Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information...
-
date post
19-Dec-2015 -
Category
Documents
-
view
216 -
download
1
Transcript of Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information...
![Page 1: Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.](https://reader035.fdocuments.in/reader035/viewer/2022062515/56649d2b5503460f949ffe56/html5/thumbnails/1.jpg)
Siteminder/OpenID
Anthony FletcherDivision of Computational Bioscience
Center for Information Technology
![Page 2: Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.](https://reader035.fdocuments.in/reader035/viewer/2022062515/56649d2b5503460f949ffe56/html5/thumbnails/2.jpg)
mAdb Microarray Data Management & Analysis System
![Page 3: Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.](https://reader035.fdocuments.in/reader035/viewer/2022062515/56649d2b5503460f949ffe56/html5/thumbnails/3.jpg)
mAdb Microarray Data Management & Analysis System
• Has 200 active users at any one time• Users come and go depending on the stage of
their research• 20%-30% are external users• There are users from Germany, Italy, Spain,
Chile etc.• Many external users were once at NIH• All external users have an NIH sponsor
![Page 4: Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.](https://reader035.fdocuments.in/reader035/viewer/2022062515/56649d2b5503460f949ffe56/html5/thumbnails/4.jpg)
Human Salivary Proteome ProjectCIT and NIDCR
• Expect approximately 50 to 100 users
• Most users from outside NIH, some outside USA
• Users invited by NIDCR
![Page 5: Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.](https://reader035.fdocuments.in/reader035/viewer/2022062515/56649d2b5503460f949ffe56/html5/thumbnails/5.jpg)
How do we handle external users?
• inCommon Federation – Not every organisation belongs
• NIHext LDAP– Cumbersome to enter user information
• OpenID– Choose Google, Yahoo!, VeriSign, PayPal– Not a free ride; a lot of information is missing or
wrong
![Page 6: Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.](https://reader035.fdocuments.in/reader035/viewer/2022062515/56649d2b5503460f949ffe56/html5/thumbnails/6.jpg)
Authentication and Authorisation
• Authentication: who is this person?• Authorisation: shall we let this person in?
OpenID provides authentication not authorisation. Each application still has to authorise users.
![Page 7: Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.](https://reader035.fdocuments.in/reader035/viewer/2022062515/56649d2b5503460f949ffe56/html5/thumbnails/7.jpg)
What do you get? NIH Staff
• First name• Last name• All of my NIH
information :-)
![Page 8: Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.](https://reader035.fdocuments.in/reader035/viewer/2022062515/56649d2b5503460f949ffe56/html5/thumbnails/8.jpg)
What do you get? Google
Yahoo! is similar
![Page 9: Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.](https://reader035.fdocuments.in/reader035/viewer/2022062515/56649d2b5503460f949ffe56/html5/thumbnails/9.jpg)
What do you get? VeriSign
Email address is at user’s discretion, and may not even be valid
PayPal is similar
![Page 10: Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.](https://reader035.fdocuments.in/reader035/viewer/2022062515/56649d2b5503460f949ffe56/html5/thumbnails/10.jpg)
What can you rely on?
You can only reply on:• Persistent ID (HTTP_FED_PERSIST_ID header)– https://openid.paypal-ids.com/?
jwDOK7gSp3GHu7gAxPJmt0RI1CWmd2JFuK02i23TYeY=
• User UPN (HTTP_USER_UPN header)– Generated by CIT/DECA– user_31@federation_1.nih.gov
Use these as your user identification
![Page 11: Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.](https://reader035.fdocuments.in/reader035/viewer/2022062515/56649d2b5503460f949ffe56/html5/thumbnails/11.jpg)
OpenID Pros
• No need to manage user passwords• Users are able to freely get accounts with
these four vendors• Open to every user• Many users already have accounts
![Page 12: Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.](https://reader035.fdocuments.in/reader035/viewer/2022062515/56649d2b5503460f949ffe56/html5/thumbnails/12.jpg)
OpenID Cons
• Lack of information being passed through• Still need to collect information from the user
when identity is registered• Persistent ID is not as pretty as a username
![Page 13: Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.](https://reader035.fdocuments.in/reader035/viewer/2022062515/56649d2b5503460f949ffe56/html5/thumbnails/13.jpg)
Progress
• mAdb are well on their way to implementing this for their external users
• HSPP currently use inCommon but will need to use OpenID for some of their users
• Other CIT/DCB projects are using NIHext, where OpenID would be a better option
![Page 14: Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.](https://reader035.fdocuments.in/reader035/viewer/2022062515/56649d2b5503460f949ffe56/html5/thumbnails/14.jpg)
In Conclusion
• NIHlogin is easy to use• OpenID works with NIHlogin• OpenID in excellent replacement for NIHext,
or otherwise managing accounts, for low assurance Web applications
![Page 15: Siteminder/OpenID Anthony Fletcher Division of Computational Bioscience Center for Information Technology.](https://reader035.fdocuments.in/reader035/viewer/2022062515/56649d2b5503460f949ffe56/html5/thumbnails/15.jpg)
Questions