170 likes | 303 Views
EuroCAMP Authentication ( AuthN ). EuroCAMP Tuesday, November 23 rd , 2010 Brook Schofield Project Development Officer brook@terena.org www.terena.org. Campus Architecture & Middleware Planning…. My Blurb:
E N D
EuroCAMPAuthentication (AuthN) EuroCAMP Tuesday, November 23rd, 2010 Brook Schofield Project Development Officerbrook@terena.orgwww.terena.org
Campus Architecture & Middleware Planning… • My Blurb: • Focusing on the first step of the 'domestication' progression we'll cover authentication for applications, showing examples of externalising authentication and identifying the technologies of interest to this group. • Q: First step? • Q: Domestication? • applications that work well with enterprise infrastructure, typically by externalizing group management, authentication, and/or authorization - COmanage webpage via RL ‘Bob’ Morgan
AuthN is easy! • That’s why everyonedoes it! • Previously everyone "had" to do it. • Campus' created accounts because their students needed them. • Commercial providers created accounts so people could access them. • Password synchronization is handled by the user.
Many campus solutions to the username/password problem. • NIS, Novell • Windows for Work Groups • LDAP and Microsoft AD • Kerberos • CAS, WebAuth • Limited to the Campus • Need to expand outside the Campus
The campus problem disrupted. • Campus’ always had external resources • Solved by liberal licensing • Reverse Proxies • VPN • Complicated by: • Mobile students • Proliferation of Devices • IPv6 • $ £ € ¥ ₨
Levels in the AuthN Continuum • 1 - Username/Password for All Services • Manual sign-up by the user • Password reset problem • Deprovisioning Problem • 2 - Shared Identity • LDAP Backend • Password Synchronisation (maybe) • 3 - Externalised Identity • Identity Federation (SAML) • Single Point • OpenID vs Facebook vs Google
Quick Poll… How many username/password combinations do use in a day? Including the ones that your browser / os remember for you. 1 2-5 5-15 15+
Integrating 3rd Party Applications • Stupid Applications are the easiest • Any HTTP Basic Auth? • Embedded Username/Password Dialog • Hardest to deal with (especially flash) • Lots of Options • simpleSAMLphp • Shibboleth-SP • OIOSAML SP • Fedlet • OpenAM
…including the kitchen sink. • Applications are diverse • Skinning a Cat • Users are diverse • From different sources • IdPs are diverse • No two attributes the same
brook@terena.org +31651553991 sip:schofield@terena.org skype://brookschofield @BrookSchofield facebook.com/brook.schofield linkedin.com/in/brookschofield Questions?“A man with one watch knows what time it is; a man with two watches is never quite sure.” Lee Segall