1 / 20

Kennisnet Entree: federated authentication

Kennisnet Entree: federated authentication. Pieter Bruring Technical Product Manager. Identification … a must. Narrowing the scope of identity. Kennisnet Entree: providing SSO to VLE/LMS. What’s it all about?. Some figures. Total of 600.000 educational users in the Netherlands:

zona
Download Presentation

Kennisnet Entree: federated authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Kennisnet Entree: federated authentication Pieter Bruring Technical Product Manager

  2. Identification … a must EdReNe expert workshop - 26 February 2009

  3. Narrowing the scope of identity EdReNe expert workshop - 26 February 2009

  4. Kennisnet Entree: providing SSO to VLE/LMS EdReNe expert workshop - 26 February 2009

  5. What’s it all about? EdReNe expert workshop - 26 February 2009

  6. Some figures • Total of 600.000 educational users in the Netherlands: • 165 schools connected (300.000 estimated federative users) • 300.000 Entree selfservice accounts • 13 Service providers: • Educational online video streaming service • Government sites • Educational content providers • Webshop EdReNe expert workshop - 26 February 2009

  7. Elements of an authentication and authorisation service Service providers Authentication and authorisation platforms Identity Providers Schools Users Usersuse different accounts to access websites Websites use centralised userstores (identity providers) Rise of the Learning management systems as identity provider for schools Federated autentication, platforms function as hub EdReNe expert workshop - 26 February 2009

  8. Anatomy of the Entree federation Service providers Federation hub Identity Providers (learningevironmentsystems) Schools EdReNe expert workshop - 26 February 2009

  9. 2. Go authenticate Anatomy of the Entree federation hub Entree application Server(s) A-Select Server (Authentication engine) Management interfaces (SP’s, Schools, Kennisnet, my Entree account) Digicode module (additionalauthorisationmeansfor upgrading accounts withattributes) Attribute filter Entree selfservice Account userstore EdReNe expert workshop - 26 February 2009

  10. Confederation 2009 Surfnet, Universities, Publishers Kennisnet content, educational publishers & educational video streaming services Higher Education, Universities Educational content providers (publishers) central authorisation via webshop High school teachers and students Primary education, high schools and colleges EdReNe expert workshop - 26 February 2009

  11. A-Select • Dutch authentication platform: www.a-select.org • Open Source • Not yet using standard SAML 2.0 • It does however support Shiboleth via and agent and filter solution • Used nationwide in DigID, provides users with a personalised login code for authentication on websites from various governmental bodies EdReNe expert workshop - 26 February 2009

  12. A-Select interfacing: Service Provider Service Provider Server Browser 1. URL webserver 5. Set application token with attributes 3. Authentication Set SSO token 2. Go authenticate A-Select filter (checksif URL needsauthentication) A-Select agent (javaapp) A-Select server 4. user attributes Content 6. Redirect after authorisation A-Select protocol EdReNe expert workshop - 26 February 2009

  13. A-Select interfacing: Identity Provider Identity provider Userstore A-Select server 4. “my loginname & password” Browser 2. “I belong to this organisation” 1. “Where are you from? 8. “have a SSO token (cookie)” 3. “Go authenticate there” A-Select server 7. “user authenticated ok” 5. Interface with userstore 6. “Is ok?” A-Select AuthSP A-Select protocol EdReNe expert workshop - 26 February 2009

  14. A-Select IdP interfacing problems • A-Select IdP’s are very difficult to set up: • Need for ‘foreign’ software in system (A-Select server) • Need to develop custom A-Select AuthSP for non LDAP userstores, such as MySQL. • A-Select protocol not an international standard, like SAML 2.0, Shiboleth EdReNe expert workshop - 26 February 2009

  15. Entree solution: Cookiemonster interface Goal: Virtual Learning Environments and Learning Management Systems shall be connected to Entree using easy to implement webservices. • Requirements: • No need for ‘foreign’ software in system • Native authentication of user by VLE/LMS • Standardisation of user attributes sent to Entree • For security purposes assertion of trust needed Consequence: No standard (eg SAML 2.0) fit the bill on ‘easy to implement’ due to maturity differences in VLE/LMS providers. EdReNe expert workshop - 26 February 2009

  16. A-Select Entree expansion: LMS IdP webservices Learning Management System Userstore Nativeauthentication system Browser 4. “my loginname & password” 2. “I belong to this organisation” 1. “Where are you from? 8. “have a SSO token (cookie)” 5. Get attributes 3. “Go authenticate there” Entree callback interfacing A-Select server 6. User attributes using EduPerson schema A-Select Cookiemonster protocol EdReNe expert workshop - 26 February 2009

  17. Cookiemonster interface: results • Solution provides Single Sign On path directly from VLE/LMS to Service Provider. • 1 month after introducing new interfacing method 100 schools were connected. • Average development time for VLE/LMS provider is 2 weeks EdReNe expert workshop - 26 February 2009

  18. Next step: building biggerbridges EdReNe expert workshop - 26 February 2009

  19. The standards SAML 2.0 en OpenId are selectedfor these bridges EdReNe expert workshop - 26 February 2009

  20. You? Questions? EdReNe expert workshop - 26 February 2009

More Related