SAML a mature six year old? Glenn Wearen, Paul Caskey & Josh Howlett.
Transcript of SAML a mature six year old? Glenn Wearen, Paul Caskey & Josh Howlett.
SAML a mature six year old?
Glenn Wearen, Paul Caskey & Josh Howlett
Introduction
• Identity Management
• Edugate project
Firstly
• Identity Management (IdM)
• Identity and Access Management (IAM)
Identity Management-who?
Who?
• Students– Onsite / Offsite– Local / Remote– Undergraduate / Postgraduate– Full-time / Part-time– Primary / Post-primary
Who?
• Employees– Full-time– Part-time– Contractors– Temporary– Teaching– Administrative
Identity Management-what?
What?
• User– Firstname– Lastname– Password– Group– Role– Email– Id
– X500– Active Directory– eduPerson– SCHAC– Custom
Identity Management-when?
When?
• Registration– New Student– Transfer
• Re-registration– Undergraduate > Postgraduate > Lecturer
• Graduation
• Alumni
When?
• IdM Lifecycle– Provision– Promote– Demote– Disable– Enable– Deprovision– Reprovision– Synchronise
Identity Management-where?
Where?
• Registry• HR• Alumni database
• Email• Directory• Database• Library• External Services
Where?
• Resources
– Application• Webmail• Portal• VLE• Device
– Computing Resource• Desktop• Server• Grid
Where?
• Resources
• Internal– Remotely Accessible?
• External– Remotely Accessible?
Identity Management-why?
Why?
• Because we have to...
...as part of day to day responsibility
Why?
• Because we have to...
...if we get it wrong, the consequences can be far reaching.
Why?
• Because we have to...
...our users expect to be able to have some control over their digital identity.
Why?
• Because we have to...
... Student and employee login accounts are valuable.
Identity Management-how?
What is the best practice?
• Kim Cameron’s 7 Laws of Identity.– 1. User Control and Consent– 2. Minimal Disclosure for a Constrained Use– 3. Justifiable Parties– 4. Directed Identity– 5. Pluralism of Operators and Technologies– 6. Human Integration– 7. Consistent Experience Across Contexts
What is the best framework?
• Centralised
What is the best framework?
• Centralised
• Devolved
What is the best framework?
• Centralised
• Devolved– SAML (or similar)– Active Directory Inter-domain Trust– Kerberos– RADIUS
• User-centric
What is the best framework?
• Centralised
• Devolved
• User-centric
• Hybrid
?
Edugate
• e-INIS PRTLI Cycle 4 • Research Federated Access• Technology Trial• Pilot Project
Edugate
Research• Federated Models• Existing Federations
– Schema (x500, eduPerson, SCHAC)– Protocols (SAML based only)
• Policy– Governance (Direction)– Membership (Rules)
Edugate
Technology Trial
• Protocols and Standards– Shibboleth 1.3 & 2.0– ADFS– SAML– eduPerson
• Interoperability
• Performance and scalability
Edugate
Pilot Project• Services
– Managed IdP– Hosted IdP– Hosted SP
• Applications– Web-based– GRID
Summary
IAM
• Who
• What
• When
• Where
• Why
• How
Edugate
• Research
• Trial
• Pilot
Lastly
Questions
Athens
Federated Access as SSO for Campus.
Federated Access for HEI