Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Slides:

Advertisements

Similar presentations

EBSCOadmin Authentication

Advertisements

Lousy Introduction into SWITCHaai

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

FAME-PERMIS Project University of Manchester University of Kent London, July 2006.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Financial Aid Management System Account Registration and Confirmation.

Members Only & Login Modules Members Only works with the Login module to provide password protection to Web pages and files. Login Groups may be created.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Single Sign-On 1. What is Single Sign-On? 2 The Florida Department of Education (FLDOE) Single Sign-On (SSO) provides a simpler way for educators to access.

Enterprise Single Sign On Identity management for web applications.

SWITCHaai Team Federated Identity Management.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!

Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

SURENDER SARA 10GAS Building Corporate KPI’s

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.

The I-Trust Federation: Federating the University of Illinois Keith Wessel Identity Management Service Manager University of Illinois at Urbana-Champaign.

Shibboleth and CU Carol Kassel Digital Knowledge Ventures (DKV)

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

Simplify TeleHealth - Copyright 2012 Emerge.MD inc - Confidential Single Sign On via Active Directory Federation Services 4.6 Release (March 2014) Updates.

The National Science Digital Library & Shibboleth.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.

Shibboleth at Columbia Update David Millman R&D July ’05

Shibboleth: An Introduction

Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie.

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Holly Eggleston, UCSD Shibboleth and Library Resources InCommon Library/Shibboleth Project.

1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.

Lightspeed is a web-blocking and filtering software program providing safe online security for educational users.

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.

CARSI: Federated Identity and Resource Sharing over CERNET Dr. PING CHEN Peking University( 北京大学 ) Jan, 24 th, 2008.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

Shibboleth for Middle Schools James Burger -

Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.

Tutorial on Science Gateways, Roma, Riccardo Rotondo Introduction on Science Gateway Understanding access and functionalities.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

The FederID project The First Identity Management and Federation Free Software.

Changing your Password

Using Your Own Authentication System with ArcGIS Online

Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd

Federation made simple

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

John O’Keefe Director of Academic Technology & Network Services

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

Yahoo Support Ireland Toll-Free Number:

Shibboleth Implementation in EZproxy

ESA Single Sign On (SSO) and Federated Identity Management

Agenda Introductions Brief review of our project charge

Internet Engineering Course

Welcome to your new ticketing system

KC-ROLO Project Kidderminster College – Repository Of Learning Objects

Presentation transcript:

Community Sign-On and BEN

Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow  User interface examples  Next steps

What is community sign on?  Single sign-on (SSO): a specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems (e.g., Web sites)  Community sign-on (CSO): an application of SSO to a specific community, such as NSDL

Benefits: Users  Single username and password: user has to sign in only once to gain access to the entire community  Single registration: user doesn’t need multiple registrations, multiple usernames, etc. – just one  Security: user’s personal information is kept in only one place. User access multiple Web sites but personal info not transmitted

Benefits: content providers  More members: implementing CSO effectively pre-approves all exsiting community users for your site (you can allow or restrict access as you choose)  Reduced friction: users less likely to abandon a site if additional registration not required  Scalability: set up CSO once and use same technology for additional partner sites  Simplified account administration: user updates his/her info at one site so your site need not maintain redundant (or out-of-date) information  Access control: permit or deny access to different parts of your site based on a member’s attributes  Remote access: users can access your site from any computer because access controlled by login, not by physical location of the user’s computer  Integration with other sites: integrate services, such as tools from other sites, within your site and allow user seamless access  Personalization: customize your site based on members’ attributes

How it works  CSO for NSDL uses Shibboleth, an Internet2 Middleware Initiative project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure  In English: Shibboleth allows users from different institutions or groups to obtain access to protected content anywhere on the Web. Users log in locally and their privacy is maintained  Federated identity allows for information about users in one security domain to be provided to other organizations in a common federation (e.g., NSDL)

Origin of “Shibboleth” (Judges 12)

Shibboleth components  Federation: a group of organizations who join together to use Shibboleth software to share access to resources in a common way  Service provider (SP): Web site with protected content requiring a login  Identity provider (IdP): authenticates users and provides attributes to a given SP  “Where are you from?” page (WAYF): page requiring users to identify their IdP so that they can log in appropriately  Attributes: info about the user that gets released from the IdP to the SP, according to IdP policy

Get Attributes CSO workflow Unprotected content Protected content IdP 1 Login Page IdP 2 Login Page WAYF Logged In? Login Sucess? No Login Success? No Yes User self-identifies as “member of IdP 2” User self-identifies as “member of IdP 1”

User interface example  Engineering Pathway Engineering Pathway  BEN User selects protected content

User interface example (SP) User clicks this link

User interface example (WAYF) User clicks this link

User interface example (IdP) User logs in

User interface example: request for additional info Note that name and address not here; obtained as attributes from IdP. Password not needed at all.

Next steps  Consult the CSO Roadmap for NSDL SitesCSO Roadmap for NSDL Sites  Non-NSDL BEN partners: contact Isovera to request setup  Contact us!  Rob Lane  Carol Kassel  Andrew Johnston  David Millman

Questions?