Shibboleth and uApprove at University of Michigan Luke Tracy – Ken Hammer –

Slides:



Advertisements
Similar presentations
Lousy Introduction into SWITCHaai
Advertisements

Shibbolising UK Census and ESDS services Lucy Bell Associate Director, Head of Information Systems and Preservation, UKDA 26 May 2005.
Business Development Suit Presented by Thomas Mathews.
AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013
iRequestManager for MediMizer X3
Lesson 17: Configuring Security Policies
User Management DigiTool Version 3.0. User Management 2 User Architecture PatronsStaff Users DepositorsApprovers Meditor User Management Management Module.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Alan Dekok, CTO Terena June 2 Why Identity Management is hard.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.
Internet Banking Standard and Standard-Hybrid Registration Intuit Financial Services University Internet Banking Certification Training.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Microsoft ® Official Course Module 9 Configuring Applications.
This presentation will guide you though the initial stages of installation, through to producing your first report Click your mouse to advance the presentation.
SWITCHaai Team Federated Identity Management.
AAI with simpleSAMLphp
© Australian Access Federation Inc. P RIVACY AND T HE A USTRALIAN A CCESS F EDERATION Presented by: Terry Smith 1 st June 2010 Supported by the Australian.
MaxExchange Install and Configuration. Background Information  Major changes to MaxExchange for SQL versions:  Switch to SQL Server Express database.
Attribute Resolution. 2 © 2010 SWITCH Terms: Attribute A piece of information about a user. Each attribute has a unique ID and has zero of more values.
Managing User Accounts, Passwords and Logon Chapter 5 powered by dj.
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
The ReFEDS/GÉANT Code of Conduct (CoC) An Approach to Compliance with the EU Data Protection Directive Steve Carmody April 23, 2012.
Integrating with UCSF’s Shibboleth system
Shibboleth and Grids Oxford Internet Institute, Oxford e-Science Centre and e-Horizons Institute Mark Norman 10 May 2006.
InteractiveMedia’s Imagine Software Platform When user clicks on the Imagine desktop icon or installed app. This is the first thing the user will see full.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Installing and Using Active Directory Written by Marc Zacharko.
Installing SIGNZ on a stand- alone machine. These slides will guide you through the installation of the SIGNZ ‘server’ and ‘client’ components on one machine.
Online Translation Service Capstone Design Eunyoung Ku Jason Roberts Jennifer Pitts Gregory Woodburn Kim Tran.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
Chad La Joie Shibboleth’s Future.
Training Role Module 8 – User Admin Ver. 10 Oct 2009.
Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
Holly Eggleston, UCSD Shibboleth and Library Resources InCommon Library/Shibboleth Project.
Federations round table Haka federation of Finland EuroCAMP Mikael Linden CSC, the Finnish IT Center for Science.
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
Core Publisher: Station Administrator Tools. Training 1: Site Administration Training 2: Programs Training 3: Content Tagging Training 4: Creating Posts.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent.
FriendFinder Location-aware social networking on mobile phones.
 Product Variations and User Uploads  Product and Categories are not enough  Needs to extend product information  User can customize product information.
FriendFinder Location-aware social networking on mobile phones.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
FriendFinder Location-aware social networking on mobile phones.
1 Configuring Sites Configuring Site Settings Configuring Inter-Site Replication Troubleshooting Replication Maintaining Server Settings.
Attribute Release and Scalable Consent \. Part of the original vision for federated identity and necessary for it to succeed Federated identity is less.
Campuses New to Shibboleth: WebSSO Barry Johnson
June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.
Institute for the Protection and Security of the Citizen HAZAS – Hazard Assessment ECCAIRS Technical Course Provided by the Joint Research Centre - Ispra.
Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Improving Extending the Shibboleth Identity Provider User Experience Keith Hazelton University of Wisconsin-Madison William G. Thompson, Jr. Unicon, Inc.
Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
Account Management Demonstration.
John O’Keefe Director of Academic Technology & Network Services
Affinity Program | Client Approved Copy| Native App Landing Page
Ubuntu Working in Terminal
iCIMS 17.1 Release: Highlights
Consent and Federated Identity
Shibboleth and uApprove at University of Michigan
How to upgrade your RSFORM!PRO forms for GDPR compliance
Shibboleth 2.0 IdP Training: Introduction
Mobile Registration App Training Guide for OPO Staffers
Mobile Registration App Training Guide for Ambassadors
Presentation transcript:

Shibboleth and uApprove at University of Michigan Luke Tracy – Ken Hammer –

What is uApprove? Developed by SWITCHaai under BSD License – Purposes: –For the user, mechanism to be informed about the release of attributes to a Service Provider (SP). –For the admin of an Identity Provider (IdP) Provides a tool to implement data protection laws by requiring to obtain user consent before personal attributes are released to a SP Allows for collection of information about the release of attributes and accesses to SP (if configured to do so). Source: on June 15,

What is uApprove? From the user's point of view, uApprove is an application which presents a webpage, on which to –accept or decline the Terms of Use of a Shibboleth Identity Provider upon first access to the system (optional) –globally accept the release of attributes to any/all Service Providers –accept the release of attributes upon first access to a given Service Provider (if the global release has not been approved) Note: User can reset attribute release consent on a separate webpage, such that he/she will be asked again, whenever attributes have to be released. Source: on June 15,

U of M Attribute Release InCommon IdP had been operating in Pilot Mode –Opt-in required –Temporarily provided means to approve the release of identity data To move beyond Pilot –Remove barriers –Make more self-describing

Governance Board Investigated how others were handling privacy concerns around attribute release –Found common desire existed to be able to have individuals approve the release of attributes –Saw mention of uApprove being used within SWITCH Demonstrated uApprove to IDM Governance Board –Liked it, but had issues with changes to data and privacy settings after approval to release –Looked into methods of detecting state changes and forcing re-approval

uApprove Determined best method was to prompt each time (until a more elegant solution was possible, maybe) Discussed with uApprove developers method for forcing prompt every time –Decided together that in short term, using database triggers was optimal

Demo

User Visits Site and Selects Home University

User Logs In Using Our Single Sign On Tool

User is presented with the uApprove screen

If the user declines…

If the user approves…

uApprove configuration Can use a flat file or a mysql database for preferences Can be disabled on a per-SP basis Can configure which attributes are displayed and in what order Optional “Terms of Use” screen Multiple options for resetting preferences

Normally, uApprove looks like this… Presentation controlled by.jsp templates Template text strings stored separately to make translation easy Presentation controlled by.jsp templates Template text strings stored separately to make translation easy

U-M localizations Database trigger / cron job combination to effect our desired login behavior Applied our SSO “skin” to the application Changed text to better suit our audience

attribute-resolver.xml <resolver:AttributeDefinition id="displayName" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="displayName"> Full Name This is your full name....

resources uApprove - U-M InCommon Attribute Release Policy and Procedure -

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.