1 / 17

EuroCAMP Authentication ( AuthN )

EuroCAMP Authentication ( AuthN ). EuroCAMP Tuesday, November 23 rd , 2010 Brook Schofield Project Development Officer brook@terena.org www.terena.org. Campus Architecture & Middleware Planning…. My Blurb:

ananda
Download Presentation

EuroCAMP Authentication ( AuthN )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EuroCAMPAuthentication (AuthN) EuroCAMP Tuesday, November 23rd, 2010 Brook Schofield Project Development Officerbrook@terena.orgwww.terena.org

  2. Campus Architecture & Middleware Planning… • My Blurb: • Focusing on the first step of the 'domestication' progression we'll cover authentication for applications, showing examples of externalising authentication and identifying the technologies of interest to this group. • Q: First step? • Q: Domestication? • applications that work well with enterprise infrastructure, typically by externalizing group management, authentication, and/or authorization - COmanage webpage via RL ‘Bob’ Morgan

  3. AuthN is easy! • That’s why everyonedoes it! • Previously everyone "had" to do it. • Campus' created accounts because their students needed them. • Commercial providers created accounts so people could access them. • Password synchronization is handled by the user.

  4. Remember to squat your name!http://namechk.com/

  5. Many campus solutions to the username/password problem. • NIS, Novell • Windows for Work Groups • LDAP and Microsoft AD • Kerberos • CAS, WebAuth • Limited to the Campus • Need to expand outside the Campus

  6. We preached it, but didn’t live it.

  7. TERENA Externalising AuthN

  8. The campus problem disrupted. • Campus’ always had external resources • Solved by liberal licensing • Reverse Proxies • VPN • Complicated by: • Mobile students • Proliferation of Devices • IPv6 • $ £ € ¥ ₨

  9. Storm Brewing.

  10. Levels in the AuthN Continuum • 1 - Username/Password for All Services • Manual sign-up by the user • Password reset problem • Deprovisioning Problem • 2 - Shared Identity • LDAP Backend • Password Synchronisation (maybe) • 3 - Externalised Identity • Identity Federation (SAML) • Single Point • OpenID vs Facebook vs Google

  11. Quick Poll… How many username/password combinations do use in a day? Including the ones that your browser / os remember for you. 1 2-5 5-15 15+

  12. Do we feel special?

  13. Integrating 3rd Party Applications

  14. Integrating 3rd Party Applications • Stupid Applications are the easiest • Any HTTP Basic Auth? • Embedded Username/Password Dialog • Hardest to deal with (especially flash) • Lots of Options • simpleSAMLphp • Shibboleth-SP • OIOSAML SP • Fedlet • OpenAM

  15. …including the kitchen sink. • Applications are diverse • Skinning a Cat • Users are diverse • From different sources • IdPs are diverse • No two attributes the same

  16. Scaling AuthN

  17. brook@terena.org +31651553991 sip:schofield@terena.org skype://brookschofield @BrookSchofield facebook.com/brook.schofield linkedin.com/in/brookschofield Questions?“A man with one watch knows what time it is; a man with two watches is never quite sure.” Lee Segall

More Related