Feide Connect
-
Upload
andreas-akre-solberg -
Category
Technology
-
view
433 -
download
0
description
Transcript of Feide Connect
![Page 1: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/1.jpg)
«Feide Connect»Next generation service platform for advanced services and collaboration services for higher education.
[email protected] Åkre Solberg
![Page 2: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/2.jpg)
!2
Web Single Sign-On with Feide was sufficient to provide a seamless user experience across services.
Once upon a time
![Page 3: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/3.jpg)
Collaboration on Internet
✤ A dynamic working groups spanning multiple organizations, work together using digital collaboration tools:
✤ A wiki
✤ Document sharing tool
✤ Meeting planner and calendar
✤ A Web meeting tool
✤ A web forum or mailinglist
!3
![Page 4: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/4.jpg)
![Page 5: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/5.jpg)
Feide Connect
5
HTTP API
Authentication
Groupsand
Roles
OAuthAuthorization Engine
Activity streams
Peoplesearch
APIAuthz
Mngmnt
SelfService
![Page 6: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/6.jpg)
oktober 23, 2013
Feide Connect
New architecture
API-based instead of SSO-flow
OAuth + authentication
Makes use of Feide (without changes)
Offers additional services
Better support for mobile, desktop etc.
API Authorization Management
Extremely simple integration for Service Providers
Low-bar of entry (for students, non-commercial, etc)
!6
Feide ConnectFeide
Feidetjeneste
Tredjepartsklient /integrasjon
Tjenestebackend
API
Web appMobil app
lagringpersonsøkgrupper API authzaktivitetstr
![Page 7: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/7.jpg)
Authentication
Feide based upon SAML 2.0
Rather complex results in relatively high integration cost for Service Providers.
Limited opportunities to the «login request -> response»-flow.
!Trends in consumer markets (Facebook, Google, Twitter, Linkedin, Salesforce)
From enterprise protocols towards APIs / REST and OAuth
Providers needs to offer APIs and third party integration anyway; OAuth
Easy to establish a simple authentication protocol (userinfo) on top of that
OpenID Connect
Built-in support for cross-federation (eduGAIN, Kalmar) and guest users.
oktober 23, 2013 7
![Page 8: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/8.jpg)
Groups and roles
!8
![Page 9: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/9.jpg)
Groups and roles
!9
API Service
Base layer: builds groups from Feide attributes
Connector to FS:emner, studieretning med mer.
Support for Ad-Hoc groupsAnyone can create groups for their collaboration needs. Cross-organizational groups.
Support for custom external connectors to an institutions authoritative source of group data.
Feide ConnectFeide
Feidetjeneste
Tredjepartsklient /integrasjon
FS
Web appMobil app
lagringpersonsøkGroups API authzaktivitetstr
AdHocExt Connectors
![Page 10: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/10.jpg)
Ad-hoc group management front-end
!10
![Page 11: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/11.jpg)
People Search
!11
Separate People Search API
Authenticated API
Also available as a JS library
And as a Federated Widget
Relies on already public information
Better user experience to search for real user names, than to add userids.
![Page 12: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/12.jpg)
Modell for grupper
!12
Superenkel, men utvidbar, informasjonsmodell
!!!!!Protokoll for:
hente ut liste over grupper for gjeldende bruker (fra FeideID)
hente ut liste over medlemmer for en gitt gruppe (fra gruppeID)
![Page 13: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/13.jpg)
Utvidet modell
!13
Standardisering per gruppe-type for utvidede egenskaper.
![Page 14: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/14.jpg)
Subscriptions
!14
Content associated with public groups. Users may subscribe.
![Page 15: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/15.jpg)
Activity Streams
!15
![Page 16: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/16.jpg)
!16
One activity stream per group.
Generic information model
Acitivites posted to one or more groups
!User interfaces
WebApp frontend
Mobile app frontend
Widgets
API
Activity Streams
Andr
eas c
reate
d a w
iki pa
ge
«welc
ome!»
at A
gora
Armaz
shar
ed a
file «a
rchite
cture
.pdf»
at C
louds
tor
Simon
sch
edule
d a ne
w mee
ting
Andr
eas c
onfirm
ed an
d
will a
ttend
mee
ting
A ne
w us
er Th
orlei
f is
adde
d to t
he gr
oup
![Page 17: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/17.jpg)
!17
![Page 18: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/18.jpg)
!18
The most important activity updates
Email and mobile push notifications
Personal preferences
Notifications
![Page 19: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/19.jpg)
Open Data
!19
![Page 20: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/20.jpg)
!20
Universities increasing interest to share their data using APIs.
Motivates growth of new innovative, and better services for the employees and students.
!Privacy very important!
Complex to provide authentication model for delegated access to personal data.
Open Data
![Page 21: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/21.jpg)
Self-service
!21
![Page 22: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/22.jpg)
!22
Registration of new clients !Third parties register new clients, and requests access to API scopes.
![Page 23: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/23.jpg)
!23
Managing clients !› Trust › Scope management › Statistics !› Authorization workflow
![Page 24: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/24.jpg)
!24
API Authorization workflow !API owner grants access to new clients. › Clients bounded to authenticated users / organizations
![Page 25: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/25.jpg)
!25
The platform will make sure end users accessing the clients are authenticated (using Feide).
Users accessing clients, is handled through Feide login
![Page 26: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/26.jpg)
!26
API Authorization Dialog
![Page 27: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/27.jpg)
!27
Client has obtained a token, and can access «Feide Connect» services, such as: !> user info, > groups, > activity streams
![Page 28: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/28.jpg)
!28
Any student or employee in Europe should be able to login with their local credentials on the through the platform.
Established cross-federation connections through eduGAIN and Kalmar.
!Collaboration on harmonizing group definitions and exchange protocols with other countries.Collaboration through GÉANT, Terena.
Nordic collaboration through NordForum?
Standardization OAuth, OpenID Connect, SCIM, OpenSocial, ActivityStreams, Misc W3C
International Collaboration
![Page 29: Feide Connect](https://reader034.fdocuments.us/reader034/viewer/2022052601/5596d7f41a28aba9098b4755/html5/thumbnails/29.jpg)
!29
Identifikator for mapping av bruker, brukerID, FeideID, studentID, personnummer, etc.
Hvilke type grupper, og evnt roller
Avtaleverk, og tilgang i utviklingsfasen
Kilde for dataene, WS vs database
Hastighet på oppslag
Samarbeid, UNINETT <-> FS
Til diskusjon