Slide 1

Identity Management in Education

Slide 2

Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education www.netprof.us

Slide 3

Topics Define the issue Discuss authentication mechanisms Using a 10,000 overview approach

Slide 4

The Problem Cloud based systems benefits Google Apps Thousands of frequently changing users Multiple accounts Multiple passwords multiple headaches

Slide 5

Remember When Software for learning installed locally Users authenticate locally once, access multiple applications Well, most of the time.

Slide 6

Local Supported Apps Pros: o Users are already trusted o LDAP can be used for authentication Cons: o Technology department responsible for install, operation, and updates o Sometimes requires its own hardware or server Bottom line, it can be expensive

Slide 7

Shift Towards SaaS Pros: o Software provider is in charge of install, operation and maintenance o Fixed cost Cons: o School is in charge of providing authentication

Slide 8

Authentication Nightmares Some sites are one user name full access Others are locked by IP address More and more are needing username and password information

Slide 9

Does the Shoe Fit? There is no one size fits all solution yet Providing user information per system Single Sign-on o OpenID o SAML2

Slide 10

Creating Users by Hand Local access to resources LDAP Access remote systems, eg. Google Apps Create and manage accounts by hand Accounts are managed one by one Usually same password on all accounts What happens when a password is compromised?

Slide 11

Creating Accounts SiS administrator Local / LDAP Library Google Apps Online Learning On and On Network Admin

Slide 12

Managing Users Local / LDAP Library Google Apps Online Learning On and On Admin / Media Spec. / Para

Slide 13

Provisioning Tool Local / LDAP LibraryGoogle Apps Other

Slide 14

Managing Users Local / LDAP LibraryGoogle Apps Other Happy!!

Slide 15

What About SIF? Designed to send student data between SiS providers One way Adoption by developers of online software? What about staff? Each SiS company has a slightly different implimentation

Slide 16

Single Sign-on One password all systems Sign-on once, use many

Slide 17

Methods Form Auth Provider OpenID SAML2

Slide 18

Form Auth Federate username and password to remote system Form auth username password through local HTML link

Slide 19

Form Auth Pros: o Simple o Will work on systems that dont support other methods Cons: o Connectors o Accounts still need to be created o Passwords are still maintained remotely one by one o Forms change, connectors break o Usually pay by the connector

Slide 20

OpenID and SAML2 Both provide token identifiers for authentication OpenID being pushed by Google SAML is another open standard with slightly more security (Security Assertion Markup Language)

Slide 21

SSO Primer Local Auth DB (LDAP) User Remote Service Provider SSO Portal

Slide 22

OpenID vs SAML2 OpenIDSAML2 HTTP Binding of request Service Providers loosely coupled IdP Identifier is global Does NOT support single sign out Multiple methods including HTTP Service Providers tightly coupled IdP valid for provider only Supports single sign out

Slide 23

SSO Issues Remote provider must support SSO method Weak passwords = quick access for hackers

Slide 24

Questions? Slides will be up on www.netprof.us