Presentation is loading. Please wait.

Presentation is loading. Please wait.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

Published byEugenia Ford Modified over 8 years ago

Similar presentations

Presentation on theme: "Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting."— Presentation transcript:

1 Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting Anchorage, Alaska

2 Challenge Many valuable online information resources, But managing access is increasingly unwieldy: Too many accounts...too many passwords... Too many support requests

3 Access Without Federation Everyone has many accounts Access based on location Every information provider has to manage many accounts Adding new users or new information resources takes a lot of work (many places to update)

4 Access With Federation User has a single login; home provides login and users’ roles Resource providers need not manage/support user accounts Access based on users’ roles instead of account or location New users and new resources integrated quickly (only one Place to update)

5 What’s the Magic? Without federation, access is based on many:many trust relations (resources:users) Unsustainable to manage and support as number of users and number of resources increase In a federation, the resources and users’ home institutions establish trust via their trust in the federation Each new resource, home, or user requires only a single additional trust relation: user-home for new user; home-federation for a new home; or resource- federation for new resource

6 How Federation Works 1 Each resource or information provider establishes trust with the federation A one-time event, with a single external entity

7 How Federation Works 2 Each school or other institution with users establishes trust with the federation A one-time event, with a single external entity

8 How Federation Works 3 Each user has one home institution That’s the one login that user needs

9

10 Benefits for Resources Reduce or even eliminate the burden of managing user accounts and passwords Determine what users can access or do based on the users’ home institution assertion of roles (e.g., HS Biology Instructor or Honors English Student) Quickly deploy new resources to federation members (no elaborate provisioning)

11 Benefits for Schools No need to provision accounts (or revoke them) at every resource Enable appropriate access to resources by changing role or other attribute to accurately reflect status Provide access to more resources via the federation than could provide by negotiating for each

12 Benefits for students / users Keep track of just a single username and password for access to all federation resources Reduced threat of identity theft because passwords are not shared with information providers (login at home institution only) Increase privacy: resources receive only the data they need to provide appropriate access; may not even include name. Supports Single Sign-On: login once for access to multiple resources

13 Demonstration: Single Sign-On in Federation Model is higher education federation InCommon Provides SSO access with UA credentials to multiple services Services hosted both at UA and elsewhere Simple uniform experience gaining access to multiple resources while protecting personal info

14

15

16

17

18

19

20

21

22

23 How To Establish agreements defining what federation members do to establish trust relations and operate federation Federation operation is essentially a repository of certificates (like the certificates used for secure web browsing) for every member Agree to utilize common open technologies for exchanging identity information (e.g., SAML protocol) Modest budget for federation operation and technical support to resources and schools to use it

Download ppt "Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.

Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Single Sign-On 1. What is Single Sign-On? 2 The Florida Department of Education (FLDOE) Single Sign-On (SSO) provides a simpler way for educators to access.

Single Sign-On 1. What is Single Sign-On? 2 The Florida Department of Education (FLDOE) Single Sign-On (SSO) provides a simpler way for educators to access.
Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.

Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
The InCommon Federation The U.S. Access and Identity Management Federation www.incommon.org.

The InCommon Federation The U.S. Access and Identity Management Federation

Similar presentations

Ads by Google