Published on November 14, 2007
OpenAthens SP: Technical Overview
Topics • The shape and significance of new identity architectures • The benefits of OpenAthens SP • Walk-through demo
The OpenAthens premise Identity standards are maturing and will play an essential part in modern web applications... ...but building practical, yet effective architectures around them can be a major challenge
Evolution of identity architectures • Previously bespoke solutions, based on a variety of technologies: – IP authentication – Username/password – LDAP – SQL – X.509 certificates
Recent changes • 2 significant changes in last 2-3 years directly concerned with identity: 1) 'Federation' has become widely accepted as the future of identity architectures 2) Standards dealing specifically with (federated) identities have emerged • These standards are now reaching maturity
Meanwhile... • The web is reshaping... • User's concept of online identity has radically changed • Web APIs are opening up
The identity Threats Identity theft environment Phishing Web 2.0 SAML OpenID Social networking Shibboleth Blogging Wikis CardSpace XACML Instant messaging LDAP WS-* X.509 User trends Standards/ Protocols Browser Apache IIS J2EE .NET PHP Ruby on Rails Open Source Applications
Implications of this • These changes have meant a bespoke approach to identity is no longer appropriate – Standards are too complicated for this! • A flexible approach to identity is fundamental to modern web applications
Where does 'identity' fit? SOAP Application XML SQL Web server Database HTTP TCP Network DNS
Where does 'identity' fit? SOAP Application XML SAML WS-* 'Identity infrastructure' OpenID SQL XACML Web server Database HTTP TCP Network DNS
So what does this imply? • Standards facilitate 'layering' of technologies • People are already talking about an ‘identity infrastructure' • Projects addressing this now: Higgins (Eclipse), Bandit (Novell)
Introducing OpenAthens SP... • OpenAthens SP contributes to an identity infrastructure in 3 ways: 1) It provides a set of software components to support various identity standards 2) It provides the necessary 'glue' to integrate with an application 3) It provides a supported package to connect to communities of users
Application SQL Platform Audit LDAP SAML Shib ... Policy IdP identity SP identity infrastructure infrastructure OpenAthens SP component Existing or 3rd party component
1) Components • OpenAthens SP comprises a set of modules supporting – Athens – SAML 1.0/1.1/2.0 – Shibboleth – OpenID – MS information cards
2) Integration with applications • OpenAthens SP is built on a 'data layer' – the OpenAthens SP platform • Abstraction – Application interacts with the platform not individual modules • Support for multiple languages and platforms
3) Connecting to users • The combination of 1) and 2) allows for pre- packaged solutions for different communities • OpenAthens SP is available fully supported, currently in 2 different flavours – Athens (inc. NHS) – UKAMF
Application SQL Platform Audit Federation LDAP data SAML Shib ... Policy SP identity infrastructure OpenAthens SP component Existing or 3rd party component
Select organisation: OpenAthens SP finds organisation in SAML metadata:
SAML response: Platform 'exports' attributes to application:
Summary • OpenAthens SP can: – Connect a SP to Athens – Connect a SP to Shibboleth identity providers in the UK Access Management Federation • OpenAthens SP is: – Supported by Eduserv in the above scenarios – Actively developing to support the latest identity standards (eg. information cards)
Where to find out more? • There’s more information on our website http://www.athensams.net • Information and live demos are available on the stand outside firstname.lastname@example.org
Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...
In this presentation we will describe our experience developing with a highly dyna...
Presentation to the LITA Forum 7th November 2014 Albuquerque, NM
Un recorrido por los cambios que nos generará el wearabletech en el futuro
Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...
RAPTOR Retrieval Analysis, and Presentation Toolkit for usage of Online Resources Deliverable 5.1: Reporting Options Information Services Cardiff ...