feide connect tnc2014

Feide ConnectNext generation service platform for educational users in Norway.

andreas.solberg@uninett.noAndreas Åkre Solberg

Dublin, May 2014

Feide Connect

research and development activity

The presented work is from an operational prototypevaries from experimental to more mature

a production-level service is in planning

2

3

The gap between services’ needs and supporting middleware infrastructure

is increasing

What we have today

does not properly support mobile

does not properly support three-tier, services that interacts with services (data in other adm.domains)

Complex setup (SAML)

Complex cross-federation setup

4

5

Today everything is about

APIs

6

SAML is great for SSO - not everything else

Lets build…

8

HTTP

9

HTTPOAuth 2.0

Authorization management

10

HTTPOAuth 2.0

Authorization managementOpenID Connect SCIM

VOOTeduPerson++

3rd party APIs+++PeopleSearch ActivityStreams

11

HTTPOAuth 2.0

Authorization managementOpenID Connect SCIM

VOOTeduPerson++

3rd party APIs+++

App EngineJavascript PaaS

Groups AppStore Feed

DevDashboard

App

Documentation

App

Inspect

App

Authorization Dialog

Workflow

UNINETT ASinfo@uninett.no

Developer Dashboard

13

Groups

Clients

GroupEngineParallell aggregator

SCIM

VOOT

Ad-hocgroups

FSCommon Student System

Feideattributes

Feideattributes

14

Groups Manage

ad-hoc groups

using groups and peoplesearch

APIs

15

ActivityStreams

16

etherpad demo

Non-intrusive etherpad plugin no modifications

No external dependencies whatsoever! Not even simplesamlphp ;)

Uses Feide Connect for authentication and groups.

Setup with auto-configure

17

etherpad demo

18

Clients

API Gatekeeper

3rd party APIs

Authorization workflow Auth

OAuth server

HTTP API+ OAuth

Selfservice

GET /api/0/items HTTP/1.0Authorization: xxxxxHost: 3rd-domain.orgFC-UserID: andreas@uninett.noFC-Groups: x001, x002, x009FC-Scopes: readaccessFC-ClientID: 4thparty-org001

3rd.api.feideconnect.edu

established trust

api.3rdparty.org

19

Not solved yet

Still much implementations to do

Contracts and legal work

Payment model

Smooth logout experience with SLO, OAuth, web, applications and mobile.

20

…some more stuff

21

App Store in the works…

22

Frontend protocols service to service

service to platform

Javascript window.postMessage «Federated» iframes with isPassive=true

23

Adobe Connect Widget demoCan be used «anywhere»!

Just copy and paste a short JS sniplet.

Can easily be setup to adopt surrounding group environment, to set «current group».

Fully controlled authorization and access controll for Adobe Connect. No pre-configuration whatsover for endusers.

24

25

Autoconfigure demoSimplify registration of service providers

Can be prepacked with popular applications;in.e. wordpress (plugin demoed)

!Wordpress plugin with no external dependencies.

26

27

feed Widget demo

Widget push shared news or any «activity» to activity stream

Another widget presents «news» within a group in a collaboration service (Liferay)

2828

Feed Widget!Shows an aggregated feed of activities for the current

selected group across all collaboration tools.

Share widget!Can be easily integrated anywhere. Will share a link to the current web page

to the activity stream for the current user in a selected group context.

29

That’s it.

Thanks for attending this presentation!

andreas@uninett.no