1 / 24

Identity Management in Education

Identity Management in Education. Welcome. Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education www.netprof.us. Topics. Define the issue Discuss authentication mechanisms Using a 10,000’ overview approach. The Problem. Cloud based systems benefits Google Apps

gina
Télécharger la présentation

Identity Management in Education

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity Management in Education

  2. Welcome • Scott Johnson, NetProf, Inc. • Creator of OmnID Identity Management for Education • www.netprof.us

  3. Topics • Define the issue • Discuss authentication mechanisms • Using a 10,000’ overview approach

  4. The Problem • Cloud based systems benefits • Google Apps • Thousands of frequently changing users • Multiple accounts • Multiple passwords • … multiple headaches

  5. Remember When… • Software for learning installed locally • Users authenticate locally once, access multiple applications • Well, most of the time.

  6. Local Supported Apps • Pros: • Users are already “trusted” • LDAP can be used for authentication • Cons: • Technology department responsible for install, operation, and updates • Sometimes requires its own hardware or server • Bottom line, it can be expensive

  7. Shift Towards SaaS • Pros: • Software provider is in charge of install, operation and maintenance • Fixed cost • Cons: • School is in charge of providing authentication

  8. Authentication Nightmares • Some sites are one user name full access • Others are locked by IP address • More and more are needing username and password information

  9. Does the Shoe Fit? • There is no one size fits all solution yet • Providing user information per system • Single Sign-on • OpenID • SAML2

  10. Creating Users by Hand • Local access to resources – LDAP • Access remote systems, eg. Google Apps • Create and manage accounts by “hand” • Accounts are managed one by one • Usually same password on all accounts • What happens when a password is compromised?

  11. Creating Accounts • SiS administrator Network Admin Local / LDAP Library Google Apps Online Learning On… and On…

  12. Managing Users Admin / Media Spec. / Para Local / LDAP Library Google Apps Online Learning On… and On…

  13. Provisioning Tool Local / LDAP Other Library Google Apps

  14. Managing Users Happy!! Local / LDAP Other Library Google Apps

  15. What About SIF? • Designed to send student data between SiS providers • One way • Adoption by developers of online software? • What about staff? • Each SiS company has a slightly different implimentation

  16. Single Sign-on • One password all systems • Sign-on once, use many

  17. Methods • Form Auth Provider • OpenID • SAML2

  18. Form Auth • Federate username and password to remote system • Form auth username password through local HTML link

  19. Form Auth • Pros: • Simple • Will work on systems that don’t support other methods • Cons: • “Connectors” • Accounts still need to be created • Passwords are still maintained remotely one by one • Forms change, connectors break • Usually pay by the “connector”

  20. OpenID and SAML2 • Both provide token identifiers for authentication • OpenID being pushed by Google • SAML is another open standard with slightly more security • (Security Assertion Markup Language)

  21. SSO Primer User SSO Portal Remote Service Provider Local Auth DB (LDAP)

  22. OpenIDvs SAML2 OpenID SAML2 HTTP Binding of request Service Providers loosely coupled IdP Identifier is global Does NOT support single sign out Multiple methods including HTTP Service Providers tightly coupled IdP valid for provider only Supports single sign out

  23. SSO Issues • Remote provider must support SSO method • Weak passwords = quick access for hackers

  24. Questions? • Slides will be up on www.netprof.us

More Related