in Swiss Higher Education

Similar documents
AAI Info-Day The SWITCHaai Team, 2005 SWITCH

Web app AAI Integration How to integrate web applications with AAI in general?

Pilot Projects Coordination Workshop Date: 18. February 2003 Time: 09:30 12:30 Place: University of Bern, Gesellschaftsstrasse 6

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle

Federated Identity Management

SWITCH Resource Registry Guide

AAI for mandatory authentication and proxy usage to allow internet access on public workstations of ETH-Bibliothek

The SWITCHaai Federation

IdP Clustering. You want to prevent service outages. High Availability and Load Balancing. Possible problems: HW failures

Shibboleth User Verification Customer Implementation Guide Version 3.5

Logout Support on SP and Application

Federated Identity Management

CONSORTIUM OF SWISS ACADEMIC LIBRARIES

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

Issues in federated identity management

Implementing Shibboleth at a UK National Academic Data Centre

Feide login (currently username/password)

Federated Access. Henry Hughes JANET(UK)

Network Identity Management Concepts and Standards: The Key Role of Middleware

IGI Portal architecture and interaction with a CA- online

Shibboleth : An Open Source, Federated Single Sign-On System David E. Martin martinde@northwestern.edu

Steps to setup authentication and enrolment through LDAP protocol

Identity and Access Management for Federated Resource Sharing: Shibboleth Stories

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications

Web based single sign on. Caleb Racey Web development officer Webteam, customer services, ISS

SD Departmental Meeting November 28 th, Ale de Vries Product Manager ScienceDirect Elsevier

ESA EO Identify Management

Note: There is no downgrade path from GMM v8.3 (SQL version) to v8.0.

Identity Management. Critical Systems Laboratory

ShibboLEAP Project. Final Report: School of Oriental and African Studies (SOAS) Colin Rennie

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On

The AAF and Shibboleth. eresearch Australasia Prof. James Dalziel Neil Witheridge

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Federated Wikis Andreas Åkre Solberg

USING ESPRESSO [ESTABLISHING SUGGESTED PRACTICES REGARDING SINGLE SIGN ON] TO STREAMLINE ACCESS

Connecting to the University Wireless Network

Getting Started with Single Sign-On

SchoolBooking SSO Integration Guide

Federated Identity for Cloud Computing and Cross-organization Collaboration

AA enabling a closed source legacy application

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Authentication Methods

How To - Implement Single Sign On Authentication with Active Directory

Identity Management. Manager, Identity Management. Academic Technology Services. Michigan State University Board of Trustees

Secure Messaging Server Console... 2

Accelerate Without Fear: Extend Your Enterprise with Identity Federation. Kirk Brown CTO, Identity Management Sun Microsystems

OpenSSO: Cross Domain Single Sign On

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

Authentication Integration

Operating an OpenStack Cloud

Federated Identity Management Checklist

Single Sign-On: Reviewing the Field

SchoolBooking LDAP Integration Guide

Parallels Plesk Panel

Identity Access Management IAM 101. Mike Conlon Director of Data Infrastructure

Shibboleth Identity Provider (IdP) Sebastian Rieger

Enabling a federated environment to support biomedical research. Gianmauro Cuccuru CRS4

UNIL Administration. > Many databases and applications:

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

Federation Are We Ready? Alec Cartwright Authentication Common Capability Design Authority

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

DRUPAL COMMERCE YELLOWCUBE CONNECTOR

Security Assertion Markup Language (SAML) Site Manager Setup

User and Programmer Guide for the FI- STAR Monitoring Service SE

Building Secure Applications. James Tedrick

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

MAGENTO YELLOWCUBE CONNECTOR

IAM, Enterprise Directories and Shibboleth (oh my!)

Groups Inside FHNW: Why it s not just another AAI SP

IDENTITY MANAGEMENT ROLLOUT: IN A HURRY. Jason Blackader, UNIX Systems Administrator

GARR_AAI, Roma, 6 Mar 2007

User and Machine Authentication and Authorization Infrastructure for Distributed Wireless Sensor Network Testbeds

CERN, Information Technology Department

AAI - Authentication and Authorization Infrastructure

AAI - Authentication and Authorization Infrastructure Task Force Certificate Authority Final Report

About Me. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

Setting up a Scheduled task to upload pupil records to ParentPay

Federated Identity Management Solutions

Shibboleth Development and Support Services. OpenID and SAML. Fiona Culloch, EDINA. EuroCAMP, Stockholm, 7 May 2008

NTP Software File Reporter Analysis Server

Using Shibboleth for Single Sign- On

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

DAM-LR Distributed Solution. - ideas -

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Quick Start Guide Migration Planner

WebLogic Server 7.0 Single Sign-On: An Overview

Federated Identity & Access Mgmt for Higher Education

Federated AAA middleware and the QUT SSO environment

BEST CURRENT PRACTICES

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Developing a business model for Identity Management. Dr. Hellmuth Broda, VP Business Development, First Ondemand Spokesperson, Liberty Alliance

Klaus Schmeh. Identity Super Hero

Federated Identity Management

Business and Process Requirements Business Requirements mapped to downstream Process Requirements. IAM UC Davis

CERN Single Sign On. Emmanuel Ormancey CERN IT/IS. CERN IT Department CH-1211 Genève 23 Switzerland

goaml PILOT STAKEHOLDER USER GUIDE REGISTRATION

Getting Started with Single Sign-On

Middleware integration in the Sympa mailing list software. Olivier Salaün - CRU

TF-AACE. Deliverable B.2. Deliverable B2 - The Authentication Component =============================================

Transcription:

AAI in Swiss Higher Education Ueli Kienholz, <kienholz@switch.ch> 2006 SWITCH

Without AAI University A Student Admin Web Mail e-learning Tedious user registration at all resources Unreliable and outdated user data at resources Different login processes Library B e-journals Literature DB Many different passwords Many resources not protected due to difficulties University C Research DB Often IP-based authorization e-learning Costly implementation of inter-institutional access User Administration Authentication Authorization Resource Credentials 2

With AAI University A AAI Student Admin Web Mail e-learning No user registration and user data maintenance at resource needed Single login process for the users Library B e-journals Many new resources available for the users University C Literature DB Research DB e-learning Enlarged user communities for resources Authorization independent of location Efficient implementation of inter-institutional access User Administration Authentication Authorization Resource Credentials 3

SWITCHaai Project Timeline 2001 2002 2003 2004 2005 2006 2007 Study Pilot Implementation Operation Architecture Evaluation -> Shibboleth Study, Planning 4

Shibboleth Open Source Developed by Internet2 Federated Approach Privacy National deployment projects in the US, UK and Finland, growing interest in other European countries For web resources only - as a first step Based on SAML Cooperations with Liberty Alliance Cooperations with Content Providers (e-journals) http://shibboleth.internet2.edu/ 5

Demo (Try it yourself) http://www.switch.ch/aai -> Live Demo -> demo resource http://www.switch.ch/aai/demo/demo_live.html 6

Demo https://kelut.switch.ch/aai/viewer.php 7

Single Sign On Home Org Credentials 4 5 3 WAYF 2 1 6 Demo Resource 9 wayf.switch.ch kelut.switch.ch 8 7 10 E-Learning Resource dokeos.unige.ch https://dokeos.unige.ch/aai/login.php 8

SWITCHaai Building Blocks Interoperation Organisational Framework Identity Providers (Home Orgs) Service Providers (Resources) Central Services Funding 9

Identity Providers (Home Orgs) in SWITCHaai Coverage: 130 000 Users (> 2/3 of all) In Swiss Higher Education Université de Genève Université de Neuchâtel EPFL HES-SO Universität Basel Université de Lausanne University Hospital Zürich Pädagogische Hochschule Bern Université de Fribourg Universität Zürich Universität Bern SWITCH Zürcher Hochschule Winterthur Universität St. Gallen ETH Zürich Universität Luzern Fachhochschule Zentralschweiz SUPSI USI Operational Getting ready Identity Providers 10

Types of Service Providers e-learning OLAT@UniZH WebCT@ETHZ DOIT@USZ Moodle AD Learn & Co Vista@SVC VITELS@UniBE dokeos@unige ILIAS@ETHZ Blackboard libraries ScienceDirect EZproxy@ETHBib other web applications econf-portal@switch Twiki@SWITCH Web-SMS@SWITCH CompiCampus@ETHZ IS-Academia commercial SwissLex Bundesgericht 16 000 active users 79 resources Cablecom eshops Service Providers 11

Organisational Framework SWITCH acts as SWITCHaai Federation Service Provider Federation membership based on signed service agreements Organisation 12

Authorization Attributes Personal Group Membership Unique Identifier Surname Given name Home Organization Name Home Organization Type Affiliation (student, staff, ) Implementation of Attributes Mandatory Recommended or optional E-mail Address(es) Phone number(s) Preferred language Date of birth Gender Study branch Study level Staff category Group membership Organization Path Organizational Unit Path Based on eduperson Attributes Schweizerisches Hochschulinformationssystem (SHIS) NO username, password Interoperation Attribute Specification: http://www.switch.ch/aai/docs/aai_attr_specs.pdf 13

Access Control Example: DOIT DOIT: Dermatology Online with Interactive Technology Resource Identity Provider Access Rule: HomeOrg = UniZH UniBE UniL Affiliation = Student StudyBranch = Medicine StudyLevel = 20 Universität Zürich Universität Bern Universtié de Lausanne Service Providers 14

Central AAI-Services Strategy & Marketing International Contacts Support, Consulting, Training Providing Federation-specific Files and Configuration Guides Operating WAYF (Where Are You From Server) Test-HomeOrg and Test-Resource Tools (AAIportal, Resource Registry) Virtual Home Organization Jump Start Service Central Services 15

Questions? Q & A http://www.switch.ch/aai aai@switch.ch 16

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information