17
EuroCAMP Tuesday, November 23 rd , 2010 Brook Schofield Project Development Officer [email protected] www.terena.org Slide 1
› My Blurb:› Focusing on the first step of the 'domestication'
progression we'll cover authentication for applications, showing examples of externalising authentication and identifying the technologies of interest to this group.
› Q: First step?› Q: Domestication?
› applications that work well with enterprise infrastructure, typically by externalizing group management, authentication, and/or authorization
- COmanage webpage via RL ‘Bob’ Morgan
Slide 2
› That’s why everyonedoes it!
› Previously everyone "had" to do it.
› Campus' created accounts because their students needed them.
› Commercial providers created accounts so people could access them.
› Password synchronization is handled by the user.
Slide 3
Slide 4
› NIS, Novell› Windows for Work Groups› LDAP and Microsoft AD› Kerberos› CAS, WebAuth
› Limited to the Campus› Need to expand outside the Campus
Slide 5
Slide 6
Slide 7
› Campus’ always had external resources› Solved by liberal licensing› Reverse Proxies› VPN
› Complicated by:› Mobile students› Proliferation of Devices› IPv6› $ £ € ¥ ₨
Slide 8
Slide 9
› 1 - Username/Password for All Services› Manual sign-up by the user› Password reset problem› Deprovisioning Problem
› 2 - Shared Identity› LDAP Backend› Password Synchronisation (maybe)
› 3 - Externalised Identity› Identity Federation (SAML)› Single Point › OpenID vs Facebook vs Google
Slide 10
Slide 11
Slide 12
Slide 13
Slide 14
› Stupid Applications are the easiest› Any HTTP Basic Auth?
› Embedded Username/Password Dialog› Hardest to deal with (especially flash)
› Lots of Options› simpleSAMLphp› Shibboleth-SP› OIOSAML SP› Fedlet› OpenAM
Slide 15
› Applications are diverse› Skinning a Cat
› Users are diverse› From different sources
› IdPs are diverse› No two attributes the same
Slide 16
+31651553991
skype://brookschofield
@BrookSchofield
facebook.com/brook.schofield
linkedin.com/in/brookschofield
Slide 17
