Presentation is loading. Please wait.

Presentation is loading. Please wait.

Open Source Web Initial Sign-On Packages

Published byPhilomena Jackson Modified over 5 years ago

Similar presentations

Presentation on theme: "Open Source Web Initial Sign-On Packages"— Presentation transcript:

1 Open Source Web Initial Sign-On Packages
Enterprise Authentication CAMP, San Diego, 18 Nov 2004 Copyright University of Washington This work is the intellectual property of the University of Washington and the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 Open Source Web Initial Sign-On Packages
Enterprise Authentication CAMP, San Diego, 18 Nov 2004 Panelists: Robert Banz, Middleware Architect, UMBC Nathan Dors, Project Lead, U Wash (Moderator) Keith Hazelton, Senior IT Architect, U Wisc Kevin McGowan, Senior Technologist, U Mich

3 Topics What is WebISO? Open Source WebISO software
Keith: Leading a WebISO planning process Kevin: Michigan/Cosign perspective Robert: UMBC’s legacy WebISO perspective WebISO futures Q & A 12/7/2018 3

4 Provocative questions
What is the future of open source WebISOs? What is the LoA of WebISO-based authentication claims/assertions? When will the WebISO Weebles finally fall down? 12/7/2018 4

5 Topics What is WebISO? Open Source WebISO software
Keith: Leading a WebISO planning process Kevin: Michigan/Cosign perspective Robert: UMBC’s legacy WebISO perspective WebISO futures Q & A 12/7/2018 5

6 What is WebISO? What are the essential functions of WebISO within the context of Identity Management? What are the technology and policy drivers for implementing a WebISO solution? What are the prerequisites for deploying a WebISO solution? 12/7/2018 6

7 WebISO’s essential functions
Authenticate: “authenticate people … seeking access to a [web-based] service or resource” Authenticate: “to check [web-based] identity claims” Deliver: “to issue [web-based] identity claims” 12/7/2018 7

8 Drivers Protect the identity credential
Normalize web-based authentication Reduce costs Increase productivity Improve security Reduce audit and compliance risks 12/7/2018 8

9 Prerequisites IdMS: you need to know who your users are
Authentication Service: you need to credential your users Weeble: you need to balance your initial requirements with your broader objectives 12/7/2018 9

10 Weblogin examples 12/7/2018 10

11 Univ of Chicago 12/7/2018 11

12 Duke University 12/7/2018 12

13 Penn State University 12/7/2018 13

14 Univ of Kansas 12/7/2018 14

15 Univ of Michigan 12/7/2018 15

16 Ohio State University 12/7/2018 16

17 UCLA 12/7/2018 17

18 Univ of Southern California
12/7/2018 18

19 Univ of Washington 12/7/2018 19

20 Univ of Washington (w/ SecurID)
12/7/2018 20

21 Cornell University 12/7/2018 21

22 Yale University 12/7/2018 22

23 Vanderbilt University
12/7/2018 23

24 Worcester Polytechnic Institute
12/7/2018 24

25 Carnegie Mellon University
12/7/2018 25

26 Common WebISO service model
Architecture Authentication service Login “weblogin” service (authenticate, deliver) Service providers Browser-binding messaging protocol Message format Security model 12/7/2018 26

27 Application integration models
Container-based (declarative) REMOTE_USER API (programmatic) 12/7/2018 27

28 Topics What is WebISO? Open Source WebISO software
Keith: Leading a WebISO planning process Kevin: Michigan/Cosign perspective Robert: UMBC’s legacy WebISO perspective WebISO futures Q & A 12/7/2018 28

29 Open Source WebISOs Yale/CAS Cosign Pubcookie A-Select Shibboleth?
12/7/2018 29

30 Central Authentication Service
From Yale University Open source license Version 3.0 on its way Strengths Lots of campus deployments Good uPortal ties Proxiable CAS tickets for 3-tier scenarios 12/7/2018 30

31 Cosign From Univ of Michigan Open source license NMI component
Strengths Kerberos integration and delegation Distributed session management 12/7/2018 31

32 Pubcookie Core contributors Open source license NMI component
Univ of Washington Carnegie Mellon Univ Univ of Wisconsin Open source license NMI component Version 3.2 coming soon 12/7/2018 32

33 Pubcookie… Strengths www.pubcookie.org Lots of campus deployments
Kerberos 5 and LDAP integration Simple app-integration model 12/7/2018 33

34 A-Select SURFnet maintained Open source license NMI component
Strengths: AuthN plug-ins Good hmmm factor a-select.surfnet.nl 12/7/2018 34

35 Shibboleth as WebISO Open source license Strengths:
Standard SAML tokens, protocol Attribute exchange & privacy mechanisms Simple app-integration model Drawbacks as WebISO “weblogin” feature gap SP software installation & configuration complexity 12/7/2018 35

36 Topics What is WebISO? Open Source WebISO software
Keith: Leading a WebISO planning process Kevin: Michigan/Cosign perspective Robert: UMBC’s legacy WebISO perspective WebISO futures Q & A 12/7/2018 36

37 UW-Madison WebISO Where does WebISO fit in campus IT strategy?
Planning process: participants and stakeholders What policy issues were confronted? Must-have technical requirements and desirable feature Lessons learned See WebISO Selection and Rqmts docs at: 12/7/2018 37

38 Topics What is WebISO? Open Source WebISO software
Keith: Leading a WebISO planning process Kevin: Michigan/Cosign perspective Robert: UMBC’s legacy WebISO perspective WebISO futures Q & A 12/7/2018 38

39 Michigan/Cosign perspective
Brief history of Cosign at Michigan Use statistics History as open source WebISO Unique requirements, unique features Cosign’s distributed session management and experiences with “global” logout 12/7/2018 39

40 Topics What is WebISO? Open Source WebISO software
Keith: Leading a WebISO planning process Kevin: Michigan/Cosign perspective Robert: UMBC’s legacy WebISO perspective WebISO futures Q & A 12/7/2018 40

41 UMBC/Webauth perspective
The homemade-WebISO perspective History Use statistics Ongoing development costs Unique requirements, unique features 12/7/2018 41

42 Topics What is WebISO? Open Source WebISO software
Keith: Leading a WebISO planning process Kevin: Michigan/Cosign perspective Robert: UMBC’s legacy WebISO perspective WebISO futures Q & A 12/7/2018 42

43 Futures Multiple authentication methods working in unison, e.g.
End-user client certificates with failover to WebISO HTTP/SPNEGO with failover to WebISO Shibboleth Shib may get weblogin features WebISO may move to SAML 12/7/2018 43

44 Topics What is WebISO? Open Source WebISO software
Keith: Leading a WebISO planning process Kevin: Michigan/Cosign perspective Robert: UMBC’s legacy WebISO perspective WebISO futures Q & A 12/7/2018 44

45 Q&A Who operates your local WebISO infra?
Who can use your local WebISO? What’s the policy about not using WebISO? Who supports app developers and deployers? What is your SSO duration? What’s logged and how is it used? Who owns the “weblogin” page design/usability? What end-user education supports your WebISO? How do you handle data and authZ services? 12/7/2018 45

46 The End

Download ppt "Open Source Web Initial Sign-On Packages"

Similar presentations

MyProxy Jim Basney Senior Research Scientist NCSA

MyProxy Jim Basney Senior Research Scientist NCSA
CUMREC, 2004 Copyright: Ian Taylor, Rupert Berk, Heidi Berrysmith; 2004. This work is the intellectual property of the authors. Permission is granted for.

CUMREC, 2004 Copyright: Ian Taylor, Rupert Berk, Heidi Berrysmith; This work is the intellectual property of the authors. Permission is granted for.
Experiences in Middleware Deployment: Teach a man to fish… Mary Fran Yafchak NMI Integration Testbed Manager SURA IT Program Coordinator.

Experiences in Middleware Deployment: Teach a man to fish… Mary Fran Yafchak NMI Integration Testbed Manager SURA IT Program Coordinator.
WebISO PanelEducause SAC 2003 1 Implementing Single Sign On Technologies for Campus Portals Panel Nathan Dors, Project Lead Security/Middleware Unit Univ.

WebISO PanelEducause SAC Implementing Single Sign On Technologies for Campus Portals Panel Nathan Dors, Project Lead Security/Middleware Unit Univ.
How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.
Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.

Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau 2004. This work is the intellectual property of the authors. Permission is granted for.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Multi-Organizational Authorization Services RL “Bob” Morgan, University of Washington Internet2/Educause Advanced CAMP Boulder, Colorado July 2003.

Multi-Organizational Authorization Services RL “Bob” Morgan, University of Washington Internet2/Educause Advanced CAMP Boulder, Colorado July 2003.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.

Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
Intra-campus Web SSO Management Topics for Deployed Campuses Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007.

Intra-campus Web SSO Management Topics for Deployed Campuses Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.

Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.
JA-SIG CAS Enterprise Single Sign-On Scott Battaglia Application Developer Enterprise Systems & Services Rutgers, the State University of New Jersey Copyright.

JA-SIG CAS Enterprise Single Sign-On Scott Battaglia Application Developer Enterprise Systems & Services Rutgers, the State University of New Jersey Copyright.
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.
WebISO Survey of Technologies & Requirements Nathan Dors University of Washington CAMP, June 4-6, 2003 Copyright 2003 Nathan Dors. This work is the intellectual.

WebISO Survey of Technologies & Requirements Nathan Dors University of Washington CAMP, June 4-6, 2003 Copyright 2003 Nathan Dors. This work is the intellectual.
Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, 2004. This work is the intellectual.

Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, This work is the intellectual.
CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, 2004. This work is the intellectual property of the.

Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, This work is the intellectual property of the.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March 3. 2008.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March

Similar presentations

Ads by Google