The FederID project The First Identity Management and Federation Free Software.

Slides:



Advertisements
Similar presentations
Secure Single Sign-On Across Security Domains
Advertisements

MyProxy Jim Basney Senior Research Scientist NCSA
ESUP-Portail: a pure WebDAV-based Network attached Storage Pierre Gambarotto Pascal Aubry.
Identity Network Ideals – Heterogeneity & Co-existence
Access management: challenges and approaches James Dalziel Adjunct Professor and Director Macquarie E-learning Centre of Excellence
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Peter Deutsch Director, I&IT Systems July 12, 2005
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Understanding Active Directory
SharePoint Design Tools Office Applications.
T Next Generation Cellular Networks/ /YR Mobile Web Services T Next Generation Cellular Networks Yrjö Raivio 28916V.
AAI with simpleSAMLphp
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.
Identity Management Report By Jean Carreon and Marlon Gonzales.
Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.
Michael Ghens Information Systems Specialist Santa Barbara City College.
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
Shibboleth 2.0 IdP Training: Authentication January, 2009.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Module 11: Securing a Microsoft ASP.NET Web Application.
Shibboleth at Columbia Update David Millman R&D July ’05
Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.
Shibboleth: An Introduction
Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.
1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.
February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.
Web Services Security Patterns Alex Mackman CM Group Ltd
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
(ITI310) By Eng. BASSEM ALSAID SESSIONS 10: Internet Information Services (IIS)
Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.
CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
The LemonLDAP::NG project
Clément OUDOT. 2 Table of contents ● LINAGORA Group ● A question of Identity ● Liberty Alliance ● The FederID architecture ● Advanced use of LDAP ● Conclusion.
Alain Bethuyne Web Security Architect BNPParibas Fortis
Access Policy - Federation March 23, 2016
Secure Single Sign-On Across Security Domains
Using Your Own Authentication System with ArcGIS Online
Federation made simple
Shibboleth Integration Fairfield University
HMA Identity Management Status
Data and Applications Security Developments and Directions
Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Sébastien BAHLOUL LINAGORA 5 April 2006 – ObjectWeb Meeting - Grenoble
ESA Single Sign On (SSO) and Federated Identity Management
Matthew Levy Azure AD B2B vs B2C Matthew Levy
Community AAI with Check-In
Shibboleth 2.0 IdP Training: Introduction
Presentation transcript:

The FederID project The First Identity Management and Federation Free Software

Page  2 Table of contents  A question of Identity  Liberty Alliance  The FederID architecture  Demo (hope it works)

Page  3 A question of Identity  A digital entity is a set of attributes describing an entity  A subset named credentials are used for authentication  An entity (a user) can own many identities  Each identity has roles and rights within an application (service provider)

Page  4 A question of Identity  Services provider manage the identities : -For a service provider : 1 user = 1 identity -For an user : 1 service = 1 identity

Page  5 A question of Identity  We need Identity Management ! -Referential of identities (LDAP Directory) -Provisioning services -Access control on data (LDAP ACLs) -Access control on applications (SSO rules)  We need Identity Federation ! -Keep different identities for private life purpose -Federate accounts to benefits from other services

Page  6 Federation standards  Parallel standards: -Liberty Alliance : ID-FF, ID-WSF, ID-SIS -Shibboleth (Internet2) -WS-* (Microsoft) -SAML (OASIS) -OpenID (the newcomer)  Standards convergence: -Shibboleth and Liberty Alliance will share a common standard: SAML 2.0

Page  7 Liberty Alliance  Grounded in 2001 by SUN and 13 others partners  More than 150 members  Goals: -Open Federation Standard -Respect of private life in numeric space  3 frameworks: -ID-FF (Federation Framework) [now SAML 2.0]: SSO, SLO,... -ID-WSF (Web Services Framework): attributes sharing,... -ID-SIS (Service Interface Specifications): services interactions,...

Page  8 Liberty Alliance consortium members

Page  9 A simple Liberty Alliance Circle of Trust (CoT) Service Provider Identity Provider Service Provider Attributes Provider

Page  10 Identity federation workflow

Page  11 More than one circle of trust

Page  12 FederID components  The developments done for FederID are all under free software licenses and published on projects forges, mainly hosted by OW2 consortium.  FederID, it is also the integration of existing free software, known for their functional wealth and improved security: -Lasso: library for Liberty Alliance, SAML2 and ID-WSF2 protocols. -Authentic: identity provider based on Lasso, complying with SAML2 and Liberty Alliance ID-WSF LemonLDAP::NG: web application firewall with graphical management console and LDAP based authorization, using SAML2 authentication. -InterLDAP: identity management, provisioning, web service attributes sharing. = +++

Page  13 Sample architecture LDAP Director y Circl e ofTrust Authenti c Identity Provider Content Management [WUI] Attribut e Provider [LAAP] SSO & Authorization s Service Provider Standard Web application Standard Web application

Page  14 FederID Identity Provider  Authentic : -Liberty Alliance identity provider -Authentication of users against an LDAP server, a database or simple flat text files -Forcing LDAP authentication within FederID -Capable of forwarding LDAP attributes into SAML responses

Page  15 FederID WebSSO  LemonLDAP::NG: -WebSSO product based on Apache Perl Handler technology. -Offering three modules : -Handler: protect the application -Portal: where the user is redirected when not authenticated -Manager: graphical interface enabling the configuration of LemonLDAP::NG.

Page  16 Standard SSO infrastructure

Page  17 SSO in the federation world Agent (Handler) Session s LDAP Login Password Assertion Consumer Identity Provider SSO & Authorizations Standard Web Application

Page  18 Attributes Sharing over Web Services LAAP Attributes Provider LDAP Directory Service Provider (Attributes Consumer) Identity Provider

Page  19 FederID Directory Content Management  InterLDAP-WUI: -Content Management System for an LDAP directory -Enriched schema designing the interface “on the fly” -Authorization back-end -Delegation is enabled by setting trees and groups properties for each part of the Directory Information Tree

Page  20 LDAP content management system

Join us! freenode

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.