1 / 16

UNI-login – a national educational single sign on solution

UNI-login – a national educational single sign on solution. Standards and Interoperability Expert workshop 4.2 February 26 th , 2009 Michael Viskum. UNI • C Denmark´s IT-Centre for Education and Research.

faustus
Télécharger la présentation

UNI-login – a national educational single sign on solution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UNI-login – a national educational single sign on solution Standards and InteroperabilityExpert workshop 4.2 February 26th, 2009 Michael Viskum

  2. UNI•C Denmark´s IT-Centre for Education and Research • UNI•C, The Danish IT Centre for Education and Research, offers a broad spectrum of ICT services for the educational and research community, and more than 500,000 users are in frequent contact with UNI•C’s products and IT services. • UNI•C is an agency to the Danish Ministry of Education. Our core competencies are comprehensive IT solutions for the educational sector - right from the technical connection to pedagogical tools. • UNI•C has around 300 employees at 3 locations in Denmark.

  3. UNI•C’s services to education • Sektornet - including e.g. security solutions • UNI•Login • Educational websites (EMU and its many services) • Intranet / local learning environments • Professional development of teachers in the field of ICT integration in education • Pupils’ ICT licence • Administrative systems • Statistics and analyses for the Ministry of Education • Hosting and facility management • The Danish Research Network • IT - Security (e.g. DK•CERT) • International collaboration

  4. UNI-Login – a Single Sign On Vision • To provide a unified login for all IT-services in the Danish educational sector. • Current goal is to build a national authentication and authorization framework and provide unified login for web-based services.

  5. Towards UNI-Login SkoDa and SkoleKom services adapted by UNI-C UNI•C central user database HUGO was founded UNI-Login was born Single login only UNI-Login As a general SSO service Extended integration with various systems Year 1995 1997 1999 2001 2003 2005 2007 2009 Users 250.000 500.000 700.000 800.000 SkoDa – database service for schools in Denmark SkoleKom – mail and conferencing system for schools in Denmark HUGO – UNI•Cscentral user database

  6. HUGO – Central user database • Centralized user administration for the Danish educational sector. • Delegated administration ensures quality of data. • Forms the immediate basis for authentication and authorization control for the unified login • 2.600 primary and secondary schools • 2.600 other institutions (Vocational schools, publishers, museums, municipalities, ministries, etc. ) • 740.000 children/students • 91.000 teachers/employees

  7. First step: Single Login • HUGO populates a central LDAP-database with passwords and access rights (service codes). • Provides the authentication and authorization service called Single Login. • Users must login to each service. • Basic access rights: user groups • Advanced access rights: service codes

  8. Single Sign-On – Pubcookie solution • Solution at UNI-C is based on Pubcookie from University of Washington. (www.pubcookie.org) • a central login-server. • Cookies and passwords are protected by SSL and host domains. • No browser extensions required. • Platform neutral, both on client and server side. • Plug-in modules available for Apache and IIS webservers.

  9. Integration of external applications • In some cases it is not possible or desirable to use Pubcookie directly with a given application (SSL not wanted, external DNS domain). • UNI-C has developed an SSO proxy solution. • Authentication info is communicated in a short-lived URL-encoded fingerprint. • Security model is based on a shared secret.

  10. Overview Providers webbased service Providers webbasedlog on page School Name Class etc. UserID UserID Log on yes Infotjenesten (a set of well defined webservices) Already logged on? Yes SSO Proxy Do userID and passwordmatches? No UNI•Logins log on page No

  11. Workflow

  12. UNI-Login – what can it be used for? More than 800.000 administrators, teachers and students has a unique id and password. : • All children and teachers in the primary schools • All publishers of educational content in Denmark • All museums • Many students and teachers in other educations institutions The UNI-Login gives access to: • national tests by the ministry, • online subscriptions by private publishers, • video streaming from the National Broadcasting Company (DR), • local intranets at school level, • local network access at schools and • all services at UNI-C.

  13. EMU and other services from UNI-C Private publishers Local intranets at schools Video streaming (DR) UNI-Login Other content providers National tests Local network access at schools Optagelse.dk 13

  14. External UNI-Login applications • abc.dk - [http://abc.gyldendal.dk/] • Aschehougs Leksikon - [http://www.ashleks.dk/] • Danske dyr - [http://danske-dyr.dk/] • Dansk Historie - [http://danskhistorie.dk/] • Ekstra Bladet Skole - [http://ekstrabladet.dk/skole] • Elevplaner - [http://elevplan.mikrov.dk/] • Elevunivers - [http://elevunivers.dk/] • Evaluerings System - [http://www.evalueringssystem.dk/] • Forlag Malling Beck, Materialehylden - [http://www.materialehylden.dk/] • Forlag Malling Beck, MPO - [http://www.mpo.matematik.dk/] • Forlag Malling Beck, Vækstpunkter - [https://vpunkt.emu.dk/vpunkt/WStartPage.aspx] • Filmstriben - [http://www.filmstriben.dk/skole/] • FriLaesning.dk - [http://frilaesning.dk/] • Hval - [http://hval.dk/]/ • Matematikkens Univers - [http://www.matematikkensunivers.dk/] • Mingoville - [http://www.dk.mingoville.com/] • Praktik+ - [http://www.pplus.dk/] • Skole - [http://dr.dk/skole] • Skolegloben - [http://www.skolegloben.dk/] • SkoleIntra - [http://skoleintra.dk/] • Skolenetværket - [http://secure.skolenetvaerket.dk/] • Trafiktjekket - [http://trafiktjekket.dk/] • UddannelsesGuiden - [http://ug.dk/] • Undervisningsbanken - [http://www.undervisningsbanken.dk/] • It’s Learning VLE • SkoleIntra

  15. Next steps • Improved synchronization of data between HUGO/Data store and external applications • Integration of more external applications. • Development of a more sophisticated logout model for SSO.

  16. Summary • UNI-C has with the UNI-Login deployed a web-based SSO infrastructure for the educational sector • Most of our own web-based services are using UNI-Login. • Made possible by the central HUGO user database with delegated administration. • Has been widely accepted by the educational sector.

More Related