Feide login (currently username/password)



Similar documents
TF-AACE. Deliverable B.2. Deliverable B2 - The Authentication Component =============================================

Guide to Getting Started with the CommIT Pilot

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper

The Primer: Nuts and Bolts of Federated Identity Management

The Top 5 Federated Single Sign-On Scenarios

OpenLogin: PTA, SAML, and OAuth/OpenID

The Role of Federation in Identity Management

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

The Primer: Nuts and Bolts of Federated Identity Management

Getting Started with Single Sign-On

SAML-Based SSO Solution

A secure and auditable Federated Identity and Access Management Infrastructure. Serge Bertini Director, Security Canada

OpenID Deutsche telekom. Dr. Torsten Lodderstedt, Deutsche Telekom AG

Authentication Integration

Data Security and Identity Management

Logout in Single Sign-on Systems

Single Sign On at Colorado State. Ron Splittgerber

Single Sign On for UNICORE command line clients

Building Secure Applications. James Tedrick

Provisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On

UNI. UNIfied identity management. Krzysztof Benedyczak ICM, Warsaw University

OpenID and identity management in consumer services on the Internet

Shibboleth Identity Provider (IdP) Sebastian Rieger

Adding Stronger Authentication to your Portal and Cloud Apps

The Redesigned SAT. SAT Score Reporting Portal and Managing Access

Introduction to Identity and Access Management for the engineers. Radovan Semančík April 2014

Feide Integration Guide. Technical Requisites

Improving Security and Productivity through Federation and Single Sign-on

Getting Started with Single Sign-On

Shibboleth : An Open Source, Federated Single Sign-On System David E. Martin martinde@northwestern.edu

An Oracle White Paper Dec Oracle Access Management Security Token Service

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

LDAP Authentication Configuration Appendix

How to Use ADP Self Service

CA Federation Manager

Implementation Guide SAP NetWeaver Identity Management Identity Provider

Federated Identity in the Enterprise

Federations 101. An Introduction to Federated Identity Management. Peter Gietz, Martin Haase

Security Services. Benefits. The CA Advantage. Overview

COLT Portal User Guide

OECD workshop on digital identity management BELGIAN approach

Cloud SSO and Federated Identity Management Solutions and Services

Canadian Access Federation: Trust Assertion Document (TAD)

SAML-Based SSO Solution

Logout Support on SP and Application

Canadian Access Federation: Trust Assertion Document (TAD)

SPEECH REPOSITORY 2.0. Registration procedure

How to create a SP and a IDP which are visible across tenant space via Config files in IS

Accessing the PMRN [SSO Users]

From centralized to single sign on

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

Okta Identity Management for Portals Built on Salesforce.com. An Architecture Review. Okta Inc. 301 Brannan Street San Francisco, CA 94107

This way, Bluewin will be able to offer single sign-on for service providers within the circle.

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

Lenovo Partner Access - Overview

Saba Cloud. Overview of SSO for mobile applications

SAP Single Sign-On 2.0 Overview Presentation

EACEA. Call for experts. - Instructions for ECAS account creation -

Web Authentication Application Note

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

Adding Single Sign-On to CloudPassage Halo

Single Sign-On. Security and comfort can be friend. Arnd Langguth. September, 2006

Hosted Voice Product Training Automatic Call Distributor (ACD)

Automated Testing of SAML 2.0 Service Providers. Andreas Åkre Solberg UNINETT

How To Use Saml 2.0 Single Sign On With Qualysguard

Identity opens the participation age. Dr. Rainer Eschrich. Program Manager Identity Management Sun Microsystems GmbH

Authentication: Password Madness

Transcription:

Identity collaboration and federation in Norwegian education OECD workshop on Identity Management, Trondheim, 2006-05-08 Ingrid Melve, UNINETT Chief Technical Officer Feide login (currently username/password) User tries to access service Service Provider redirects user to Feide login (Identity Provider) Authentication is done at campus No big central user database Distributed user management at school, university, college Authentication is confirmed with the service, possibly with attribute release (roles) Informed consent for information release Single Sign On (SSO), and Single LogOut (SLO) 2 1

Feide federates education Identity federations: Authenticate Trust establishment Enforce information flow policy Attributes, roles Privacy control Enable sharing across organizations Standardize integration Security Well known integration path Multi-vendor support Equal market access for service providers 3 Feide: trust and technology Trust fabric: Contractual agreements Feide signs contracts with all parties, contract hub Requirements for identity management Requirements for data protection and data flow Best practices and guidelines Support various service usage models Technology: Goal: secure log-in and control sharing of personal information Implementation: Moria2 in-house developed open source (2003-2007) SAML2-based (2006-) Cross-federation Demonstrated technology in 2006 MinSide portal (eid for government services) Testing: edugain, Shibboleth, openid, various SAML-based CoT 4 2

Requirements for campus identity management: analyze work flow Identify key data Identify authoritative sources and external registry sources Identify who is reponsible for Initial data Data updates Data removal Organizational process Clean up work flow and procedures Move data maintenance out of the IT department Enable Human Resource and Student Management staff to do their jobs better 5 Why federated identity requirements? Distributed nature of education and research. Resources exist at various network endpoints or are maintained by different institutions. Education and research require integration of resources on heterogeneous platforms or in legacy systems. Data needs to be made widely available beyond the core application that maintains and generates the data. Automation is needed for advanced services in higher education 6 Policy varies between collaborators, and changes over time Norwegian universities and colleges have outsourced administrative systems and traditionally share many support structures Avoiding lock-in to particular vendors, levelling the playing field Research is collaboration: need software and collaborative working 3

User benefits 7 One username One password (or other credential) Access to webspace everywhere: learning support, library systems, administrative systems, project space for research Do not need to register information at each service, automatic updates from campus information Informed consent for personal data transfer Familiar log-in page may increase security Campus Identity Provider benefits 8 Authoritative quality for all affiliated users Control of information flow for all affiliated users Enhanced user management simplifies and automates business processes Federated login provides access to services One contract with Feide eliminates bi-lateral contracts with all service providers 4

Service Provider benefits 9 Access for all Feide users No local administration of user database Feide handles login and gives high quality data about users One contract with Feide eliminates bi-lateral contracts with all identity providers Clear integration path, well-defined information flow Feide goals Governance and standardization Local dataflow clean-up Overview and control of services Common guidelines, requirements and best practice for identity mana gement Identity management for education Unity in identity management Critical infrastructure: no login, no service Federated approach, shared world 10 Collaboration with educational institutions, service providers, vendors and standards organizations National level services comes first, support local and shared services 5

Business drivers for Feide Each institution benefits from Local dataflow clean-up Overview and control of services Common guidelines, requirements and best practice for identity management Educational sector as Service Provider Easy integration of non-local users Data protection contracts and guidelines Services benefit from Integrated user space (instant user db) Data protection contracts and guidelines Rollout: Universities (6): 2003-2006 University Colleges (37): 2004 2007 11 Lower education (4500): 2006 Operational service providers Shared services: 2003 Local university services: 2003 Commercial service providers: 2006 Public services (cross-federation): 2007 Collaboration Strong involvement from schools, universities and colleges User groups Active participation in various project(s) Close collaboration with service roll-out (SAP, NRK) Operational Feide login service run by Oslo University Backing from Ministry of Education and Research Financial support Clear political support for integrating services Partnership with commercial technology partners for standards based software International cooperation: TF-EMC2/Terena, edugain/eu 6 th Framework, GNOMIS, Internet2, Liberty Alliance 12 6

More information http://feide.no/index.en.html Email for Feide: administrasjon@feide.no Questions for Ingrid ingrid.melve@uninett.no 13 Collaboration builds education 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information