AMR - Ericsson Network;AMR - Ericsson NetworkAMR - Ericsson Network
Identity Management Framework on Ericsson Labs
Click here to load reader
-
Upload
ericsson-labs -
Category
Technology
-
view
3.376 -
download
0
description
Transcript of Identity Management Framework on Ericsson Labs
Identity
Management
Framework
A labs.ericsson.com APIhttp://labs.ericsson.com/apis/identity-management-framework/
© Ericsson AB 2010 | Page 2
Identity Management
Framework
› The Identity (ID) Management Framework enables your website to provide easy and secure sign-in and sign-up.
› The ID Management Framework is composed by two main parts:
– An API that allows you to easily provide secure registration and
authentication functionalities to your website.
– A Portal that allows your end-users to manage and control their accounts.
› It is based on the OpenID protocol and provides support to GBA-based authentication method.
– GBA is the upcoming technology for authentication using Mobile Network
Operators’ infrastructure.
› Support for Android smartphones and computer desktops.
© Ericsson AB 2010 | Page 3
WHY ID Management
Framework Enabler?
› Make your website easy and secure to sign-in and sign-up.
› Increase the number of registered users by eliminating the barrier of creating a new account.
› Enable OpenID on your website with a few simple steps.
› No need to worry about registration forms, secure storage of usernames and passwords, security algorithms and protocols.
© Ericsson AB 2010 | Page 4
Main Features of the ID
Management Framework
› Support OpenID authentication: Your website can provide login for your users using our ID Management Server or any other OpenID Identity Provider on the Internet.
› Select the authentication method our Portal should use for your users: Username/password or GBA-based authentication.
› Request user’s information commonly requested on registration forms (e.g., full name, email, phone, address).
© Ericsson AB 2010 | Page 5
ID Management Framework
Overview
© Ericsson AB 2010 | Page 6
// Create a instance of the ClientAuthenticator class using the URL where your
// server will receive the responses for your authentication requests
ClientAuthenticator clientAuthenticator = new ClientAuthenticator ("http://
yoursite.com" + "?is_return=true");
// [Optional] Set which attributes you want to request.
AttributeRequest attrReq = new AttributeRequest();
attrReq.setFullnameRequested(true); attrReq.setEmailRequested(true);
// Create the authentication request URL. The userSuppliedString parameter is
// the OpenID identity informed by the user or our IdM server address.
String redirectRequestURL =
clientAuthenticator.getAuthRedirectionURL(userSuppliedString, attrReq);
// Redirect the user's browser and place the authentication request.
httpServletResponse.sendRedirect(redirectRequestURL);
Java Web API
› The API allows you to enable OpenID on your website.
› For your users, logging in your website can be as simple as clicking on a button.
© Ericsson AB 2010 | Page 7
Example application
Our API allows users to log into your website using the Ericsson
Labs Identity Management Framework.
The user’s web browser will be redirected to the Labs ID
Management website for authentication.After successful authentication, the Labs ID Management Server
will redirect the user’s browser back to your website with a
confirmation, containing the user’s OpenID identity and some
optional attributes (e.g., full name, email, phone, address).
© Ericsson AB 2010 | Page 8
Android Support
› The user’s device can be an Android smartphone.
› The framework implements software that partially simulates SIM Card functionalities, which we call GCE (GBA Credential Engine).
© Ericsson AB 2010 | Page 9