Investigating liberty alliance and shibboleth integration
This presentation is the property of its rightful owner.
Sponsored Links
1 / 12

Investigating Liberty Alliance and Shibboleth Integration PowerPoint PPT Presentation


  • 54 Views
  • Uploaded on
  • Presentation posted in: General

Investigating Liberty Alliance and Shibboleth Integration. Nishen Naidoo, 30396468 Supervisor: Dr. Steve Cassidy. Talk Outline. Introduction to Federated Identity Management Example Multiple Frameworks Shibboleth Liberty Alliance Project Objectives and Motivation

Download Presentation

Investigating Liberty Alliance and Shibboleth Integration

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Investigating liberty alliance and shibboleth integration

Investigating Liberty Alliance and Shibboleth Integration

Nishen Naidoo, 30396468

Supervisor: Dr. Steve Cassidy


Talk outline

Talk Outline

  • Introduction to Federated Identity Management

    • Example

  • Multiple Frameworks

    • Shibboleth

    • Liberty Alliance

  • Project Objectives and Motivation

  • Deconstructing the Frameworks

  • Conclusion


Federated identity management fim

Federated Identity Management (FIM)

  • Reduce number of online identities

  • Reduce privacy exposure

  • User controls who sees what

  • Enables easy sharing of resources


Main actors in fim

Main Actors in FIM

  • Users

    • Using a User Agent (Browser)

  • Service Provider

    • Provide resources and services

    • Protect resources and services

  • Identity Provider

    • Authenticates users

    • Provides security assertions to Service Providers


Example interaction

Example Interaction

  • Resource Request

  • Redirection to IdP

    • SAML Authentication Request

    • IdP authenticates User

  • Form Response

    • SAML Authentication Response

  • Automatic Form Submission

    • Process Assertion

  • Resource Acquired


Multiple frameworks

Multiple Frameworks

  • Shibboleth

    • Higher Education focus

    • Resource Sharing, privacy, security

    • InCommon, AAF

  • Liberty Alliance

    • Commercial sector focus

    • Service integration, privacy, security

    • Intel, GM


Issues with multiple frameworks

Issues with Multiple Frameworks

  • User perspective

    • More credentials due to technology limitation

    • Less privacy

  • Unnecessary federations

    • Formed from having to support multiple technologies

  • Increases difficulty of forming federations

    • Need to support services within each framework? What do you do?


Project objectives

Project Objectives

  • Investigating whether we can extend a federation beyond the boundaries imposed by the technologies it employs – integration…


Deconstructing the frameworks

Deconstructing the Frameworks

  • Both frameworks base on SAML specification

  • Identified the following:

    • Assertions – identical to each other (both SAML)

    • Protocols – identical (SAML)

    • Bindings - Different

    • Profiles – Similar enough (derived from SAML).


Relevant logical subcomponents

Relevant Logical Subcomponents

  • Service Provider

    • Attribute Requester

    • Assertion Consumer Service

  • Identity Provider

    • Attribute Authority

    • Single Sign On Service


Technology example

Technology Example

  • Shibboleth Identity Provider

    • Java Web Application based

    • Employs servlets as endpoint processors

    • Has filter capabilities (interceptor pattern)


Conclusion

Conclusion

  • Identified the binding differences and conversions

    • Message structure

    • Parameter referencing

  • Identified strategic architectural locations for adaptation

  • Provided technology example

  • Identified implementation as future work


  • Login