Presentation is loading. Please wait.

Presentation is loading. Please wait.

UTORauth Copyright Copyright Russell Sutherland, 2005. This work is the intellectual property of the author. Permission is granted for this material to.

Published by Modified over 10 years ago

Similar presentations

Presentation on theme: "UTORauth Copyright Copyright Russell Sutherland, 2005. This work is the intellectual property of the author. Permission is granted for this material to."— Presentation transcript:

1 UTORauth Copyright Copyright Russell Sutherland, 2005. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 UTORauth Russell Sutherland Paul Fardy Matthew Wilks TechKnowfile 2005

3 Three Important Ideas Identification Identification Who one is Who one is Name:Alfred E. Newman Name:Alfred E. Newman DOB:1952-11-30 DOB:1952-11-30 Authentication Authentication Proof of Identity Proof of Identity Passport Passport Identifier + Password Identifier + Password Authorization Authorization Privileges associated with identity Privileges associated with identity Access to restricted Rooms Access to restricted Rooms Free Beer on Fridays Free Beer on Fridays

4 Identification Each person receives the following identifiers upon entrance to the UTORauth system: Each person receives the following identifiers upon entrance to the UTORauth system: UTID UTID UTORid UTORid Barcode Barcode

5 UTID 10 Digit System Identifier 10 Digit System Identifier 1002348215 1002348215 Assigned on the basis of Assigned on the basis of Name Name Date of Birth Date of Birth SIN number [optional] SIN number [optional] Static and not reusable Static and not reusable One UTID per person One UTID per person Never re-issued to another Never re-issued to another

6 UTORid 8 character AlphaNumeric string 8 character AlphaNumeric string vernejul vernejul smithk35 smithk35 newmana newmana Based on the name of the person Based on the name of the person Known to the person Known to the person Assigned to all new employees and students Assigned to all new employees and students

7 UTORid (2) Reusable Reusable Active for the UofT lifetime of the person Active for the UofT lifetime of the person Issuance Issuance Students:Tcard Office Students:Tcard Office Employee Business Officer Employee Business Officer Network Identifier for Services Network Identifier for Services UTORmail, PAF, UTORvpn, etc. UTORmail, PAF, UTORvpn, etc.

8 UTORid Activation Secret Activation Key [SAK] Secret Activation Key [SAK] One time password One time password Issued with the UTORid Issued with the UTORid Used to activate the UTORid Used to activate the UTORid Activation Activation One time event One time event User selects a password and email address User selects a password and email address Performed via a secure WWW session Performed via a secure WWW session

9 Barcode 16 Digit Number 16 Digit Number 2176101152459600 2176101152459600 Used by Library and other services Used by Library and other services Written on to the magnetic stripe Written on to the magnetic stripe Library number is embedded Library number is embedded 217610 11524596 00 217610 11524596 00

10 Authorization UTORable UTORable A central repository of information relating to the state and properties of persons A central repository of information relating to the state and properties of persons Is_Student Is_Student Program of Study Program of Study Barcode Barcode Referenced by UTORid or UTID Referenced by UTORid or UTID Access limited to registered clients Access limited to registered clients Clients Clients have limited access have limited access create their own rules for their own users create their own rules for their own users e.g is_student + enrolled in MAT133Y e.g is_student + enrolled in MAT133Y

11 Authorization UTORable UTORable A central repository of information relating to the state and properties of persons A central repository of information relating to the state and properties of persons Is_student Is_student Program of Study Program of Study Barcode Barcode Email Address Email Address Referenced by UTORid or UTID Referenced by UTORid or UTID

12 UTORable Access Access limited to registered clients Access limited to registered clients i.e. UofT Departments etc. i.e. UofT Departments etc. No access to end users No access to end users Clients Clients have limited access have limited access create their own rules for their own users create their own rules for their own users e.g is_student + enrolled in MAT133Y e.g is_student + enrolled in MAT133Y

13 UTORable Data Data available on a batch basis Data available on a batch basis Rules determined by client Rules determined by client Delivered on a daily basis Delivered on a daily basis protocol:ftp, ssh, scp protocol:ftp, ssh, scp Data available on an interactive basis Data available on an interactive basis LDAP LDAP APIs available for PHP/Perl/C etc. APIs available for PHP/Perl/C etc. Read Only in most cases Read Only in most cases

14 UTORable: Contents I Loads and Loads of stuff available Loads and Loads of stuff available Identifiers Identifiers UTID, UTORid (usually used as indices) UTID, UTORid (usually used as indices) BarCode BarCode Student Number Student Number Employee Number Employee Number

15 UTORable: Contents II A torrent of ROSI data A torrent of ROSI data Program of Study Program of Study Current Session Current Session Course Lists Course Lists Registration Code Registration Code Available for multiple sessions Available for multiple sessions

16 Current UTORable Users (Interactive) Information Commons Information Commons Public Access Facilities authentication/authorization to computers Public Access Facilities authentication/authorization to computers TCard Office/Library TCard Office/Library Creating and Managing TCards and Library Cards Creating and Managing TCards and Library Cards IC Help Desk IC Help Desk Web-based information lookup Web-based information lookup Federated Colleges Federated Colleges Web-based Faculty/Staff management Web-based Faculty/Staff management AMS AMS Real-time generation of UTORid/barcodes for new staff and faculty (using SOAP) Real-time generation of UTORid/barcodes for new staff and faculty (using SOAP)

17 Current UTORable Users (Batch I) ECF ECF Students and staff for Locknetics project in Bahen centre. Also, course listings for CCNet Students and staff for Locknetics project in Bahen centre. Also, course listings for CCNet UofT Police UofT Police All students/staff/faculty. Proximity card project. All students/staff/faculty. Proximity card project. UTM UTM Used to drive the UTM shuttle bus service Used to drive the UTM shuttle bus service CQUEST CQUEST Fac. of Arts and Sci. students. To create CQUEST accounts. Fac. of Arts and Sci. students. To create CQUEST accounts. Hart House Hart House List of current students to permit access to facilities List of current students to permit access to facilities

18 Current UTORable Users (Batch II) Athletic Centre Athletic Centre Current students. Used to permit access to facilities. Current students. Used to permit access to facilities. STORM STORM Course listings for a number of Physics courses. STORM provides websites for professors. Course listings for a number of Physics courses. STORM provides websites for professors. UTSC UTSC Scarborough students. Used to create computer accounts. Scarborough students. Used to create computer accounts. UTORcwn & UTORdial services UTORcwn & UTORdial services Lists of students/staff that use the services, along with their UTORids. Lists of students/staff that use the services, along with their UTORids. CDF CDF Listing of all computer science students. Listing of all computer science students.

19 A PHP-Based Example CNS provides a simple PHP module for UTORable access, which can be downloaded from: http://madhaus.cns.utoronto.ca/utorauth/pub/LDAP.php Once you have downloaded this module put your username and password into the file by changing the lines: $this->ldap_user = "cn=,". $ldap_base; $this->ldap_pass = " ";

20 A PHP-Based Example (continued) # create a new LDAP object that will be used to query # UTORable for a UTORid. $ldap = new LDAP('utorid'); # connect to the LDAP server, using the username and # password you specified to the module. $ldap->connect(); # fetch any data that exists for UTORid 'leeterry'. $ldap->fetch('leeterry'); # check to see if this is a full time student if ( $ldap->att('isstudent') && $ldap->att('attendance') == 'FT' ) allow_access(); else disallow_access();

21 Authentication Authenticate by providing UTORid and password. Authenticate by providing UTORid and password. As mentioned, the Secret Activation Key provides initial authentication. As mentioned, the Secret Activation Key provides initial authentication. Campus-wide Web Login service is provided by https://weblogin.utoronto.ca/ (Pubcookie) Campus-wide Web Login service is provided by https://weblogin.utoronto.ca/ (Pubcookie) https://weblogin.utoronto.ca/

22 Web Login for Users A single login page can authenticate for any utoronto.ca web service. A single login page can authenticate for any utoronto.ca web service. Input your UTORid and password once only to access several services. Input your UTORid and password once only to access several services. Uses web browser’s cookies to hold authentication data. Uses web browser’s cookies to hold authentication data. Exit browser to remove these special cookies from the browser cache. Exit browser to remove these special cookies from the browser cache.

23 Web Login for Service Providers A web application can delegate authentication to weblogin.utoronto.ca. A web application can delegate authentication to weblogin.utoronto.ca. Implemented using Pubcookie: Implemented using Pubcookie: http://www.pubcookie.org/ http://www.pubcookie.org/ http://www.pubcookie.org/ Implemented in an Apache or IIS module that must be installed on the application web server. Implemented in an Apache or IIS module that must be installed on the application web server. Provides authenticated UTORid, but not authorization. (as REMOTE_USER) Provides authenticated UTORid, but not authorization. (as REMOTE_USER)

24 Role of Kerberos Kerberos underlies technology to Web Login Kerberos underlies technology to Web Login Expect most applications to use Web Login Expect most applications to use Web Login Exploring supporting UTORids with departmental Unix/Linux via PAM Kerberos Exploring supporting UTORids with departmental Unix/Linux via PAM Kerberos Exploring supporting UTORids with MS Active Directory via Kerberos Exploring supporting UTORids with MS Active Directory via Kerberos

Download ppt "UTORauth Copyright Copyright Russell Sutherland, 2005. This work is the intellectual property of the author. Permission is granted for this material to."

Similar presentations

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,

The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau 2004. This work is the intellectual property of the authors. Permission is granted for.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Evaluating a Mass Notification Service for Campus Wide Communication Lori Sundal Georgia Institute of Technology EDUCAUSE Southeast Regional Conference.

Evaluating a Mass Notification Service for Campus Wide Communication Lori Sundal Georgia Institute of Technology EDUCAUSE Southeast Regional Conference.
LDAP-Enabled Privacy at The University of Notre Dame EduCAUSE conference, October 2002 Brendan Bellina Office of Information Technologies University of.

LDAP-Enabled Privacy at The University of Notre Dame EduCAUSE conference, October 2002 Brendan Bellina Office of Information Technologies University of.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Provisioning of Services Authentication Requirements David Henry Office of Information Technology University of Maryland

Provisioning of Services Authentication Requirements David Henry Office of Information Technology University of Maryland
1 Extending Authenticated Online Services with Friend Accounts at Washington State University Brian Foley Technology Architect/Application Developer.

1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.
Copyright Jill M. Forrester 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
February 2006 copyright Michael Welch, Blinn College This work is the intellectual property of the author. Permission is granted for this material to be.

February 2006 copyright Michael Welch, Blinn College This work is the intellectual property of the author. Permission is granted for this material to be.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
The Homegrown Single Sign On (SSO) Project at UM – St. Louis.

The Homegrown Single Sign On (SSO) Project at UM – St. Louis.
Making the Pieces Fit Together Barbara Draude, Director, Academic and Instructional Technology Services Middle Tennessee State University Lisa Rogers,

Making the Pieces Fit Together Barbara Draude, Director, Academic and Instructional Technology Services Middle Tennessee State University Lisa Rogers,
Copyright Anthony K. Holden, 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Anthony K. Holden, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Wireless LANs A Case Study of Baylor University’s Wireless Network Copyright Bob Hartland 2002 This work is the intellectual property of the author. Permission.

Wireless LANs A Case Study of Baylor University’s Wireless Network Copyright Bob Hartland 2002 This work is the intellectual property of the author. Permission.
Planning for Ecological Diversity in New Learning Environments: Interoperability Between Libraries and Course Management Systems Louis King, University.

Planning for Ecological Diversity in New Learning Environments: Interoperability Between Libraries and Course Management Systems Louis King, University.
Mobile Computing and Security Authenticated Network Access (ANA) Jon Peters Associate Director Dave Packham Manager of Network Engineering NetCom University.

Mobile Computing and Security Authenticated Network Access (ANA) Jon Peters Associate Director Dave Packham Manager of Network Engineering NetCom University.
Moving Out of The Shadows: Shining a Light on Data David Rotman Director of Computer Services Mark Mazelin Web Development Coordinator Copyright David.

Moving Out of The Shadows: Shining a Light on Data David Rotman Director of Computer Services Mark Mazelin Web Development Coordinator Copyright David.

Similar presentations

Ads by Google