investigating liberty alliance and shibboleth integration
Download
Skip this Video
Download Presentation
Investigating Liberty Alliance and Shibboleth Integration

Loading in 2 Seconds...

play fullscreen
1 / 12

Investigating Liberty Alliance and Shibboleth Integration - PowerPoint PPT Presentation


  • 80 Views
  • Uploaded on

Investigating Liberty Alliance and Shibboleth Integration. Nishen Naidoo, 30396468 Supervisor: Dr. Steve Cassidy. Talk Outline. Introduction to Federated Identity Management Example Multiple Frameworks Shibboleth Liberty Alliance Project Objectives and Motivation

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Investigating Liberty Alliance and Shibboleth Integration' - farren


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
investigating liberty alliance and shibboleth integration
Investigating Liberty Alliance and Shibboleth Integration

Nishen Naidoo, 30396468

Supervisor: Dr. Steve Cassidy

talk outline
Talk Outline
  • Introduction to Federated Identity Management
    • Example
  • Multiple Frameworks
    • Shibboleth
    • Liberty Alliance
  • Project Objectives and Motivation
  • Deconstructing the Frameworks
  • Conclusion
federated identity management fim
Federated Identity Management (FIM)
  • Reduce number of online identities
  • Reduce privacy exposure
  • User controls who sees what
  • Enables easy sharing of resources
main actors in fim
Main Actors in FIM
  • Users
    • Using a User Agent (Browser)
  • Service Provider
    • Provide resources and services
    • Protect resources and services
  • Identity Provider
    • Authenticates users
    • Provides security assertions to Service Providers
example interaction
Example Interaction
  • Resource Request
  • Redirection to IdP
    • SAML Authentication Request
    • IdP authenticates User
  • Form Response
    • SAML Authentication Response
  • Automatic Form Submission
    • Process Assertion
  • Resource Acquired
multiple frameworks
Multiple Frameworks
  • Shibboleth
    • Higher Education focus
    • Resource Sharing, privacy, security
    • InCommon, AAF
  • Liberty Alliance
    • Commercial sector focus
    • Service integration, privacy, security
    • Intel, GM
issues with multiple frameworks
Issues with Multiple Frameworks
  • User perspective
    • More credentials due to technology limitation
    • Less privacy
  • Unnecessary federations
    • Formed from having to support multiple technologies
  • Increases difficulty of forming federations
    • Need to support services within each framework? What do you do?
project objectives
Project Objectives
  • Investigating whether we can extend a federation beyond the boundaries imposed by the technologies it employs – integration…
deconstructing the frameworks
Deconstructing the Frameworks
  • Both frameworks base on SAML specification
  • Identified the following:
    • Assertions – identical to each other (both SAML)
    • Protocols – identical (SAML)
    • Bindings - Different
    • Profiles – Similar enough (derived from SAML).
relevant logical subcomponents
Relevant Logical Subcomponents
  • Service Provider
    • Attribute Requester
    • Assertion Consumer Service
  • Identity Provider
    • Attribute Authority
    • Single Sign On Service
technology example
Technology Example
  • Shibboleth Identity Provider
    • Java Web Application based
    • Employs servlets as endpoint processors
    • Has filter capabilities (interceptor pattern)
conclusion
Conclusion
  • Identified the binding differences and conversions
    • Message structure
    • Parameter referencing
  • Identified strategic architectural locations for adaptation
  • Provided technology example
  • Identified implementation as future work
ad