SAML a mature six year old?
-
Upload
autumn-jackson -
Category
Documents
-
view
39 -
download
0
description
Transcript of SAML a mature six year old?
![Page 1: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/1.jpg)
SAML a mature six year old?
Glenn Wearen, Paul Caskey & Josh Howlett
![Page 2: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/2.jpg)
Introduction
• Identity Management
• Edugate project
![Page 3: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/3.jpg)
Firstly
• Identity Management (IdM)
• Identity and Access Management (IAM)
![Page 4: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/4.jpg)
Identity Management-who?
![Page 5: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/5.jpg)
Who?
• Students– Onsite / Offsite– Local / Remote– Undergraduate / Postgraduate– Full-time / Part-time– Primary / Post-primary
![Page 6: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/6.jpg)
Who?
• Employees– Full-time– Part-time– Contractors– Temporary– Teaching– Administrative
![Page 7: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/7.jpg)
Identity Management-what?
![Page 8: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/8.jpg)
What?
• User– Firstname– Lastname– Password– Group– Role– Email– Id
– X500– Active Directory– eduPerson– SCHAC– Custom
![Page 9: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/9.jpg)
Identity Management-when?
![Page 10: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/10.jpg)
When?
• Registration– New Student– Transfer
• Re-registration– Undergraduate > Postgraduate > Lecturer
• Graduation
• Alumni
![Page 11: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/11.jpg)
When?
• IdM Lifecycle– Provision– Promote– Demote– Disable– Enable– Deprovision– Reprovision– Synchronise
![Page 12: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/12.jpg)
Identity Management-where?
![Page 13: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/13.jpg)
Where?
• Registry• HR• Alumni database
• Email• Directory• Database• Library• External Services
![Page 14: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/14.jpg)
Where?
• Resources
– Application• Webmail• Portal• VLE• Device
– Computing Resource• Desktop• Server• Grid
![Page 15: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/15.jpg)
Where?
• Resources
• Internal– Remotely Accessible?
• External– Remotely Accessible?
![Page 16: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/16.jpg)
Identity Management-why?
![Page 17: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/17.jpg)
Why?
• Because we have to...
...as part of day to day responsibility
![Page 18: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/18.jpg)
Why?
• Because we have to...
...if we get it wrong, the consequences can be far reaching.
![Page 19: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/19.jpg)
![Page 20: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/20.jpg)
Why?
• Because we have to...
...our users expect to be able to have some control over their digital identity.
![Page 21: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/21.jpg)
![Page 22: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/22.jpg)
Why?
• Because we have to...
... Student and employee login accounts are valuable.
![Page 23: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/23.jpg)
![Page 24: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/24.jpg)
Identity Management-how?
![Page 25: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/25.jpg)
What is the best practice?
• Kim Cameron’s 7 Laws of Identity.– 1. User Control and Consent– 2. Minimal Disclosure for a Constrained Use– 3. Justifiable Parties– 4. Directed Identity– 5. Pluralism of Operators and Technologies– 6. Human Integration– 7. Consistent Experience Across Contexts
![Page 26: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/26.jpg)
What is the best framework?
• Centralised
![Page 27: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/27.jpg)
![Page 28: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/28.jpg)
What is the best framework?
• Centralised
• Devolved
![Page 29: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/29.jpg)
![Page 30: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/30.jpg)
What is the best framework?
• Centralised
• Devolved– SAML (or similar)– Active Directory Inter-domain Trust– Kerberos– RADIUS
• User-centric
![Page 31: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/31.jpg)
![Page 32: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/32.jpg)
What is the best framework?
• Centralised
• Devolved
• User-centric
• Hybrid
![Page 33: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/33.jpg)
?
![Page 34: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/34.jpg)
![Page 35: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/35.jpg)
Edugate
• e-INIS PRTLI Cycle 4 • Research Federated Access• Technology Trial• Pilot Project
![Page 36: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/36.jpg)
Edugate
Research• Federated Models• Existing Federations
– Schema (x500, eduPerson, SCHAC)– Protocols (SAML based only)
• Policy– Governance (Direction)– Membership (Rules)
![Page 37: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/37.jpg)
Edugate
Technology Trial
• Protocols and Standards– Shibboleth 1.3 & 2.0– ADFS– SAML– eduPerson
• Interoperability
• Performance and scalability
![Page 38: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/38.jpg)
Edugate
Pilot Project• Services
– Managed IdP– Hosted IdP– Hosted SP
• Applications– Web-based– GRID
![Page 39: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/39.jpg)
Summary
IAM
• Who
• What
• When
• Where
• Why
• How
Edugate
• Research
• Trial
• Pilot
![Page 40: SAML a mature six year old?](https://reader036.fdocuments.in/reader036/viewer/2022062408/56813216550346895d9872a1/html5/thumbnails/40.jpg)
Lastly
Questions
Athens
Federated Access as SSO for Campus.
Federated Access for HEI