Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,

Slides:



Advertisements
Similar presentations
MyProxy Jim Basney Senior Research Scientist NCSA
Advertisements

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Introducing A-Select … towards the next 700 authentication methods Utrecht, Maarten Koopmans.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Update SURFnet Bart Kerver TF-EMC2-meeting, Utrecht, 17 Oktober 2006.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.
A-Select: Hitchhiking in authentication space Ton Verschuren Innovation Management – SURFnet – NL TERENA TF-AACE workshop, Stockholm,
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.
SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.
Project Proposal: Academic Job Market and Application Tracker Website Project designed by: Cengiz Gunay Client: Cengiz Gunay Audience: PhD candidates and.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 STRIDE towards 2-factor Web SSO Rich Graves October 2014 GIAC GSE, GCIA, GCIH, GPEN,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
Intro to Grouper There’s nothing fishy about Identity Management with Grouper.
Chad La Joie Shibboleth’s Future.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
High-quality Internet for higher education and research do you like to puzzle, build an AAI ! xxx AA systems 2nd EuroCAMP - Porto November 8, 2005
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Shibboleth at the U of M Christopher A. Bongaarts code-people June 2, 2011.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Shibboleth: An Introduction
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.
World Domination in AuthN space Starting in the Netherlands… TF-AACE workshop, Malaga, November 2003 Ton Verschuren SURFnet.
Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.
Shibboleth Access Management System Walter Hoehn & David Millman, Columbia University.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.
Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Zdenek Nejedly 1, Hugh Smith 1, Matt Searle 1, Cindy Wells 2, Bill Teesdale 2, Trevor Pemberton 3, Kyle Mackie 3 1 Computing & Communications Services.
Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.
June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.
EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.
b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.
Copyright © 2006 by the University of Kansas Providing Intra-campus SSO Service Kathryn Huxtable Identity Management/Core Middleware Information Technology,
WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.
Non Web-based Identity Federations - Moonshot Daniel Kouril, Michal Prochazka, Marcel Poul ISGC 2015.
Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.
Security Area Christoph Witzig (SWITCH) on behalf of John White (HIP)
Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,
Application Authentication using Azure AD
Access Policy - Federation March 23, 2016
LIGO Identity and Access Management
Federation made simple
Shibboleth Roadmap
HMA Identity Management Status
Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Neil Witheridge’s slides
ESA Single Sign On (SSO) and Federated Identity Management
Office 365 Identity Management
JSTOR as a Shibboleth Target
Scott Thorne & Chuck Shubert
Supporting Institutions Towards a Shibbolized Infrastructure
NSF Middleware Initiative: GridShib
Presentation transcript:

Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet, OASIS Adoption forum 2006

High-quality Internet for higher education and research In the beginning… Well, the 90’s: a chip card for higher education. It failed miserably.

High-quality Internet for higher education and research … (2) Tests with mobile phones and e-banking (token based in NL). Piggybacking in

High-quality Internet for higher education and research Authentication middleware, 2002 Authentication middleware that could act as a switch between multiple authentication methods and added SSO as a bonus.

High-quality Internet for higher education and research A-Select 1.0 Q First lesson: choose your project name carefully! Authentication selection. We’ll just call it A-Select “for now”.

High-quality Internet for higher education and research 1.0 features SSO Multiple authentication methods Simple “Cross” mode, full identity shared between domains 3 universities, users. They liked it. We invested.

High-quality Internet for higher education and research A-Select in 2002

High-quality Internet for higher education and research A-Select in 2002 (2)

High-quality Internet for higher education and research The marketing dilemma How do you get the other universities to use this? Encourage usage outside and within higher-ed

High-quality Internet for higher education and research The question then becomes: Why don’t you use it?

High-quality Internet for higher education and research : versions 1.1 – 1.3 Logging APIs and protocol improvements Better user database support More AuthSPs

High-quality Internet for higher education and research A-Select in 2003

High-quality Internet for higher education and research 2003: Build a community E-government chose A-Select, as did the public libraries System integrators More universities. Some users in NL

High-quality Internet for higher education and research 2004: Strengthen the community e-government becomes DigiD, keep them on board Work together with libraries Add features: –fail over –more application integration components Open standards are becoming very important with Shibboleth and SAML, especially for higher education

High-quality Internet for higher education and research 2004: A-Select diffusion Encourage usage via diffusion program: target 100,000 users by the end of Result: >> 200,000 users in higher ed and more are coming! Activities: Documentation Integration components On site support Project consultancy

High-quality Internet for higher education and research 2005: Towards a Federation Release 1.4.1: integrating a lot of contributions from the community, massive clean-up of the codebase Release 1.4.2: Adding a simple yet flexible authorization engine and attribute acquisition (using, CGI, SOAP, LDAP)

High-quality Internet for higher education and research A-Select in 2005

High-quality Internet for higher education and research A-Select in 2005

High-quality Internet for higher education and research 2005: Digid more and more visible First cities are using Digid as an A-Select based IdP First tests with online tax forms with Digid as IdP

High-quality Internet for higher education and research 2006: Federation for real Release 1.5: adds SAML 1.1 with Shibboleth profiles. A-Select can act as IdP for Shib-protected resources. From 2007 onwards Digid mandatory for online tax forms Millions of users.

High-quality Internet for higher education and research Federation in 2006 usersidentitiescentral federation componentsresources (SAML) SAML

High-quality Internet for higher education and research Winding down Apache style licensed 98% Java based code > 5 authN Methods Healthy market and community millions of users Incremental growth has paid of: from authN to federation middleware Open source is a viable model for “NL as a company”

High-quality Internet for higher education and research What’s next 1.6 WS-* support SAML 2.0 support A-Select starter kit (with Linux, reverse proxy,...)

High-quality Internet for higher education and research Expanding internationally Open standards important for collaboration! Thank you, OASIS!

High-quality Internet for higher education and research Questions / discussion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.