On the Many Ways to Identity Exchange
Download
1 / 8

Diego R. Lopez, RedIRIS - PowerPoint PPT Presentation


  • 70 Views
  • Uploaded on

On the Many Ways to Identity Exchange Digital identities are more valuable as they are more widely assertable. Diego R. Lopez, RedIRIS. The Open Fronts. Life beyond SAML OpenID and “Identity 2.0” OAuth and JWT Seeking for meeting points eIRG STORK eduGAIN, PEER, MDX, …

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Diego R. Lopez, RedIRIS' - jake


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

On the Many Ways to Identity ExchangeDigital identities are more valuable as they are more widely assertable

Diego R. Lopez, RedIRIS


The open fronts
The Open Fronts

  • Life beyond SAML

    • OpenID and “Identity 2.0”

    • OAuth and JWT

  • Seeking for meeting points

    • eIRG

    • STORK

    • eduGAIN, PEER, MDX, …

    • AAI convergence and STS efforts

  • Sort of Proxying

    • Inner access: TERENA SPP

    • Outer access: Proposal to REFEDS


The twodotosphere
The twodotosphere

  • MACE’s WG on OpenID

    • https://spaces.internet2.edu/display/OpenID/Home

    • Guidance, toward some degree of standardization

    • Examine the demand for, and applicability of, SAML/OpenID gateways

  • Integrating identities both ways

    • Logins4Life

    • Social authsources

    • social2saml.org

    • SIR-enabled Facebook groups

    • Social discovery services


Tokens and token formats
Tokens and token formats

  • OAuth2 consolidating

    • Several rather mature I-Ds making their way up in IETF

    • And proposals based on it

      • UMA, inside Kantara

      • REST token-based access, inside GN3

  • JWT: JSON Web Token

    • Intended for space constrained environments

      • HTTP Authorization headers

      • URI query parameters

    • Simpler to code and parse

  • OAuth2 AP: http://www.rediris.es/oauth2/

  • JWT: Proof-of-concept for SIR-REST integration


Higher convergence
Higher Convergence

  • STORK progressing

    • Proposal for making EC services STORK-aware

    • Seeking for new use cases in academic space

    • Lever for integration with governmental infrastructures

  • eIRG on AAIs

    • Convergence in academic space a key issue

    • Federations as the main enablers

    • Integration with the wider Internet

    • A long way to go, policy-wise

    • Acknowledgement to TERENA and REFEDS role


Lower convergence
Lower Convergence

  • Metadata aggregators

    • PEER (not) vs. eduGAIN

  • Several services integrating federations and Grid PKIs

    • Watch Chris’ talk on this

  • Convergence at the WS level: STS

    • SURFNet experiments and CLARIN interest

    • EMI-EGI initiative

    • GEMBus STS (soon to be demonstrated)

    • EUGridPMA to explore policy aspects


The identity swiss knives
The Identity Swiss Knives

  • Proxying is a wide concept that can address solutions to a wide variety of issues

  • Simplify management

    • See Dick’s talk

  • Increase federation usage

    • The most usual application

  • Boost privacy

    • Only provide an IP to access resources

  • Enhance user experience

    • Resolvers and deep-linking

  • Expanding applicability

    • WS-based interfaces and non-Web clients


A proposal for refeds funding
A Proposal for REFEDS Funding

  • The goals

    • Remote federated proxy administration

    • Centralized configuration of proxy meshes

    • Non-Web clients in third party WS environments

    • Neutral link resolution and deep linking

  • The technologies

    • EZProxy

    • Apache2 proxy capabilities

  • The players: WAYF and RedIRIS


ad