1 / 15

Siteminder/OpenID

Siteminder/OpenID. Anthony Fletcher Division of Computational Bioscience Center for Information Technology. mAdb Microarray Data Management & Analysis System. mAdb Microarray Data Management & Analysis System. Has 200 active users at any one time

kami
Download Presentation

Siteminder/OpenID

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology

  2. mAdb Microarray Data Management & Analysis System

  3. mAdb Microarray Data Management & Analysis System • Has 200 active users at any one time • Users come and go depending on the stage of their research • 20%-30% are external users • There are users from Germany, Italy, Spain, Chile etc. • Many external users were once at NIH • All external users have an NIH sponsor

  4. Human Salivary Proteome ProjectCIT and NIDCR • Expect approximately 50 to 100 users • Most users from outside NIH, some outside USA • Users invited by NIDCR

  5. How do we handle external users? • inCommon Federation • Not every organisation belongs • NIHext LDAP • Cumbersome to enter user information • OpenID • Choose Google, Yahoo!, VeriSign, PayPal • Not a free ride; a lot of information is missing or wrong

  6. Authentication and Authorisation • Authentication: who is this person? • Authorisation: shall we let this person in? OpenID provides authentication not authorisation. Each application still has to authorise users.

  7. What do you get? NIH Staff • First name • Last name • All of my NIH information :-)

  8. What do you get? Google Yahoo! is similar

  9. What do you get? VeriSign Email address is at user’s discretion, and may not even be valid PayPal is similar

  10. What can you rely on? You can only reply on: • Persistent ID (HTTP_FED_PERSIST_ID header) • https://openid.paypal-ids.com/?jwDOK7gSp3GHu7gAxPJmt0RI1CWmd2JFuK02i23TYeY= • User UPN (HTTP_USER_UPN header) • Generated by CIT/DECA • user_31@federation_1.nih.gov Use these as your user identification

  11. OpenID Pros • No need to manage user passwords • Users are able to freely get accounts with these four vendors • Open to every user • Many users already have accounts

  12. OpenID Cons • Lack of information being passed through • Still need to collect information from the user when identity is registered • Persistent ID is not as pretty as a username

  13. Progress • mAdb are well on their way to implementing this for their external users • HSPP currently use inCommon but will need to use OpenID for some of their users • Other CIT/DCB projects are using NIHext, where OpenID would be a better option

  14. In Conclusion • NIHlogin is easy to use • OpenID works with NIHlogin • OpenID in excellent replacement for NIHext, or otherwise managing accounts, for low assurance Web applications

  15. Questions

More Related