1 / 40

SAML a mature six year old?

SAML a mature six year old?. Glenn Wearen, Paul Caskey & Josh Howlett. Introduction. Identity Management Edugate project. Firstly. Identity Management (IdM) Identity and Access Management (IAM). Identity Management -who?. Who?. Students Onsite / Offsite Local / Remote

autumn-jackson
Download Presentation

SAML a mature six year old?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SAML a mature six year old? Glenn Wearen, Paul Caskey & Josh Howlett

  2. Introduction • Identity Management • Edugate project

  3. Firstly • Identity Management (IdM) • Identity and Access Management (IAM)

  4. Identity Management-who?

  5. Who? • Students • Onsite / Offsite • Local / Remote • Undergraduate / Postgraduate • Full-time / Part-time • Primary / Post-primary

  6. Who? • Employees • Full-time • Part-time • Contractors • Temporary • Teaching • Administrative

  7. Identity Management-what?

  8. What? • User • Firstname • Lastname • Password • Group • Role • Email • Id • X500 • Active Directory • eduPerson • SCHAC • Custom

  9. Identity Management-when?

  10. When? • Registration • New Student • Transfer • Re-registration • Undergraduate > Postgraduate > Lecturer • Graduation • Alumni

  11. When? • IdM Lifecycle • Provision • Promote • Demote • Disable • Enable • Deprovision • Reprovision • Synchronise

  12. Identity Management-where?

  13. Where? • Registry • HR • Alumni database • Email • Directory • Database • Library • External Services

  14. Where? • Computing Resource • Desktop • Server • Grid • Resources • Application • Webmail • Portal • VLE • Device

  15. Where? • External • Remotely Accessible? • Resources • Internal • Remotely Accessible?

  16. Identity Management-why?

  17. Why? • Because we have to... ...as part of day to day responsibility

  18. Why? • Because we have to... ...if we get it wrong, the consequences can be far reaching.

  19. Why? • Because we have to... ...our users expect to be able to have some control over their digital identity.

  20. Why? • Because we have to... ... Student and employee login accounts are valuable.

  21. Identity Management-how?

  22. What is the best practice? • Kim Cameron’s 7 Laws of Identity. • 1. User Control and Consent • 2. Minimal Disclosure for a Constrained Use • 3. Justifiable Parties • 4. Directed Identity • 5. Pluralism of Operators and Technologies • 6. Human Integration • 7. Consistent Experience Across Contexts

  23. What is the best framework? • Centralised

  24. What is the best framework? • Centralised • Devolved

  25. What is the best framework? • Centralised • Devolved • SAML (or similar) • Active Directory Inter-domain Trust • Kerberos • RADIUS • User-centric

  26. What is the best framework? • Centralised • Devolved • User-centric • Hybrid

  27. ?

  28. Edugate • e-INIS PRTLI Cycle 4 • Research Federated Access • Technology Trial • Pilot Project

  29. Edugate Research • Federated Models • Existing Federations • Schema (x500, eduPerson, SCHAC) • Protocols (SAML based only) • Policy • Governance (Direction) • Membership (Rules)

  30. Edugate Technology Trial • Protocols and Standards • Shibboleth 1.3 & 2.0 • ADFS • SAML • eduPerson • Interoperability • Performance and scalability

  31. Edugate Pilot Project • Services • Managed IdP • Hosted IdP • Hosted SP • Applications • Web-based • GRID

  32. Summary • Edugate • Research • Trial • Pilot IAM • Who • What • When • Where • Why • How

  33. Lastly Questions Athens Federated Access as SSO for Campus. Federated Access for HEI

More Related