Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz...
-
Upload
bruce-cole -
Category
Documents
-
view
216 -
download
0
Transcript of Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz...
Attribute Authentication Description
eduPersonPrincipalName yes login id
eduPersonAffiliation yes groups/ roles
eduPersonTargetedID yes unique id
mail no email address
givenName no given name
postalAddress no address
telephoneNumber no phone number
sn no surname
cn no common name
Current list of common attributes of the EDIT federation
Single Sign-On for the EDIT platformLutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller²
1 Freie Universität Berlin, Department of Computer Science, Networked Information Systems (http://www.ag-nbi.de)
2 Freie Universität Berlin, Botanic Garden and Botanical Museum Berlin-Dahlem (BGBM)
Find more information at http://www.e-taxonomy.eu or contact Lutz Suhrbier ([email protected])
Picture copyrights (top-left corner):© Copyright Person The following pictures are under Creative Commons 3.0: XXXX 2005
Protects and provides access to all EDIT platform components• Built up on the Security Assertion Markup Language
(SAML) web profile (e.g. Shibboleth, OpenSSO)• Only a single identity per user required
• only one user id and password to remember
accounts at home institution can be reused
Attribute Based Access Control (ABAC) for service providers• considerably reduced administrative costs• definition of individual access control policies
EDIT's Community Single Sign-On (CSSO) security infrastructure
EDIT federation
• Abides organisations by a common set of policies & practices• operational procedures and security mechanisms• attributes & entitlements to be exchanged (eduPerson)• identical attribute interpretation (role/group assignment)• Legal issues like Intellectual Property Rights and privacy
• Enables trusted interaction without bilateral agreements• Open to all biodiversity institutions or service contributors
• as Identity Provider(IdP) and/or Service Provider(SP)• Vision: Build up a biodiversity community federation
The EDIT platform provides a multitude of web-based taxonomic applications and services.
The diversity of service providers reflects the highly distributed, cross-national organisational infrastructure of biodiversity institutions and collections in general
• Result is a problem of identity management
system administrators have to register users and maintain several access control lists for each service individually
users have to remember a variety of login/password combinations to access all these different services
• Need for a comfortable single sign-on (SSO) solution
reflecting the specifics of biodiversity infrastructures
Why Community Single Sign-On ?
Source: http://switch.ch/aai/about/federation/
Join the federation as IdP and/or SP
• Identity Provider (IdP) is responsible for an organisation's• secure user login and attribute delivery to SPs
integration of existing identity management solutions• data privacy management for user attributes
• Service Provider (SP) provides cross-organisational access• to EDIT web resources for federated users
based on individual access control policies for resources• Support and demo installations available
dedicated server and hosted web space environments
Integration of Drupal, Spring, Trac, etc. • Looking for further application scenarios
Information flow of the CSSO login procedure
Typical SAML-based federation infrastructure