60 likes | 63 Views
Securing geodata services Pilot study: SAML via Shibboleth. Objectives. Replace commercial AuthN system with open-source SAML solution – lower cost Distributed user management – lower cost, increased security
E N D
Objectives • Replace commercial AuthN system with open-source SAML solution – lower cost • Distributed user management – lower cost, increased security • Technical implementation of existing federation - ”The Geodata Cooperation Agreement” • Prepare support of upcoming national (and european) eId, using SAML technique • Possible re-use of existing federations (SWAMID, Swedish Academic Identity)
Current infrastructure • Commercial Authentication system • Centralized user storage • Con terra securityManager for fine-grained Authorization control, using centralized user storage • Distributed service providers
Pilot infrastructure • SAML Authentication via Shibboleth • Shibboleth WAYF (Discovery service) • Federation of distributed user storages (Identity providers) • Con terra securityManager for fine-grained authorization control, using SAML assertions • Distributed service providers
Pilot estimated timing End of October 2011 • SAML Authentication via Shibboleth • Shibboleth WAYF (Discovery service) End of December 2011 • Federation of distributed user storages (Identity providers) • Con terra securityManager for fine-grained authorization control, using SAML assertions Already in place • Distributed service providers
Contact • Questions • Comments • Feedback • More information • …share your own Shibboleth experiences • …participate in pilot Mats Isaksson mats.k.isaksson@lm.se Enjoy Edinburgh!