OpenAthensSP: A technical overview

50 %
50 %
Information about OpenAthensSP: A technical overview

Published on November 14, 2007

Author: david.orrell



OpenAthensSP provides a flexible platform for integration of federated identity technologies into applications. It supports SAML, OpenID, the Eduserv Athens services, and more federated standards.

This presentation gives an overview of the objectives of the platform and how it interacts with applications.

OpenAthens SP: Technical Overview

Topics • The shape and significance of new identity architectures • The benefits of OpenAthens SP • Walk-through demo

The OpenAthens premise Identity standards are maturing and will play an essential part in modern web applications... ...but building practical, yet effective architectures around them can be a major challenge

Evolution of identity architectures • Previously bespoke solutions, based on a variety of technologies: – IP authentication – Username/password – LDAP – SQL – X.509 certificates

Recent changes • 2 significant changes in last 2-3 years directly concerned with identity: 1) 'Federation' has become widely accepted as the future of identity architectures 2) Standards dealing specifically with (federated) identities have emerged • These standards are now reaching maturity

Meanwhile... • The web is reshaping... • User's concept of online identity has radically changed • Web APIs are opening up

The identity Threats Identity theft environment Phishing Web 2.0 SAML OpenID Social networking Shibboleth Blogging Wikis CardSpace XACML Instant messaging LDAP WS-* X.509 User trends Standards/ Protocols Browser Apache IIS J2EE .NET PHP Ruby on Rails Open Source Applications

Implications of this • These changes have meant a bespoke approach to identity is no longer appropriate – Standards are too complicated for this! • A flexible approach to identity is fundamental to modern web applications

Where does 'identity' fit? SOAP Application XML SQL Web server Database HTTP TCP Network DNS

Where does 'identity' fit? SOAP Application XML SAML WS-* 'Identity infrastructure' OpenID SQL XACML Web server Database HTTP TCP Network DNS

So what does this imply? • Standards facilitate 'layering' of technologies • People are already talking about an ‘identity infrastructure' • Projects addressing this now: Higgins (Eclipse), Bandit (Novell)

Introducing OpenAthens SP... • OpenAthens SP contributes to an identity infrastructure in 3 ways: 1) It provides a set of software components to support various identity standards 2) It provides the necessary 'glue' to integrate with an application 3) It provides a supported package to connect to communities of users

Application SQL Platform Audit LDAP SAML Shib ... Policy IdP identity SP identity infrastructure infrastructure OpenAthens SP component Existing or 3rd party component

1) Components • OpenAthens SP comprises a set of modules supporting – Athens – SAML 1.0/1.1/2.0 – Shibboleth – OpenID – MS information cards

2) Integration with applications • OpenAthens SP is built on a 'data layer' – the OpenAthens SP platform • Abstraction – Application interacts with the platform not individual modules • Support for multiple languages and platforms

3) Connecting to users • The combination of 1) and 2) allows for pre- packaged solutions for different communities • OpenAthens SP is available fully supported, currently in 2 different flavours – Athens (inc. NHS) – UKAMF

Application SQL Platform Audit Federation LDAP data SAML Shib ... Policy SP identity infrastructure OpenAthens SP component Existing or 3rd party component


Select organisation: OpenAthens SP finds organisation in SAML metadata:

SAML response: Platform 'exports' attributes to application:

Summary • OpenAthens SP can: – Connect a SP to Athens – Connect a SP to Shibboleth identity providers in the UK Access Management Federation • OpenAthens SP is: – Supported by Eduserv in the above scenarios – Actively developing to support the latest identity standards (eg. information cards)

Where to find out more? • There’s more information on our website • Information and live demos are available on the stand outside

Add a comment

Related presentations

Related pages

Miswanting: Some Problems in the Forecasting of Future ...

Read more

⭐RAPTOR. Retrieval Analysis, and Presentation Toolkit for ...

RAPTOR Retrieval Analysis, and Presentation Toolkit for usage of Online Resources Deliverable 5.1: Reporting Options Information Services Cardiff ...
Read more