1 / 4

Roadmap for Higher Education Institutions: Will New Identity

The most successful SAML application has probably been Google Mail. Many campuses are using SAML to enable students to check their mail without having to store passwords on Google.

gluu
Télécharger la présentation

Roadmap for Higher Education Institutions: Will New Identity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Roadmap for Higher Education Institutions: Will New Identity Standards Achieve the Promise of Federated Identity? OAuth2 based identity standards bridge web and mobile security requirements and have critical developer and industry support. It is harder than you think to identify a person online. Verizon estimates that 80% of security breaches in 2013 were a result of a failure to do so correctly. Since the early 2000s, several standards have risen and fallen that defined a mechanism to identify a person using the Web. Some of these standards were presented as the panacea to Single sign on server, but failed to realize any adoption. Some achieved moderate adoption, but never achieved the ubiquity of Internet standards like DNS or SMTP–where every domain on the Internet is expected to maintain a service. No Web authentication standard has achieved even the level of adoption of LDAP. Standards in identity and security are crucial because the applications used by higher education institutions are heterogeneous: commercial, SaaS, open source and home grown applications all must share the same security infrastructure. When a person authenticates, they won’t notice the difference between one standard or another.

  2. But the institution’s IT staff is expected to understand the standards in enough detail to know which organizational cryptographic keys need to be protected and managed. “SAML”–the Security Assertion Markup Language–is one such standard that has seen moderate adoption. But despite a concerted effort to evangelize SAML by Educause, Internet2 and other information technology leaders in education, thousands of campuses have not adopted it. Today a person is more likely to use their Face book credentials to access a web or mobile resource than to use their university SAML credentials. The most successful SAML application has probably been Google Mail. Many campuses are using SAML to enable students to check their mail without having to store passwords on Google. But the number of SAML websites the average campus enables is usually pretty small; around a dozen is not uncommon. The introduction of the iPhone in 2007 changed the requirements for online authentication, and pulled the rug out from under some of SAML’s core assumptions. The Web browser is not the only conduit for services. We use our mobile phones, tablets, and other devices to access a wide array of our online stuff. Largely completed by 2005, SAML was not designed to accommodate many of the patterns now commonly in use, like when a mobile application calls a backend API. The big consumer IDPs like Google, Microsoft and Face book figured how to get a significant number of people and websites to adopt their standard for Web authentication.

  3. How did they do it? They did a great job of listening to developers, and designed an authentication API that suited their preferences. And then the developers created great content. The advances made by Google and other consumer IDPs will greatly benefit higher education institutions. For early adopters of SAML, the good news is that identity and trust management does not change with the introduction of a new identity federation API. Applications architected for SAML can be upgraded to support newer authentication APIs usually by changing a small amount of code, or hopefully by using a different plug in. Likewise, multi-party federations like In Common could also profile and support new protocols. Gluu has proposed the development of a new standard for JSON multi-party federation metadata and standardizing OAuth2 federation endpoints. New protocols may also require the updates of definitions in documents like federation Participation Agreements; for example, Gluu publishes a sample agreement that defines terms like “Client Claims” and “OpenID Provider.”

  4. Identity will continue to be a core enabler for higher education institutions. By affiliating with an institution, the person will gain access to resources–physical plant and network resources. In fact, instead of moving toward outsourcing identity to a central silo like Google, new standards will enable wide scale decentralization. We don’t want to require a Google account. But if institutions publish the same API as consumer IDPs, web site developers won’t have to implement any extra code to support an institution’s security infrastructure. It is important to avoid adopting an aversion to “not-invented-here.” Innovation comes from unexpected places. By aligning with consumer standards for single sign on authentication, people will be able to use their university credentials to access even more content. The pace of innovation has not slowed down. The “Internet of Things” is creating even more requirements for inter-operable security. New standards will make this possible. And most likely, they will extend the OAuth2 standards originated in the consumer sector. Article resource:-http://gluu.blog.com/2014/09/12/roadmap-for-higher-education-institutions-will-new-identity-standards-achieve-the-promise-of-federated-identity/

More Related