eurocamp authentication ( authn )
DESCRIPTION
EuroCAMP Authentication ( AuthN ). EuroCAMP Tuesday, November 23 rd , 2010 Brook Schofield Project Development Officer [email protected] www.terena.org. Campus Architecture & Middleware Planning…. My Blurb: - PowerPoint PPT PresentationTRANSCRIPT
![Page 2: EuroCAMP Authentication ( AuthN )](https://reader035.vdocuments.net/reader035/viewer/2022062301/56816032550346895dcf509c/html5/thumbnails/2.jpg)
› My Blurb:› Focusing on the first step of the 'domestication'
progression we'll cover authentication for applications, showing examples of externalising authentication and identifying the technologies of interest to this group.
› Q: First step?› Q: Domestication?
› applications that work well with enterprise infrastructure, typically by externalizing group management, authentication, and/or authorization
- COmanage webpage via RL ‘Bob’ Morgan
Slide 2
![Page 3: EuroCAMP Authentication ( AuthN )](https://reader035.vdocuments.net/reader035/viewer/2022062301/56816032550346895dcf509c/html5/thumbnails/3.jpg)
› That’s why everyonedoes it!
› Previously everyone "had" to do it.
› Campus' created accounts because their students needed them.
› Commercial providers created accounts so people could access them.
› Password synchronization is handled by the user.
Slide 3
![Page 4: EuroCAMP Authentication ( AuthN )](https://reader035.vdocuments.net/reader035/viewer/2022062301/56816032550346895dcf509c/html5/thumbnails/4.jpg)
Slide 4
![Page 5: EuroCAMP Authentication ( AuthN )](https://reader035.vdocuments.net/reader035/viewer/2022062301/56816032550346895dcf509c/html5/thumbnails/5.jpg)
› NIS, Novell› Windows for Work Groups› LDAP and Microsoft AD› Kerberos› CAS, WebAuth
› Limited to the Campus› Need to expand outside the Campus
Slide 5
![Page 6: EuroCAMP Authentication ( AuthN )](https://reader035.vdocuments.net/reader035/viewer/2022062301/56816032550346895dcf509c/html5/thumbnails/6.jpg)
Slide 6
![Page 7: EuroCAMP Authentication ( AuthN )](https://reader035.vdocuments.net/reader035/viewer/2022062301/56816032550346895dcf509c/html5/thumbnails/7.jpg)
Slide 7
![Page 8: EuroCAMP Authentication ( AuthN )](https://reader035.vdocuments.net/reader035/viewer/2022062301/56816032550346895dcf509c/html5/thumbnails/8.jpg)
› Campus’ always had external resources› Solved by liberal licensing› Reverse Proxies› VPN
› Complicated by:› Mobile students› Proliferation of Devices› IPv6› $ £ € ¥ ₨
Slide 8
![Page 9: EuroCAMP Authentication ( AuthN )](https://reader035.vdocuments.net/reader035/viewer/2022062301/56816032550346895dcf509c/html5/thumbnails/9.jpg)
Slide 9
![Page 10: EuroCAMP Authentication ( AuthN )](https://reader035.vdocuments.net/reader035/viewer/2022062301/56816032550346895dcf509c/html5/thumbnails/10.jpg)
› 1 - Username/Password for All Services› Manual sign-up by the user› Password reset problem› Deprovisioning Problem
› 2 - Shared Identity› LDAP Backend› Password Synchronisation (maybe)
› 3 - Externalised Identity› Identity Federation (SAML)› Single Point › OpenID vs Facebook vs Google
Slide 10
![Page 11: EuroCAMP Authentication ( AuthN )](https://reader035.vdocuments.net/reader035/viewer/2022062301/56816032550346895dcf509c/html5/thumbnails/11.jpg)
Slide 11
![Page 12: EuroCAMP Authentication ( AuthN )](https://reader035.vdocuments.net/reader035/viewer/2022062301/56816032550346895dcf509c/html5/thumbnails/12.jpg)
Slide 12
![Page 13: EuroCAMP Authentication ( AuthN )](https://reader035.vdocuments.net/reader035/viewer/2022062301/56816032550346895dcf509c/html5/thumbnails/13.jpg)
Slide 13
![Page 14: EuroCAMP Authentication ( AuthN )](https://reader035.vdocuments.net/reader035/viewer/2022062301/56816032550346895dcf509c/html5/thumbnails/14.jpg)
Slide 14
› Stupid Applications are the easiest› Any HTTP Basic Auth?
› Embedded Username/Password Dialog› Hardest to deal with (especially flash)
› Lots of Options› simpleSAMLphp› Shibboleth-SP› OIOSAML SP› Fedlet› OpenAM
![Page 15: EuroCAMP Authentication ( AuthN )](https://reader035.vdocuments.net/reader035/viewer/2022062301/56816032550346895dcf509c/html5/thumbnails/15.jpg)
Slide 15
› Applications are diverse› Skinning a Cat
› Users are diverse› From different sources
› IdPs are diverse› No two attributes the same
![Page 16: EuroCAMP Authentication ( AuthN )](https://reader035.vdocuments.net/reader035/viewer/2022062301/56816032550346895dcf509c/html5/thumbnails/16.jpg)
Slide 16
![Page 17: EuroCAMP Authentication ( AuthN )](https://reader035.vdocuments.net/reader035/viewer/2022062301/56816032550346895dcf509c/html5/thumbnails/17.jpg)
+31651553991
skype://brookschofield
@BrookSchofield
facebook.com/brook.schofield
linkedin.com/in/brookschofield
Slide 17