Presentation is loading. Please wait.

Presentation is loading. Please wait.

TERENA EUROCamp 2010 Dyonisius Visser

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "TERENA EUROCamp 2010 Dyonisius Visser"— Presentation transcript:

1 AAI @ TERENA EUROCamp 2010 Dyonisius Visser visser@terena.rg www.terena.org

2 Slide 2 Where it all started ›REFEDS Wiki ›Dog food ›MediaWiki + SimpleSAMLphpAuth ›One SP ›Accumulated > 20 IdPs

3 AuthZ – sort of Slide 3

4 Next SP comes along ›TACAR ›Will need to contact several IdPs again to exchange metadata  ›3 rd SP ›4 th SP etc etc Slide 4

5 Too many IdP-SP combinations ›Difficult to manage: Slide 5

6 New approach: cheating ›Create one SP to connect all our IdPs to ›“Hide” all our REAL SPs behind that ›External IdPs only do business with a single TERENA SP ›We get to do fancy stuff at our magic SP Slide 6

7 Slide 7

8 What could be the “?” ›Attribute injection ›authproc: SmartAttr.php Slide 8

9 SmartAttr.php ›Generate globally unique identifier for ALL possible users ›Pick first available attribute name+value from: ›eduPersonTargetedID ›eduPersonPRincipalName ›openid ›sha1(salt.serialize(attributes)) ›Append @$IdP ›Results: Slide 9

10 SmartID exa,mples: ›urn:mace:dir:attribute- def:eduPersonTargetedID:c4bcbe7ca8eac0745652 91fd5524caa88f3115c8@terena.org@https://login.terena.org/idp/saml2/idp/metadata.php ›urn:mace:dir:attribute- def:eduPersonPrincipalName:horvath@terena.org @https://login.terena.org/idp/saml2/idp/metadat a.php ›openid:https://www.google.com/accounts/o8/id?i d=AItOawk1wEwIIRLSKf6kWb_1Rb0X00psc3lPqW U@https://login.terena.org/bridge/saml2/idp/met adata.php Slide 10

11 More attributes ›Fullname: Stolen from Olav ›Organisation: first available from: ›organizationName ›Uppercase version of schacHomeOrganization, without TLD ›Uppercase version of email domain without TLD ›Uppercase version of eduPersonPrincipalName domain without TLD ›String ‘MY_ORG’ ›Country, fname, lname, email, etc Slide 11

12 Group membership ›To be implemented….. Slide 12

13 Concepts ›We will have homeless users -> guest accounts ›Everyone can login to any service ›“logged-in” does not mean anything (well….) ›https://tnc2010.omega.terena.org ›One page to manage all your data (‘profile’ page) ›Similar to Switch.ch javascript sidebar ›To be implemented Slide 13

14 Issues encountered ›Changing your SP metadata at remote parties takes a long time non-technical, so think twice ›Non-federated users – don’t run ourselves ›Too may guest options now!!! ›Provisioning before users log in -> not possible ›Globally persistent ID Slide 14

Download ppt "TERENA EUROCamp 2010 Dyonisius Visser"

Similar presentations

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board
Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki 2.10.2013 Mikael Linden, CSC – IT Center for Science

Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki Mikael Linden, CSC – IT Center for Science
2006 © SWITCH Group Management Tool Lukas Haemmerle

2006 © SWITCH Group Management Tool Lukas Haemmerle
Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) 21.6.2012 FIM for research collaboration workshop Mikael Linden,

Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) FIM for research collaboration workshop Mikael Linden,
DK update David Simonsen, WAYF (the federation formerly known as DK-AAI) It's a WAYFIt's about consentIt's a project.

DK update David Simonsen, WAYF (the federation formerly known as DK-AAI) It's a WAYFIt's about consentIt's a project.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
TERENA TF-EMC2 15 feb 2011 Dyonisius Visser

TERENA TF-EMC2 15 feb 2011 Dyonisius Visser
Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.

Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
GakuNin Registration System Motonori Nakamura, NII Japan APAN33 rd Meeting (16 Feb. 2012)

GakuNin Registration System Motonori Nakamura, NII Japan APAN33 rd Meeting (16 Feb. 2012)
CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science

CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science
Identity Management Report By Jean Carreon and Marlon Gonzales.

Identity Management Report By Jean Carreon and Marlon Gonzales.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
Textual Password How to use the Textual Authentication Model (AC)

Textual Password How to use the Textual Authentication Model (AC)
Supporting Are we ready? REFEDS, Oct 2013 Ann Harding

Supporting Are we ready? REFEDS, Oct 2013 Ann Harding
Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.

Connect. Communicate. Collaborate eduGAIN in Real Life! Ajay Daryanani, RedIRIS TERENA Networking Conference Brugge, 20th May 2008.
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.

Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
Introducing HingX now with Capacity Development Network.

Introducing HingX now with Capacity Development Network.

Similar presentations

Ads by Google