Intra-campus Web SSO Management Topics for Deployed Campuses Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007.

Slides:



Advertisements
Similar presentations
Lousy Introduction into SWITCHaai
Advertisements

Brown University Shibboleth at Brown University James Cramton April 2, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.
The Changing Role of the Technologist as Higher Ed Embraces the Cloud Michele Decker, University of Notre Dame Jacob Farmer, Indiana University Derek D.
Representatives Jon Brickman, Chief Commercial Officer Scott Wymer, Chief Technology Officer L. K. Williams, President.
Spring 2012 Internet2 Member Meeting April 25, 2012 Russell Beall, University of Southern California Brendan Bellina, University of Southern California.
US E-authentication and the Culture of Compliance RL “Bob” Morgan University of Washington CAMP, June 2005.
ARCHER’s Security Requirements within the AAF. 2 Research Repository Requirements (relevant to AAF) Identity Management provided by the Federation  Single-sign-on.
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
Brown University Shibboleth at Brown University James Cramton May 28, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Brown University Shibboleth at Brown University James Cramton March 5, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.
NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.
To Authentication and Beyond An update on C&C’s authentication-related middleware services UW Computing Support Staff Meeting December 16, 2004
The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
Shibboleth Case Studies: Shibboleth as the Campus Web SSO Albert Wu, UCLA Datta Mahabalagiri, UCLA.
(Rev 1/11) UW System Identity and Access Management (IAM) Current Status and Roadmap Tom Jordan, IAM-TAG Chair Ty Letto, IAM Support Team Manager January,
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.
SWITCHaai Team Federated Identity Management.
A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s.
INSERT GRAPHIC SQUARE HERE World Wide Web EPC Network DNS Authoritative system that routes requests for Web sites and ONS Authoritative record of.
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
ADFS in the U.T. System U.S. Federations Call - May 18, 2011 Paul Caskey System-wide Information Services.
IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.
COMPDIRS NATHAN DORS APRIL 16, AGENDA  IAM – who we are, what we do  HRP Modernization & Workday  What’s new in IAM?  Identity.UW soft.
Shibboleth as Attribute Delivery for Authorization Renee Shuey Penn State University June 27, 2006.
The I-Trust Federation: Federating the University of Illinois Keith Wessel Identity Management Service Manager University of Illinois at Urbana-Champaign.
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
Internet2 CAMP Shibboleth Scott Cantor (Hey, that’s my EPPN too.) Tom Dopirak Scott Cantor (Hey, that’s my.
Shibboleth at the U of M Christopher A. Bongaarts code-people June 2, 2011.
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.
Shibboleth for Local Attribute Delivery 21 June 2007.
Outsourcing Student at USC Institute for Computer Policy and Law Cornell University, August 2008 Asbed Bedrossian Director of Enterprise Applications.
Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for ISIS Developers January 30, 2007.
GridShib: Campus/Grid RBAC Integration Penn State Grid Computing Workshop August 5th, 2005 Von Welch
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Federated Identity Graduates Nate Klingenstein Internet2 APAN 27 高雄台湾, March 3, 2009.
SIMPLIFYING THE CLOUD – the case for federation Dr. Terry Gray Assoc VP, Technology Strategy University.
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
The UK Access Management Federation John Chapman Project Adviser – Becta.
Haka federation status  24 institutions and IdPs end users 96% coverage in universities, 41% in polytechnics  41 services Elearning Libraries.
AUSTRALIAN ACCESS FEDERATION. Who we are Shared service for R&E Provide the trusted authentication framework for:  Universities  Education  Research.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Brown University Leveraging Social Identities Steve Carmody CSG, May 15, 2013.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.
E-Authentication briefing for 11th Fed/Ed PKI Meeting Thursday June 16th, 2005.
IAM VISION OUR CREATIVE INSPIRATION IAM STRATEGY & ROADMAP TEAM JUNE 3, 2015.
The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop.
Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
David Millman—Columbia January 2005
WLCG Update Hannah Short, CERN Computer Security.
Federated Identity Management at Virginia Tech
Shibboleth Roadmap
Shibboleth Integration Fairfield University
John O’Keefe Director of Academic Technology & Network Services
Your Key to Privacy, Security, and Access to Services
ESA Single Sign On (SSO) and Federated Identity Management
Shibboleth as Attribute Delivery for Authorization
Open Source Web Initial Sign-On Packages
TeraGrid Identity Federation Testbed Update I2MM April 25, 2007
Presentation transcript:

Intra-campus Web SSO Management Topics for Deployed Campuses Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007

Topics Background Governance Business Policies Business Practices Central SP Strategy Departmental SP Strategy

Background Legacy intra-campus Web SSO service –Pubcookie 3.3.2d; two login flavors –Uses UW NetID, Kerberos, SecurID services –Over 1,000 registered legacy service providers UW Shibboleth Identity Provider system –Production deployment in 2005 –Over 20 Central / Departmental Shibboleth service providers –Current InCommon member –InCommon SP sponsor (ProtectNetwork, Cdigix, Refworks)

Yesterday’s Scores Stage 1 Scores from Self-Assessment Checklist –Policy Steps, 1/7 (14%) –Business Practices 5/6 (83%)

Web SSO Governance Questions raised by self-assessment –Who governs the Web SSO service? –Who governs other authentication services? –Who governs application integration? –Who governs UW NetID credential? –And what specifically do they govern?

Web SSO Governance Privacy and Security Terms of Use Obligations Liabilities Records Retention & Access What apps must use the service Capabilities (e.g. 2- factor, reauth, logout) Policies (e.g. 8hr SSO duration) Usability Application design

UW Shib IdP Business Policies CA trust policy: UW CA, InCommon CA Default ARP for *.washington.edu –eduPersonAffiliation –eduPersonPrincipalName –eduPersonScopedAffiliation UW DNS name contacts can register new SPs

UW Shib IdP Business Practices Self-service registration for UW DNS name contacts –Pre-approved status for Central system admins –But SP lifecycles currently unmanaged Allow use on central web-hosting environments –e.g. faculty.washington.edu, staff.washington.edu, students.washington.edu? “Quarter of interest” changes 1st Thursday before quarter start

Central Service Provider Strategy No strategy, just highly responsive tactics with partners Central/Partner successes –DRAM, CreateHope, WebAssign, Cdigix, E-academy.com, Confluence, iTunesU (Fall ‘07) Innovation and Discovery –UW NetID sign-up: Cascadia CC, SCCA –NSF Fastlane inter-federation interop work –Shib interop with Microsoft CardSpace –Google Apps (vs Microsoft Windows Live)

Departmental Service Provider Strategy Create a Web SSO service roadmap –Legacy vs Shibboleth vs Windows Authentication Create local deploy, migrate guides –Extract knowledge from local Shib team –Set install bar: system admins should be able to install/activate SP in under 1.75 hours Offer Install Fest(s) thru UW Computer Training –For Customer Support staff –For SP “frequent flyers” –For interested admins… seed a community. And trust that Attribute Delivery is the carrot

End (Klara … you’re up.)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.