Presentation is loading. Please wait.

Presentation is loading. Please wait.

TERENA TF-EMC2 15 feb 2011 Dyonisius Visser

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "TERENA TF-EMC2 15 feb 2011 Dyonisius Visser"— Presentation transcript:

1 AAI @ TERENA TF-EMC2 15 feb 2011 Dyonisius Visser visser@terena.rg www.terena.org

2 Slide 2 Where it all started ›REFEDS Wiki ›Dog food ›MediaWiki + SimpleSAMLphpAuth ›One SP ›Accumulated ~ 20 bilateral IdPs

3 AuthZ – sort of Slide 3 ›You’re in, if your IdP sends eduPersonEntitlement= ‘urn:mace:rediris.es:entitlement:wiki:tfemc2’

4 Next SP comes along ›TACAR ›Will need to contact several IdPs again to exchange metadata  ›3 rd SP ›4 th SP etc etc Slide 4

5 Too many IdP-SP combinations ›Difficult to manage: Slide 5

6 New approach: proxy ›Create one SP to connect as many IdPs as … ›“Hide” all our other SPs behind that ›SPs can all have one statically configured IdP ›So no need to have a disco on each SP ›External IdPs only do business with a single TERENA SP Slide 6

7 Slide 7

8 WordPress etc FileSender CORETACAR Sympa Event reg My.terena.org LinkedIn Yahoo Google Slide 8 OpenID Twitter MySpace † Windows Live SimpleSAMLphp Secretariat IdP LDAP Refeds wiki Confluence SimpleSAMLphp SP Proxy SimpleSAMLphp Bridge Guest IdPs… eduGAIN 3 more federations 15 more bilaterals… SURFfed AAI@EduHR ??????? IdP SP

9 ?????? = Globally unique ID ›Generate globally unique identifier for ALL users that could possibly come in ›Pick first available attr name+value from: ›eduPersonTargetedID ›eduPersonPRincipalName ›Openid/Twitter/FB/Myspace/windowslive/linkedin ›Append !IdP ›Result + demo: https://tnc2011.core.terena.orghttps://tnc2011.core.terena.org ›(PG table) Slide 9

10 Pre-login user provisioning ›Invitation system (demo) Slide 10

11 TO Do ›Central user repository (LDAP/SQL) ›Central group repository (DIY/Grouper/SURF/?) ›Profile page to manage your data (SWICTH’s javascript side bar/?) ›Account linking (Login4life,David? ) ›Consent dialog upon first login ›-> Cherry pickin’ from community Slide 11

12 Automated IdP checks? Slide 12 All configured IdPs IdPS that have our metadata IdPs that have our metadata and that send usable attrs

13 Issues encountered ›Changing your SP metadata at remote parties takes a long time ›So don’t start with 1K keys ›Non-federated users – guest accounts? ›Too many guest options now Slide 13

Download ppt "TERENA TF-EMC2 15 feb 2011 Dyonisius Visser"

Similar presentations

Grouper Training End Users Lite UI – External Users

Grouper Training End Users Lite UI – External Users
EIFL Thursday, December 15 th, 2011 Brook Schofield Project Development Officer Slide 1.

EIFL Thursday, December 15 th, 2011 Brook Schofield Project Development Officer Slide 1.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Europe Latin America Collaborative e ‑ Infrastructure for Research Activities A Model for Federated Services Brook Schofield, TERENA ● Sofia, Bulgaria.

Europe Latin America Collaborative e ‑ Infrastructure for Research Activities A Model for Federated Services Brook Schofield, TERENA ● Sofia, Bulgaria.
Making LinkedIn Work For Exclusive Networks. The Principals behind LinkedIn The theory is that we are all connected to each other through who we know,

Making LinkedIn Work For Exclusive Networks. The Principals behind LinkedIn The theory is that we are all connected to each other through who we know,
Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
By: Ansuya Chauhan.

By: Ansuya Chauhan.
17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a.

17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
TERENA EUROCamp 2010 Dyonisius Visser

TERENA EUROCamp 2010 Dyonisius Visser
GRDevDay March 21, 2015 Cloud-based Identity for Applications.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.
©2012 Microsoft Corporation. All rights reserved..

©2012 Microsoft Corporation. All rights reserved..
Remote Assistance  Using this program you can allow someone to work on your computer, chat with you and view your screen with your permission  The other.

Remote Assistance  Using this program you can allow someone to work on your computer, chat with you and view your screen with your permission  The other.
18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.

18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.
AAI with simpleSAMLphp

AAI with simpleSAMLphp
GakuNin Registration System Motonori Nakamura, NII Japan APAN33 rd Meeting (16 Feb. 2012)

GakuNin Registration System Motonori Nakamura, NII Japan APAN33 rd Meeting (16 Feb. 2012)
TEIN Shibboleth Training Course Introduction to SAML/Shibboleth at ComLabs USDI ITB, 2014-01-18 (updated version)

TEIN Shibboleth Training Course Introduction to SAML/Shibboleth at ComLabs USDI ITB, (updated version)
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

Similar presentations

Ads by Google