1 / 15

DK update

DK update. David Simonsen, WAYF (the federation formerly known as DK-AAI). It's a WAYF. It's about consent. It's a project. WAYF architecture. simpleSAMLphp. SAML2. LDAP Host’ed. + CAS. Shibboleth 1.3. Supported interfaces. SP: SAML2 SP: Shibboleth 1.3 IdP: SAML2

ostinmannual
Download Presentation

DK update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DK update • David Simonsen, WAYF • (the federation formerly known as DK-AAI) It's a WAYF It's about consent It's a project

  2. WAYF architecture simpleSAMLphp SAML2 LDAP Host’ed + CAS Shibboleth 1.3

  3. Supported interfaces • SP: SAML2 • SP: Shibboleth 1.3 • IdP: SAML2 • IdP: LDAP (hosted login page) • IdP: CAS + LDAP

  4. IdM requirements • Describe your IdP routines (will not be publicly available) • 24 hours after status is changed, status is changed... • LoA - not supported • Strenth of initial authentication not flagged

  5. Attributes • MUST • ---- Personal information----- • SurName • GivenName • CommonName • eduPersonPricipleName • Mail • eduPersonPrimaryAffiliation • ----- Information about the organisation----- • schacHomeOrganization • MAY • ---- Personal information ---- • norEduPersonNIN • eduPersonScopedAffiliation • PreferredLanguage • eduPersonEntitelment • ----- Information about the organisation----- • - • Attributtes provided / generated by WAYF • eduPersonTargedID (hash (SP-ID + hash (IdP-ID + salt + unique-personID) + salt) • OrganizationName

  6. Attribute profiles • Normal profile • eduPersonPrimaryAffiliation • schacHomeOrganization • Extended profile with persistent ID • eduPersonPrimaryAffiliation • schacHomeOrganization • eduPersonTargedID • Extended profil with persistent ID and name • eduPersonPrimaryAffiliation • schacHomeOrganization • eduPersonTargedID • SurName • GivenName • CommonName • Extended profil with persistent ID, name and email • eduPersonPrimaryAffiliation • schacHomeOrganization • eduPersonTargedID • SurName • GivenName • CommonName • mail

  7. WAYF is live • as of 28th of March 2008 • All central services running • WAYF, consent, consent-admin • Central federating component (CFC): simpleSAMLphp • Contract draft (turned down yesterday) • websites open (Danish only so far) • Production evironment + QA • Press release to come (with ministers)

  8. WAYF is live • Only a few services still • Cross federated to FEIDE (OpenWiki, Foodle)

  9. Connected institutions • The Royal Library • Roskilde University • Syddansk University • The State Library • WAYF Orphanage • Århus University • Technical University of DK

  10. Planned services • Connect, Forskningsnettets videotjeneste • DSB • NetID • BBC Motion Gallery • Danske reklamefilm • eduMedia, Forskningsnettet • Studenterportaler

  11. Planned services • NIAS, Nordisk Inst. for Asien Studier (Kalmar) • Microsoft's 'Dream Sparks' • ElseVier (forlag) • OVID (forlag) • EBSCO (forlag) • WAYF-baseret ID-oprettelse

  12. Users' consent

  13. Volontarily The users' informed consent Obligation to inform Specific Informed Consent No personal info is kept

  14. Ingen personlige oplysninger gemmes ! 2km4756k4l3n43j34j3 8ds989g+sdfhkjrwk30

  15. DEMONSTRATION • www.wayf.dk • www.dk-aai.dk • wiki.dk-aai.dk • https://wayf.wayf.dk/consent/consentAdmin.php

More Related