Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service...

22
Web Authentica tion with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge [email protected]

  • date post

    21-Dec-2015

  • Category

    Documents

  • view

    216

  • download

    1

TAGS:

Transcript of Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service...

Page 1: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

Web Authenticati

on with Shibboleth

A view from the Flat East

Jon WarbrickComputing Service

University of [email protected]

mailto:[email protected]
Page 2: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

Once upon a time there was the web...

Page 3: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

...and then sites started to want to identify their visitors

<Location /basic> AuthType Basic AuthName "Who are you?" require valid-user</Location>

Page 4: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

To each site its own users

Page 5: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

Organization-wide SSOs

•University of Cambridge Raven

•Oxford WebAuth

•Classic Athens (R.I.P.)

•Google

• etc, etc, ...

Page 6: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

Great for the institution

Not so good for anything

outside

InsideInside

OutsideOutside

Page 7: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

•Data protection

• Trust

Two elephants

Page 8: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

Enter the Griffin• AKA Shibboleth

• A Web Auth system designed to support (though not to require)

•multiple IdPs

• inter-organization use

• privacy and anonymity

•multiple attributes

Page 9: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

Myth and Legends• Shib is only for e-

Journals

•Only supports anonymity

•Only supplied by Internet2

•Doesn’t do standards

• Is really hard

Page 10: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

So, what can we do with it?

Page 11: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

E-Journals

Page 12: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

Standard web server plugins

Page 13: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

Authorization decisions

Directory

Page 14: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

Other people

Page 15: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

Other people, take 2

Page 16: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

Existing software

EZproxyEZproxy

Page 17: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

VHS vs. Betamax

Facebook Connect

Google Friends Connect

Page 18: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

•There may be questions...

•...including perhaps ‘Why “Shibboleth?”’

Thanks for listening...

Page 19: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.
Page 20: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

“On the Internet, nobody knows you are

a dog...

...but sites often want to know that you are the same dog as

last time”

Page 21: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.
Page 22: Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk.

Credits• ‘In the Field’, Julian Wearne,

http://www.flickr.com/photos/ikaink/4184787380

• Mosaic screen shot courtesy of NCSA/University of Illinois http://www.ncsa.illinois.edu/News/Images/

• two elephants, Timo Heuer, http://www.flickr.com/photos/upim/293676365/

• Fire Breathing Mythical Dragon, Wili Hybird, http://www.flickr.com/photos/walkadog/3484426248/

• “On the Internet”, by Peter Steiner, page 61 of July 5, 1993 issue of The New Yorker, (Vol.69 (LXIX) no. 20). Reproduced only for academic discussion, evaluation, and research.

• “Same dog as before”: “Tofu, online trust, and spiritual wisdom” from the Pushing Strings” blog by Eve Maler.

http://www.flickr.com/photos/ikaink/4184787380
http://www.ncsa.illinois.edu/News/Images/
http://www.flickr.com/photos/upim/
http://www.flickr.com/photos/upim/293676365/
http://www.flickr.com/photos/walkadog/3484426248/
http://www.levity.com/seabrook/eustace.html

Chemistry Add-in for Word OR 10 Joe Townsend University of Cambridge jat45@cam.ac.uk.

Chemistry Add-in for Word OR 10 Joe Townsend University of Cambridge [email protected].

How to make a poster David Sargan drs20@cam.ac.uk.

How to make a poster David Sargan [email protected].

CHIC – Converting Hamburgers Into Cows Joseph Townsend jat45@cam.ac.uk.

CHIC – Converting Hamburgers Into Cows Joseph Townsend [email protected].

Sources and Methods of English Common Law John Bell jsb48@cam.ac.uk.

Sources and Methods of English Common Law John Bell [email protected].

Challenges in Animal Infectious Diseases Modelling James Wood Department of Veterinary Medicine jlnw2@cam.ac.uk.

Challenges in Animal Infectious Diseases Modelling James Wood Department of Veterinary Medicine [email protected].

Education as Dialogue Robin Alexander University of Cambridge Contact: rja40@cam.ac.ukrja40@cam.ac.uk Download text at: .

Education as Dialogue Robin Alexander University of Cambridge Contact: [email protected]@cam.ac.uk Download text at: .

Identification of novel rare sequence variation underlying ...€¦ · 1/26/2018  · Prof Nicholas Morrell (nwm23@cam.ac.uk) and Dr Stefan Gräf (sg550@cam.ac.uk) Department of Medicine

Identification of novel rare sequence variation underlying ...€¦ · 1/26/2018  · Prof Nicholas Morrell ([email protected]) and Dr Stefan Gräf ([email protected]) Department of Medicine

Edinburgh Research Explorer · 2012-11-16 · pulse, 1 Hz repetition , at a wavelength coinciding with the a Electronic mail: pjwh4@cam.ac.uk. b Electronic mail: hjc37@cam.ac.uk.

Edinburgh Research Explorer · 2012-11-16 · pulse, 1 Hz repetition , at a wavelength coinciding with the a Electronic mail: [email protected]. b Electronic mail: [email protected].

mk306@cam.ac.uk Markus KRAFT 1...mk306@cam.ac.uk Markus KRAFT 10 Ogen 2020 Motivation –health impact• SARS correlation with air pollution index in China (Cui et al. 2003) • Preprint

[email protected] Markus KRAFT [email protected] Markus KRAFT 10 Ogen 2020 Motivation –health impact• SARS correlation with air pollution index in China (Cui et al. 2003) • Preprint

Donhatai Harris dh293@cam.ac.uk Cambridge Experimental &Behavioural Research Group (CEBEG)

Donhatai Harris [email protected] Cambridge Experimental &Behavioural Research Group (CEBEG)

agk34, vb292, rc10001 @cam.ac.uk arXiv:1511.02680v1 [cs.CV ...

agk34, vb292, rc10001 @cam.ac.uk arXiv:1511.02680v1 [cs.CV ...

Brain Mapping Unit The General Linear Model A Basic Introduction Roger Tait (rt337@cam.ac.uk)

Brain Mapping Unit The General Linear Model A Basic Introduction Roger Tait ([email protected])

Ansible Documentation - University of Cambridgepeople.ds.cam.ac.uk/jw35/docs/ansible/old/1.5/ansible-docs-1.5.pdf · The core application evolves ... playbooks, configuration management,

Ansible Documentation - University of Cambridgepeople.ds.cam.ac.uk/jw35/docs/ansible/old/1.5/ansible-docs-1.5.pdf · The core application evolves ... playbooks, configuration management,

NumLin: Linear Types for Linear Algebrank480/numlin.pdf · NumLin: LinearTypesforLinearAlgebra DhruvC.Makwana Unaffiliateddhruvmakwana.com dcm41@cam.ac.uk NeelakantanR.Krishnaswami

NumLin: Linear Types for Linear Algebrank480/numlin.pdf · NumLin: LinearTypesforLinearAlgebra DhruvC.Makwana Unaffiliateddhruvmakwana.com [email protected] NeelakantanR.Krishnaswami

Historical Linguistics: Questions of reconstruction and relatedness Ian Roberts Downing College igr20@cam.ac.uk.

Historical Linguistics: Questions of reconstruction and relatedness Ian Roberts Downing College [email protected].

Oil and Development The Resource Curse in Practice Ben Paarmann (bp283@cam.ac.uk)

Oil and Development The Resource Curse in Practice Ben Paarmann ([email protected])

POWER-HOLDER LEGITIMACY: THEORY AND EVIDENCE Justice Tankebe (jt340@cam.ac.uk)jt340@cam.ac.uk 4 th International Conference on Evidence Based Policing.

POWER-HOLDER LEGITIMACY: THEORY AND EVIDENCE Justice Tankebe ([email protected])[email protected] 4 th International Conference on Evidence Based Policing.

(Useful) Information Geometrycbl.eng.cam.ac.uk/pub/Intranet/MLG/ReadingGroup/information_geometry2.pdf(Useful) Information Geometry Shane Gu and Nilesh Tripuraneni sg717@cam.ac.uk,nt357@cam.ac.uk

(Useful) Information Geometrycbl.eng.cam.ac.uk/pub/Intranet/MLG/ReadingGroup/information_geometry2.pdf(Useful) Information Geometry Shane Gu and Nilesh Tripuraneni [email protected],[email protected]

Steven J Steer, sjs218@cam.ac.uk

Steven J Steer, [email protected]

Leigh Warbrick - smashwords.com · World Serpent Bones Vestibule maw, entrance hewn, dark, yawn hunch, cavity carve, cave fracture, mandible, agape flip, tunnels scrape, passage gnash,

Leigh Warbrick - smashwords.com · World Serpent Bones Vestibule maw, entrance hewn, dark, yawn hunch, cavity carve, cave fracture, mandible, agape flip, tunnels scrape, passage gnash,