Presentation is loading. Please wait.

Presentation is loading. Please wait.

Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,

Published byLauren Kathlyn Caldwell Modified over 8 years ago

Similar presentations

Presentation on theme: "Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,"— Presentation transcript:

1 Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nlmaarten.koopmans@surfnet.nl OASIS Adoption forum 2006

2 High-quality Internet for higher education and research In the beginning… Well, the 90’s: a chip card for higher education. It failed miserably.

3 High-quality Internet for higher education and research … (2) Tests with mobile phones and e-banking (token based in NL). Piggybacking in 2001-2.

4 High-quality Internet for higher education and research Authentication middleware, 2002 Authentication middleware that could act as a switch between multiple authentication methods and added SSO as a bonus.

5 High-quality Internet for higher education and research A-Select 1.0 Q4-2002 First lesson: choose your project name carefully! Authentication selection. We’ll just call it A-Select “for now”.

6 High-quality Internet for higher education and research 1.0 features SSO Multiple authentication methods Simple “Cross” mode, full identity shared between domains 3 universities, 30.000 users. They liked it. We invested.

7 High-quality Internet for higher education and research A-Select in 2002

8 High-quality Internet for higher education and research A-Select in 2002 (2)

9 High-quality Internet for higher education and research The marketing dilemma How do you get the other universities to use this? Encourage usage outside and within higher-ed

10 High-quality Internet for higher education and research The question then becomes: Why don’t you use it?

11 High-quality Internet for higher education and research 2002-3: versions 1.1 – 1.3 Logging APIs and protocol improvements Better user database support More AuthSPs

12 High-quality Internet for higher education and research A-Select in 2003

13 High-quality Internet for higher education and research 2003: Build a community E-government chose A-Select, as did the public libraries System integrators More universities. Some 100.000 users in NL

14 High-quality Internet for higher education and research 2004: Strengthen the community e-government becomes DigiD, keep them on board Work together with libraries Add features: –fail over –more application integration components Open standards are becoming very important with Shibboleth and SAML, especially for higher education

15 High-quality Internet for higher education and research 2004: A-Select diffusion Encourage usage via diffusion program: target 100,000 users by the end of 2006. Result: >> 200,000 users in higher ed and more are coming! Activities: Documentation Integration components On site support Project consultancy

16 High-quality Internet for higher education and research 2005: Towards a Federation Release 1.4.1: integrating a lot of contributions from the community, massive clean-up of the codebase Release 1.4.2: Adding a simple yet flexible authorization engine and attribute acquisition (using, CGI, SOAP, LDAP)

17 High-quality Internet for higher education and research A-Select in 2005

18 High-quality Internet for higher education and research A-Select in 2005

19 High-quality Internet for higher education and research 2005: Digid more and more visible First cities are using Digid as an A-Select based IdP First tests with online tax forms with Digid as IdP

20 High-quality Internet for higher education and research 2006: Federation for real Release 1.5: adds SAML 1.1 with Shibboleth profiles. A-Select can act as IdP for Shib-protected resources. From 2007 onwards Digid mandatory for online tax forms Millions of users.

21 High-quality Internet for higher education and research Federation in 2006 usersidentitiescentral federation componentsresources (SAML) SAML

22 High-quality Internet for higher education and research Winding down Apache style licensed 98% Java based code > 5 authN Methods Healthy market and community millions of users Incremental growth has paid of: from authN to federation middleware Open source is a viable model for “NL as a company”

23 High-quality Internet for higher education and research What’s next 1.6 WS-* support SAML 2.0 support A-Select starter kit (with Linux, reverse proxy,...)

24 High-quality Internet for higher education and research Expanding internationally Open standards important for collaboration! Thank you, OASIS!

25 High-quality Internet for higher education and research Questions / discussion Maarten.Koopmans@surfnet.nl

Download ppt "Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,"

Similar presentations

MyProxy Jim Basney Senior Research Scientist NCSA

MyProxy Jim Basney Senior Research Scientist NCSA
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Introducing A-Select … towards the next 700 authentication methods Utrecht, 25-4-2003 Maarten Koopmans.

Introducing A-Select … towards the next 700 authentication methods Utrecht, Maarten Koopmans.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Update SURFnet Bart Kerver TF-EMC2-meeting, Utrecht, 17 Oktober 2006.

Update SURFnet Bart Kerver TF-EMC2-meeting, Utrecht, 17 Oktober 2006.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.

Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.
A-Select: Hitchhiking in authentication space Ton Verschuren Innovation Management – SURFnet – NL TERENA TF-AACE workshop, Stockholm,

A-Select: Hitchhiking in authentication space Ton Verschuren Innovation Management – SURFnet – NL TERENA TF-AACE workshop, Stockholm,
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
Www.kennisnet.nl Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.

Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.
SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.
Project Proposal: Academic Job Market and Application Tracker Website Project designed by: Cengiz Gunay Client: Cengiz Gunay Audience: PhD candidates and.

Project Proposal: Academic Job Market and Application Tracker Website Project designed by: Cengiz Gunay Client: Cengiz Gunay Audience: PhD candidates and.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 STRIDE towards 2-factor Web SSO Rich Graves October 2014 GIAC GSE, GCIA, GCIH, GPEN,

1 SANS Technology Institute - Candidate for Master of Science Degree 1 STRIDE towards 2-factor Web SSO Rich Graves October 2014 GIAC GSE, GCIA, GCIH, GPEN,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
Intro to Grouper There’s nothing fishy about Identity Management with Grouper.

Intro to Grouper There’s nothing fishy about Identity Management with Grouper.
Chad La Joie Shibboleth’s Future.

Chad La Joie Shibboleth’s Future.

Similar presentations

Ads by Google