibboleth Shibboleth is an Open Source Web Single Sign On system Currently supports SAML 1.0 and 1.1 Shibboleth 2.0 in Open Beta –Supports SAML 2.0 –Interoperable with many other SAML 2.0 compliant products

11 11 InCommon A federation of higher education and research institutions in the U.S. Uses Shibboleth as its federating software. Membership continues to grow –Currently over 60 participants. –Serving over 1.3 million end users.

12 12 InCommon and eAuthentication December 2006 InCommon demonstrated federated access to National Institutes of Health (NIH), by two campuses GSA has reiterated that interfederated interoperability with InCommon is a high priority

13 13 Other Shibboleth Based Federations FEIDE – Norway –Educational sector in Norway. HAKA Federation – Finland –Identity federation of Finnish universities, polytechnics and research institutions SDSS – United Kingdom –Federation for managing access to UK academic online resources SWITCH – Switzerland –Eleven universities - more than 140,000 users –More than 80 resources - primarily in the field of e- learning

14 14 Federal Student Aid Shibboleth as a relying product was chosen by Federal Student Aid as the primary solution for E-Authentication. eCampus Based will be the first application to be E-Authentication enabled. Integrate E-Auth Solution (Shibboleth) into Federal Student Aid Security Architecture. Utilize Federal Student Aid Security Architecture TAM LDAP.

15 15 Federal Student Aid Status Received official sign off and acceptance testing report from GSA. Awaiting hardware at Perot VDC. Inter-System testing in progress. Go Live date scheduled for December 2007.

16 16 Meteor Network Meteor is an Open Source application that aggregates student financial aid. information from multiple sources Meteor 3.3 available for testing September 15. Production availability December 2007. –Technical enhancements to increase security and auditing. –Usability enhancements based on extensive customer feedback.

17 17 Meteor Technical Infrastructure Uses SAML assertions to convey authentication information. Assertion is signed with XML signatures. Each request is also signed with XML signatures. Uses central Index Providers to determine optimal locations of data. Data Providers access real-time backend systems for up to date information.

18 18 Implementation Roadmap How to join a federation. Define the business problem. –Make sure you understand the business problem you are solving. Get started with legal process as soon as possible. –May take up to 18 months for internal legal approval. Technology is not complicated.

19 19 Federation Concerns Policy determination and enforcement –Who makes the rules? How are they modified? Provider eligibility –What is the scope of the federation? Security and privacy –Technologies used. –Appropriate policies in place. Removal from the network –What are the legal and political ramifications?

20 20 Lessons Learned The policy work is much harder than the technical work. The legal staff at every member will need to review the policies. All members will need to be educated: –Why federations work –Why they are secure

21 21 Summary I appreciate your feedback and comments. I can be reached at: Name:Tim Bornholtz Phone: 540-446-8404 Email: tim@bornholtz.com Web: http://www.bornholtz.com

Download ppt "1 eAuthentication in Higher Education Tim Bornholtz Session #47."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.

Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.
Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.

Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.
U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.

U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.
Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.

The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.
EAuthentication in Higher Education Tim Bornholtz Session 58.

EAuthentication in Higher Education Tim Bornholtz Session 58.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
E-Authentication: The Need for Open-Standards in Implementing E-Government October 6, 2004 The E-Authentication Initiative.

E-Authentication: The Need for Open-Standards in Implementing E-Government October 6, 2004 The E-Authentication Initiative.
1 Conservation Transaction Plug-In (CTP) Tool Overview March 23 & 25, 2010 Tim Pilkowski State Conservation Agronomist Annapolis, MD USDA is an equal opportunity.

1 Conservation Transaction Plug-In (CTP) Tool Overview March 23 & 25, 2010 Tim Pilkowski State Conservation Agronomist Annapolis, MD USDA is an equal opportunity.

Similar presentations

Ads by Google