1 / 12

Investigating Liberty Alliance and Shibboleth Integration

Investigating Liberty Alliance and Shibboleth Integration. Nishen Naidoo, 30396468 Supervisor: Dr. Steve Cassidy. Talk Outline. Introduction to Federated Identity Management Example Multiple Frameworks Shibboleth Liberty Alliance Project Objectives and Motivation

farren
Télécharger la présentation

Investigating Liberty Alliance and Shibboleth Integration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, 30396468 Supervisor: Dr. Steve Cassidy

  2. Talk Outline • Introduction to Federated Identity Management • Example • Multiple Frameworks • Shibboleth • Liberty Alliance • Project Objectives and Motivation • Deconstructing the Frameworks • Conclusion

  3. Federated Identity Management (FIM) • Reduce number of online identities • Reduce privacy exposure • User controls who sees what • Enables easy sharing of resources

  4. Main Actors in FIM • Users • Using a User Agent (Browser) • Service Provider • Provide resources and services • Protect resources and services • Identity Provider • Authenticates users • Provides security assertions to Service Providers

  5. Example Interaction • Resource Request • Redirection to IdP • SAML Authentication Request • IdP authenticates User • Form Response • SAML Authentication Response • Automatic Form Submission • Process Assertion • Resource Acquired

  6. Multiple Frameworks • Shibboleth • Higher Education focus • Resource Sharing, privacy, security • InCommon, AAF • Liberty Alliance • Commercial sector focus • Service integration, privacy, security • Intel, GM

  7. Issues with Multiple Frameworks • User perspective • More credentials due to technology limitation • Less privacy • Unnecessary federations • Formed from having to support multiple technologies • Increases difficulty of forming federations • Need to support services within each framework? What do you do?

  8. Project Objectives • Investigating whether we can extend a federation beyond the boundaries imposed by the technologies it employs – integration…

  9. Deconstructing the Frameworks • Both frameworks base on SAML specification • Identified the following: • Assertions – identical to each other (both SAML) • Protocols – identical (SAML) • Bindings - Different • Profiles – Similar enough (derived from SAML).

  10. Relevant Logical Subcomponents • Service Provider • Attribute Requester • Assertion Consumer Service • Identity Provider • Attribute Authority • Single Sign On Service

  11. Technology Example • Shibboleth Identity Provider • Java Web Application based • Employs servlets as endpoint processors • Has filter capabilities (interceptor pattern)

  12. Conclusion • Identified the binding differences and conversions • Message structure • Parameter referencing • Identified strategic architectural locations for adaptation • Provided technology example • Identified implementation as future work

More Related