Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of schemas used for IdM community Setting up of identity provider Motonori Nakamura, National Institute of Informatics, Japan 2nd TEIN IAM Workshop.

Published byAshlyn Armstrong Modified over 8 years ago

Similar presentations

Presentation on theme: "Overview of schemas used for IdM community Setting up of identity provider Motonori Nakamura, National Institute of Informatics, Japan 2nd TEIN IAM Workshop."— Presentation transcript:

1 Overview of schemas used for IdM community Setting up of identity provider Motonori Nakamura, National Institute of Informatics, Japan 2nd TEIN IAM Workshop in Kuala Lumpur 1

2 2 SP IdP (Identity Provider) DS (Discovery Service) SP (Service Provider) SP (Service Provider) SAML (Attribute)

3 3 Name (abbreviation)Description OrganizationName (o) English name of the organization jaOrganizationName (jao)Japanese name of the organization OrganizationalUnit (ou)English name of a unit in the organization jaOrganizationalUnit (jaou)Japanese name of a unit in the organization eduPersonPrincipalName (eppn)Uniquely identifies an entity in GakuNin eduPersonTargetedIDA pseudonym of an entity in GakuNin eduPersonAffiliationStaff, Faculty, Student, Member eduPersonScopedAffiliationStaff, Faculty, Student, Member with scope eduPersonEntitlementQualification to use a specific application SurName (sn)Surname in English jaSurName (jasn)Surname in Japanese givenNameGiven name in English jaGivenNameGiven name in Japanese displayNameDisplayed name in English jaDisplayNameDisplayed name in Japanese mailE-mail address gakuninScopedPersonalUniqueCodeStudent or faculty, staff number with scope Attributes managed by an IdP Released attributes are different among SPs SP-A (2 attr.s required) eppn (mandatory) eduPersonAffiliation (optional) SP-B (1 attr. required) eduPersonAffiliation (mandatory) SP-C (2 attr.s required) eduPersonTargetedID (mandatory) eduPersonEntitlement eduPersonScopedAffiliation (one of them is mandatory)

4 4  Anonymous  Any identifier is not sent  Fit for e-Journals (a member (of a department) of the organization can access)  Autonymous  eduPersonPrincipalName is sent  Unique identifier shared by all SPs (globally unique)  Similar to e-mail address  Pseudonymous  eduPersonTargetedID is sent [hash(ePPN, entityID of SP)]  Persistent unique identifier to each SP  To avoid correlation of user activities among SPs

5 5 Name (abbreviation)Description OrganizationName (o) English name of the organization jaOrganizationName (jao)Japanese name of the organization OrganizationalUnit (ou)English name of a unit in the organization jaOrganizationalUnit (jaou)Japanese name of a unit in the organization eduPersonPrincipalName (eppn)Uniquely identifies an entity in GakuNin eduPersonTargetedIDA pseudonym of an entity in GakuNin eduPersonAffiliationStaff, Faculty, Student, Member eduPersonScopedAffiliationStaff, Faculty, Student, Member with scope eduPersonEntitlementQualification to use a specific application SurName (sn)Surname in English jaSurName (jasn)Surname in Japanese givenNameGiven name in English jaGivenNameGiven name in Japanese displayNameDisplayed name in English jaDisplayNameDisplayed name in Japanese mailE-mail address gakuninScopedPersonalUniqueCodeStudent or faculty, staff number with scope Not much used Static Not much used Generated from ID From LDAP tree Not so difficult to map the Shib Attr and LDAP Not so difficult to map the Shib Attr and LDAP urn:mace:dir:entitlement:common-lib-terms

6  https://www.gakunin.jp/en-participants/ https://www.gakunin.jp/en-participants/ 6

7  http://www.ukfederation.org.uk/content/Docu ments/AttributeUsage http://www.ukfederation.org.uk/content/Docu ments/AttributeUsage 7

8 8  To send out requested attributes  There are other related topics  Attribute release user consent mechanism (uApprove)  https://www.switch.ch/aai/support/tools/uApprove.html https://www.switch.ch/aai/support/tools/uApprove.html  https://meatwiki.nii.ac.jp/confluence/pages/viewpage.action ?pageId=13501031 (uApproveJP) https://meatwiki.nii.ac.jp/confluence/pages/viewpage.action ?pageId=13501031  Shibboleth 3.0 will have user consent feature.  Automatic attribute-filter generation cooperated with GakuNin Registration System  https://meatwiki.nii.ac.jp/confluence/pages/viewpage.action ?pageId=14647811 (In Japanese only, sorry) https://meatwiki.nii.ac.jp/confluence/pages/viewpage.action ?pageId=14647811

9 9

10  Users can choose optional attributes to be released.  Users can also select future action. Mandatory attributes Optional attributes Agree to release for all SPs in the future Agree to release for this SP in the future Need to confirmation again for next access even to the same SP √ √ √

Download ppt "Overview of schemas used for IdM community Setting up of identity provider Motonori Nakamura, National Institute of Informatics, Japan 2nd TEIN IAM Workshop."

Similar presentations

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
Update of Japanese Academic Access Management Federation GakuNin in 2011 Nakamura, M, Yamaji, K.

Update of Japanese Academic Access Management Federation GakuNin in 2011 Nakamura, M, Yamaji, K.
Federated Identity, Shibboleth, and InCommon Tom Barton University of Chicago © 2009 The University of Chicago.

Federated Identity, Shibboleth, and InCommon Tom Barton University of Chicago © 2009 The University of Chicago.
Introduction to Identity Management Federation Kazu Yamaji, National Institute of Informatics, Japan.

Introduction to Identity Management Federation Kazu Yamaji, National Institute of Informatics, Japan.
Intra-campus Web SSO Management Topics for Deployed Campuses Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007.

Intra-campus Web SSO Management Topics for Deployed Campuses Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
TERENA TF-EMC2 15 feb 2011 Dyonisius Visser

TERENA TF-EMC2 15 feb 2011 Dyonisius Visser
TERENA EUROCamp 2010 Dyonisius Visser

TERENA EUROCamp 2010 Dyonisius Visser
Development and Implementation of Multifactor Authentication Motonori Nakamura at National Institute of Informatics and Takuya Matsuhira at Kanazawa University,

Development and Implementation of Multifactor Authentication Motonori Nakamura at National Institute of Informatics and Takuya Matsuhira at Kanazawa University,
Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.

Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.
REFEDS RESEARCH AND EDUCATION (R&S) ENTITY CATEGORY NICOLE HARRIS.

REFEDS RESEARCH AND EDUCATION (R&S) ENTITY CATEGORY NICOLE HARRIS.
University of Chicago University of Illinois Indiana University University of Iowa University of Maryland University of Michigan Michigan State University.

University of Chicago University of Illinois Indiana University University of Iowa University of Maryland University of Michigan Michigan State University.
Enabling Cloud Services & Federated Authentication UPN & Email Infrastructure Changes Chris Pruess ITS AIS Directory & Authentication Services.

Enabling Cloud Services & Federated Authentication UPN & Infrastructure Changes Chris Pruess ITS AIS Directory & Authentication Services.
Creating a Single Sign On Account. To create a Single Sign On ID please visit https://IMPACT.illinois.gov and select the option to create a new account.

Creating a Single Sign On Account. To create a Single Sign On ID please visit and select the option to create a new account.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
AAI with simpleSAMLphp

AAI with simpleSAMLphp
© Australian Access Federation Inc. P RIVACY AND T HE A USTRALIAN A CCESS F EDERATION Presented by: Terry Smith 1 st June 2010 Supported by the Australian.

© Australian Access Federation Inc. P RIVACY AND T HE A USTRALIAN A CCESS F EDERATION Presented by: Terry Smith 1 st June 2010 Supported by the Australian.
EduGAIN Code of Conduct Workshop, 2012-02-09, Brussels GEANT eduGAIN Data Protection Code of Conduct Workshop Dieter Van Uytvanck

EduGAIN Code of Conduct Workshop, , Brussels GEANT eduGAIN Data Protection "Code of Conduct" Workshop Dieter Van Uytvanck

Similar presentations

Ads by Google