Open Source Web Initial Sign-On Packages

Slides:



Advertisements
Similar presentations
MyProxy Jim Basney Senior Research Scientist NCSA
Advertisements

CUMREC, 2004 Copyright: Ian Taylor, Rupert Berk, Heidi Berrysmith; This work is the intellectual property of the authors. Permission is granted for.
Experiences in Middleware Deployment: Teach a man to fish… Mary Fran Yafchak NMI Integration Testbed Manager SURA IT Program Coordinator.
WebISO PanelEducause SAC Implementing Single Sign On Technologies for Campus Portals Panel Nathan Dors, Project Lead Security/Middleware Unit Univ.
How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.
Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Multi-Organizational Authorization Services RL “Bob” Morgan, University of Washington Internet2/Educause Advanced CAMP Boulder, Colorado July 2003.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
Intra-campus Web SSO Management Topics for Deployed Campuses Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.
JA-SIG CAS Enterprise Single Sign-On Scott Battaglia Application Developer Enterprise Systems & Services Rutgers, the State University of New Jersey Copyright.
Identity Management: The Legacy and Real Solutions Project Overview.
WebISO Survey of Technologies & Requirements Nathan Dors University of Washington CAMP, June 4-6, 2003 Copyright 2003 Nathan Dors. This work is the intellectual.
Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, This work is the intellectual.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, This work is the intellectual property of the.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.
Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.
Discussion Panelists: Justin C. Klein Keane Sr. Information Security Specialist University of Pennsylvania Jonathan Hanny Application Security Specialist.
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
High-quality Internet for higher education and research do you like to puzzle, build an AAI ! xxx AA systems 2nd EuroCAMP - Porto November 8, 2005
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Shibboleth for Real Dave Kennedy
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Shibboleth: An Introduction
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 NMI R3 Enterprise Directory Components.
Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.
January 9, 2002 Internet2 WebISO Project RL "Bob" Morgan, University of Washington.
SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.
Digital Diversity: Multi- institutional Access to Distributed Course Resources Barry Ribbeck UT HSC - Houston.
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
Portals and Web Standards Lessons Learned and Applied David Cook Copyright The University of Texas at Austin This work is the.
WebISO PanelEducause SAC Implementing Single Sign On Technologies for Campus Portals Panel Nathan Dors, Project Lead Security/Middleware Unit Univ.
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
NSF Middleware Initiative and Enterprise Middleware: What Can It Do for My Campus? Renee Woodten Frost Internet2/University of Michigan.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
WebISO, Single Sign-On & Authorization General Overview Shelley Henderson Project Manager, Grid Software USC Information Services Copyright.
Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
NSF Middleware Initiative and Enterprise Middleware: What Can It Do for My Campus? Mark Luker, EDUCAUSE Copyright Mark Luker, This work is the intellectual.
University of Southern California Identity and Access Management (IAM)
Federated Identity Management at Virginia Tech
CAS and Web Single Sign-on at UConn
Data and Applications Security Developments and Directions
John O’Keefe Director of Academic Technology & Network Services
Identity and Access Management:
Federating with NIH, NSF, and the National Student Clearinghouse
Federated Identity to Support Collaboration in the CIC
Copyright Notice Copyright Bob Bailey This work is the intellectual property of the author. Permission is granted for this material to be shared.
University of Southern California Identity and Access Management (IAM)
Privilege Management: the Big Picture
Project for OnLine Instructional Support (POLIS)
Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
NSF Middleware Initiative: GridShib
myIS.neu.edu – presentation screen shots accompany:
Signet Privilege Management
An App A Day Copyright Tina Oestreich and Brian Yuhnke This work is the intellectual property of the author. Permission is granted for this material.
Shibboleth Deployment Overview
JAAS AuthN Tokens in uPortal and Beyond
Signet Privilege Management
Presentation transcript:

Open Source Web Initial Sign-On Packages Enterprise Authentication CAMP, San Diego, 18 Nov 2004 Copyright University of Washington 2004. This work is the intellectual property of the University of Washington and the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Open Source Web Initial Sign-On Packages Enterprise Authentication CAMP, San Diego, 18 Nov 2004 Panelists: Robert Banz, Middleware Architect, UMBC Nathan Dors, Project Lead, U Wash (Moderator) Keith Hazelton, Senior IT Architect, U Wisc Kevin McGowan, Senior Technologist, U Mich

Topics What is WebISO? Open Source WebISO software Keith: Leading a WebISO planning process Kevin: Michigan/Cosign perspective Robert: UMBC’s legacy WebISO perspective WebISO futures Q & A 12/7/2018 3

Provocative questions What is the future of open source WebISOs? What is the LoA of WebISO-based authentication claims/assertions? When will the WebISO Weebles finally fall down? 12/7/2018 4

Topics What is WebISO? Open Source WebISO software Keith: Leading a WebISO planning process Kevin: Michigan/Cosign perspective Robert: UMBC’s legacy WebISO perspective WebISO futures Q & A 12/7/2018 5

What is WebISO? What are the essential functions of WebISO within the context of Identity Management? What are the technology and policy drivers for implementing a WebISO solution? What are the prerequisites for deploying a WebISO solution? 12/7/2018 6

WebISO’s essential functions Authenticate: “authenticate people … seeking access to a [web-based] service or resource” Authenticate: “to check [web-based] identity claims” Deliver: “to issue [web-based] identity claims” 12/7/2018 7

Drivers Protect the identity credential Normalize web-based authentication Reduce costs Increase productivity Improve security Reduce audit and compliance risks 12/7/2018 8

Prerequisites IdMS: you need to know who your users are Authentication Service: you need to credential your users Weeble: you need to balance your initial requirements with your broader objectives 12/7/2018 9

Weblogin examples 12/7/2018 10

Univ of Chicago 12/7/2018 11

Duke University 12/7/2018 12

Penn State University 12/7/2018 13

Univ of Kansas 12/7/2018 14

Univ of Michigan 12/7/2018 15

Ohio State University 12/7/2018 16

UCLA 12/7/2018 17

Univ of Southern California 12/7/2018 18

Univ of Washington 12/7/2018 19

Univ of Washington (w/ SecurID) 12/7/2018 20

Cornell University 12/7/2018 21

Yale University 12/7/2018 22

Vanderbilt University 12/7/2018 23

Worcester Polytechnic Institute 12/7/2018 24

Carnegie Mellon University 12/7/2018 25

Common WebISO service model Architecture Authentication service Login “weblogin” service (authenticate, deliver) Service providers Browser-binding messaging protocol Message format Security model 12/7/2018 26

Application integration models Container-based (declarative) REMOTE_USER API (programmatic) 12/7/2018 27

Topics What is WebISO? Open Source WebISO software Keith: Leading a WebISO planning process Kevin: Michigan/Cosign perspective Robert: UMBC’s legacy WebISO perspective WebISO futures Q & A 12/7/2018 28

Open Source WebISOs Yale/CAS Cosign Pubcookie A-Select Shibboleth? 12/7/2018 29

Central Authentication Service From Yale University Open source license Version 3.0 on its way Strengths Lots of campus deployments Good uPortal ties Proxiable CAS tickets for 3-tier scenarios www.yale.edu/tp/auth 12/7/2018 30

Cosign From Univ of Michigan Open source license NMI component Strengths Kerberos integration and delegation Distributed session management www.weblogin.org 12/7/2018 31

Pubcookie Core contributors Open source license NMI component Univ of Washington Carnegie Mellon Univ Univ of Wisconsin Open source license NMI component Version 3.2 coming soon 12/7/2018 32

Pubcookie… Strengths www.pubcookie.org Lots of campus deployments Kerberos 5 and LDAP integration Simple app-integration model www.pubcookie.org 12/7/2018 33

A-Select SURFnet maintained Open source license NMI component Strengths: AuthN plug-ins Good hmmm factor a-select.surfnet.nl 12/7/2018 34

Shibboleth as WebISO Open source license Strengths: Standard SAML tokens, protocol Attribute exchange & privacy mechanisms Simple app-integration model Drawbacks as WebISO “weblogin” feature gap SP software installation & configuration complexity 12/7/2018 35

Topics What is WebISO? Open Source WebISO software Keith: Leading a WebISO planning process Kevin: Michigan/Cosign perspective Robert: UMBC’s legacy WebISO perspective WebISO futures Q & A 12/7/2018 36

UW-Madison WebISO Where does WebISO fit in campus IT strategy? Planning process: participants and stakeholders What policy issues were confronted? Must-have technical requirements and desirable feature Lessons learned See WebISO Selection and Rqmts docs at: http://arch.doit.wisc.edu/keith/camp 12/7/2018 37

Topics What is WebISO? Open Source WebISO software Keith: Leading a WebISO planning process Kevin: Michigan/Cosign perspective Robert: UMBC’s legacy WebISO perspective WebISO futures Q & A 12/7/2018 38

Michigan/Cosign perspective Brief history of Cosign at Michigan Use statistics History as open source WebISO Unique requirements, unique features Cosign’s distributed session management and experiences with “global” logout 12/7/2018 39

Topics What is WebISO? Open Source WebISO software Keith: Leading a WebISO planning process Kevin: Michigan/Cosign perspective Robert: UMBC’s legacy WebISO perspective WebISO futures Q & A 12/7/2018 40

UMBC/Webauth perspective The homemade-WebISO perspective History Use statistics Ongoing development costs Unique requirements, unique features 12/7/2018 41

Topics What is WebISO? Open Source WebISO software Keith: Leading a WebISO planning process Kevin: Michigan/Cosign perspective Robert: UMBC’s legacy WebISO perspective WebISO futures Q & A 12/7/2018 42

Futures Multiple authentication methods working in unison, e.g. End-user client certificates with failover to WebISO HTTP/SPNEGO with failover to WebISO Shibboleth Shib may get weblogin features WebISO may move to SAML 12/7/2018 43

Topics What is WebISO? Open Source WebISO software Keith: Leading a WebISO planning process Kevin: Michigan/Cosign perspective Robert: UMBC’s legacy WebISO perspective WebISO futures Q & A 12/7/2018 44

Q&A Who operates your local WebISO infra? Who can use your local WebISO? What’s the policy about not using WebISO? Who supports app developers and deployers? What is your SSO duration? What’s logged and how is it used? Who owns the “weblogin” page design/usability? What end-user education supports your WebISO? How do you handle data and authZ services? 12/7/2018 45

The End

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.