connect (usit)
TRANSCRIPT
![Page 2: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/2.jpg)
Feide75 mill innlogginger
(2014)
~ 380utdannings
institusjoner
Web Single Sign-On
~ 300tjenester
![Page 3: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/3.jpg)
Identitet
Grupper, emner,
sted, rom, tid, ++
Aksess,
tilgangsstyring
og kontroll
Lettvekts, utviklervennlige APIer
OAuth + OpenID Connect
Hva er kjernen vi skal bygge en god bærekraftig
IKT-arkitektur rundt ?
![Page 4: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/4.jpg)
Feide
…
Connect
Connect
![Page 5: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/5.jpg)
Feide
ServiceProvider
SAML 2.0
WebSSOSAML 2.0 is specialized for Single Sign-On
![Page 6: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/6.jpg)
OAuth 2.0, OpenID Connect + APIs
Connect v1
Authentication
Feide IDporten gjestebrukereeduGAIN
Groups
FSFeide
Future services..
PeopleSearch
API Gatekeeper
adhoc
ClientsApplications Services
Service X
Service Y
Service Z
![Page 7: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/7.jpg)
Prosjekt: ut 2015
– Teknologi og teknisk løsning – Avtaleverk, juss og personvern – Pilot som starter 1. Juni
Prosjektleder: Hildegunn Vada
– Overlevere produkt, og system til drift og utrullingsaktivitet
Referansegruppe med bred deltagelse i sektoren. Samarbeid med IKT-senteret Koordineres med UH-sky
![Page 8: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/8.jpg)
selvbetjening - skalerbarhet
![Page 9: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/9.jpg)
Developer-friendly APIs
REST, OAuth 2.0
No XML, no xmlsec, no SOAP
![Page 10: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/10.jpg)
Login flow
Replacement of the current Feide Consent page
![Page 11: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/11.jpg)
![Page 12: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/12.jpg)
mer brukerstyrt
![Page 13: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/13.jpg)
Enterprise IdM User Centric
Batch provisioning Dynamic DataAPIs
Få store tjenester Mange små spesialiserte tjenester
Trends
![Page 14: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/14.jpg)
XMLJSON
SOAPRESTXMLDSIG
JWT/JWS
WS-Security / ID-WSF OAuth
SAMLOpenID Connect
Noen trender – API teknologi
![Page 15: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/15.jpg)
Mobile
![Page 16: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/16.jpg)
Web clients, but also
+ Mobile + Desktop + Client to service
Mobile › In-app browser vs. › System browser + custom url scheme
16
![Page 17: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/17.jpg)
FeideSingle Sign-On session
= 8 hours
![Page 18: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/18.jpg)
Tjenester
med interaksjon mellom brukere ikke bare mellom bruker og tjeneste
› Personsøk › Grupper
![Page 19: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/19.jpg)
API for person lookup – white pages
Find people by search for name, and pick «contact cards».
In use for collaboration services, where people interact with each other.
19
![Page 20: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/20.jpg)
Grupper
![Page 21: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/21.jpg)
Person Medlemskap / rolle Gruppe Gruppetype
http://openvoot.org
![Page 22: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/22.jpg)
Person Medlemskap / rolle Gruppe Gruppetype
GOUndervisningsgruppe
Ad-Hoc gruppe UHStudieretning
Tilknyttet skole X
http://openvoot.org
![Page 23: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/23.jpg)
23
Groups Manage
ad-hoc groups
using groups and peoplesearch
APIs
![Page 24: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/24.jpg)
API Gatekeeper
![Page 25: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/25.jpg)
25
etherpad demotjeneste
![Page 26: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/26.jpg)
26
etherpad demo
![Page 27: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/27.jpg)
Account versus
Person
FeideID, fødselsnummer, overgang fra grunnskole til vgs til høyskole,
utvekslingsstudenter, høyskoler som slåes sammen, kommuner som slåes sammen.
![Page 28: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/28.jpg)
Pilot Startet 1. juni 2015
Muligheter for tjenstelevandører å koble seg til en funksjonell plattform.
Kontakt [email protected] Mer info feideconnect.no
![Page 29: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/29.jpg)
Web SSOBasic userinfo
Groups
Authentication and authorization of APIs
Desktop applications
Mobile applications
Long-lived sessions / access
Guest accounts
IDporten *
International login (eduGAIN) *
Feide Connect
![Page 30: Connect (USIT)](https://reader033.vdocuments.net/reader033/viewer/2022050907/55b40d15bb61eb3c728b45cc/html5/thumbnails/30.jpg)
Andreas Åkre Solberg linkedin.com/in/andreassolberg
http://feideconnect.no