1 / 8

The Many Ways to Identity Exchange

Explore the various methods of identity exchange in the digital world, from SAML and OpenID to OAuth and JWT. Discover the convergence of AAI, STS, and proxying, and the potential for enhancing user experience and privacy. Proposal for REFEDS funding for remote federated proxy administration and centralized configuration.

alfredah
Download Presentation

The Many Ways to Identity Exchange

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. On the Many Ways to Identity ExchangeDigital identities are more valuable as they are more widely assertable Diego R. Lopez, RedIRIS

  2. The Open Fronts • Life beyond SAML • OpenID and “Identity 2.0” • OAuth and JWT • Seeking for meeting points • eIRG • STORK • eduGAIN, PEER, MDX, … • AAI convergence and STS efforts • Sort of Proxying • Inner access: TERENA SPP • Outer access: Proposal to REFEDS

  3. The twodotosphere • MACE’s WG on OpenID • https://spaces.internet2.edu/display/OpenID/Home • Guidance, toward some degree of standardization • Examine the demand for, and applicability of, SAML/OpenID gateways • Integrating identities both ways • Logins4Life • Social authsources • social2saml.org • SIR-enabled Facebook groups • Social discovery services

  4. Tokens and token formats • OAuth2 consolidating • Several rather mature I-Ds making their way up in IETF • And proposals based on it • UMA, inside Kantara • REST token-based access, inside GN3 • JWT: JSON Web Token • Intended for space constrained environments • HTTP Authorization headers • URI query parameters • Simpler to code and parse • OAuth2 AP: http://www.rediris.es/oauth2/ • JWT: Proof-of-concept for SIR-REST integration

  5. Higher Convergence • STORK progressing • Proposal for making EC services STORK-aware • Seeking for new use cases in academic space • Lever for integration with governmental infrastructures • eIRG on AAIs • Convergence in academic space a key issue • Federations as the main enablers • Integration with the wider Internet • A long way to go, policy-wise • Acknowledgement to TERENA and REFEDS role

  6. Lower Convergence • Metadata aggregators • PEER (not) vs. eduGAIN • Several services integrating federations and Grid PKIs • Watch Chris’ talk on this • Convergence at the WS level: STS • SURFNet experiments and CLARIN interest • EMI-EGI initiative • GEMBus STS (soon to be demonstrated) • EUGridPMA to explore policy aspects

  7. The Identity Swiss Knives • Proxying is a wide concept that can address solutions to a wide variety of issues • Simplify management • See Dick’s talk • Increase federation usage • The most usual application • Boost privacy • Only provide an IP to access resources • Enhance user experience • Resolvers and deep-linking • Expanding applicability • WS-based interfaces and non-Web clients

  8. A Proposal for REFEDS Funding • The goals • Remote federated proxy administration • Centralized configuration of proxy meshes • Non-Web clients in third party WS environments • Neutral link resolution and deep linking • The technologies • EZProxy • Apache2 proxy capabilities • The players: WAYF and RedIRIS

More Related