maarten koopmans surfnet, [email protected] oasis adoption forum 2006
DESCRIPTION
Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story. Maarten Koopmans SURFnet, [email protected] OASIS Adoption forum 2006. In the beginning…. Well, the 90’s: a chip card for higher education. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/1.jpg)
Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management
Solution
An Identity 1.0 story
Maarten KoopmansSURFnet, [email protected]
OASIS Adoption forum 2006
![Page 2: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/2.jpg)
High-quality Internet for higher education and research
In the beginning…
Well, the 90’s: a chip card for higher education.
It failed miserably.
![Page 3: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/3.jpg)
High-quality Internet for higher education and research
… (2)
Tests with mobile phones and e-banking (token based in NL).
Piggybacking in 2001-2.
![Page 4: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/4.jpg)
High-quality Internet for higher education and research
Authentication middleware, 2002
Authentication middleware that could act as a switch between multiple authentication methods and added SSO as a bonus.
![Page 5: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/5.jpg)
High-quality Internet for higher education and research
A-Select 1.0 Q4-2002
First lesson: choose your project name carefully! Authentication selection.
We’ll just call it A-Select “for now”.
![Page 6: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/6.jpg)
High-quality Internet for higher education and research
1.0 features
• SSO• Multiple authentication methods• Simple “Cross” mode, full identity shared between
domains
3 universities, 30.000 users.
They liked it. We invested.
![Page 7: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/7.jpg)
High-quality Internet for higher education and research
A-Select in 2002
![Page 8: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/8.jpg)
High-quality Internet for higher education and research
A-Select in 2002 (2)
![Page 9: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/9.jpg)
High-quality Internet for higher education and research
The marketing dilemma
How do you get the other universities to use this?
Encourage usage outside and within higher-ed
![Page 10: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/10.jpg)
High-quality Internet for higher education and research
The question then becomes:
Why don’t you use it?
![Page 11: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/11.jpg)
High-quality Internet for higher education and research
2002-3: versions 1.1 – 1.3
• Logging• APIs and protocol improvements• Better user database support • More AuthSPs
![Page 12: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/12.jpg)
High-quality Internet for higher education and research
A-Select in 2003
![Page 13: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/13.jpg)
High-quality Internet for higher education and research
2003: Build a community
• E-government chose A-Select, as did the public libraries
• System integrators
• More universities.
Some 100.000 users in NL
![Page 14: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/14.jpg)
High-quality Internet for higher education and research
2004: Strengthen the community• e-government becomes DigiD, keep them on board• Work together with libraries• Add features:
– fail over– more application integration components
Open standards are becoming very important with Shibboleth and SAML, especially for higher education
![Page 15: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/15.jpg)
High-quality Internet for higher education and research
2004: A-Select diffusion
Encourage usage via diffusion program: target 100,000 users by the end of 2006.
Result: >> 200,000 users in higher ed and more are coming!
Activities:• Documentation• Integration components• On site support• Project consultancy
![Page 16: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/16.jpg)
High-quality Internet for higher education and research
2005: Towards a Federation
Release 1.4.1: integrating a lot of contributions from the community, massive clean-up of the codebase
Release 1.4.2: Adding a simple yet flexible authorization engine and attribute acquisition (using, CGI, SOAP, LDAP)
![Page 17: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/17.jpg)
High-quality Internet for higher education and research
A-Select in 2005
![Page 18: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/18.jpg)
High-quality Internet for higher education and research
A-Select in 2005
![Page 19: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/19.jpg)
High-quality Internet for higher education and research
2005: Digid more and more visible
First cities are using Digid as an A-Select based IdP
First tests with online tax forms with Digid as IdP
![Page 20: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/20.jpg)
High-quality Internet for higher education and research
2006: Federation for real
Release 1.5: adds SAML 1.1 with Shibboleth profiles. A-Select can act as IdP for Shib-protected resources.
From 2007 onwards Digid mandatory for online tax forms
Millions of users.
![Page 21: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/21.jpg)
High-quality Internet for higher education and research
Federation in 2006
users identities central federation components resources
(SAML)
SAML
![Page 22: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/22.jpg)
High-quality Internet for higher education and research
Winding down
• Apache style licensed• 98% Java based code• > 5 authN Methods• Healthy market and community• millions of users• Incremental growth has paid of: from authN to
federation middleware• Open source is a viable model for “NL as a company”
![Page 23: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/23.jpg)
High-quality Internet for higher education and research
What’s next
• 1.6• WS-* support• SAML 2.0 support• A-Select starter kit (with Linux, reverse
proxy, ...)
![Page 24: Maarten Koopmans SURFnet, maarten.koopmans@surfnet.nl OASIS Adoption forum 2006](https://reader036.vdocuments.net/reader036/viewer/2022062520/56815c37550346895dca25b1/html5/thumbnails/24.jpg)
High-quality Internet for higher education and research
Expanding internationally
Open standards important for collaboration!
Thank you, OASIS!