1 / 22

Ocean Observatories Initiative Cyberinfrastructure Component

Ocean Observatories Initiative Cyberinfrastructure Component. CI Design Workshop 17-19 October 2007. Core Interaction Patterns of an Identity Federation Framework. OASIS SAMLv2.0 Liberty Alliance ID-WSF2.0. Core Interaction Patterns of an Identity Federation Framework.

waseem
Télécharger la présentation

Ocean Observatories Initiative Cyberinfrastructure Component

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ocean Observatories InitiativeCyberinfrastructure Component CI Design Workshop 17-19 October 2007

  2. Core Interaction Patterns of an Identity Federation Framework OASIS SAMLv2.0 Liberty Alliance ID-WSF2.0

  3. Core Interaction Patterns of an Identity Federation Framework • Explore general interaction aspects • Using Interactions to integrate an architecture • By example

  4. OASIS SAML v2.0

  5. OASIS SAML v2.0

  6. Connectivities Data Network Messages from & about interactions Control Network Realizes interactions for Observations Process Network Plays and constrains interactions to plan COI-Core

  7. The Message “Object” Evolution of semantic richness Interaction: Messages of Authn

  8. The art of the coddle: Bootstrapping Referrals Proxy Hiding Interaction: Exchanges of Authn

  9. Identity Federation Framework • Identity-enabled … • Privacy-respecting … • Regulatory/Governance-tractable … • Composable … • Domain-cognizant … • Dynamically-configurable … • Resource-aware … • Deployment-time extensible … • Process-instantiating … • Network services … • Framework

  10. Key Characteristics • Identity as organizing principle • Subject identification +[transient | persistent, opaque] • Sharing identifiers across trust domains • Confirming rights to authenticate • Authentication context • Discovery • Interaction • Attributed as first class objects • Privacy preferences, and policies • General application-level services framework • Extensible metadata for description & verification

  11. Liberty ID-WSF v2.0 http://projectliberty.org/liberty/specifications__1

  12. OASIS SAML v2.0 Stylized from: http://projectliberty.org/liberty/specifications__1

  13. SAML v2.0 context: assertion Subject The Subject • Subject’s Identifier | implied • SubjectConfirmation • Who are you to talk to me about this subject? … now? • You know what I want to hear • Encryption options • Extensible

  14. SAML v2.0 Name Identifiers The Principal • Abstract and Concrete types • Extend your own • Pair-wise semantics • Peering-mechanics • Extensible Typing (Format) • Privacy-preserving • EncryptedID • Pseudonyms

  15. SAML v2.0 SAML v2.0 Assertions • Statements • From SAML authority • About the Subject (or application-implied Subject(s)) • And other coordination (conditions, advice, encrypt) • Extensible • Kinds of Statements from SAMLAuthority about Subject: • Authentication Statement • Attribute Statement • Authorization Decision Statement • Statement (Extension point)

  16. SAML v2.0 Authentication Context • Context Class or Specific Context Declarations • Data Model: • Identification • Technical Protection • Operational Protection • Authentication Method • Governing Agreements • Authentication Contexts, before your extensions: • IP, IP password, Kerberos, time sync token, XML Signature, X.509 • mobile [one|two]-factor [contract|unregistered] • [authenticated] telephony, nomadic telephony, personal telephony • password-protected transport, SSL certificate, [secure remote] password • previous session, PGP, software PKI, SPKI, smartcard [PKI]

  17. SAML v2.0 SAML v2.0 Protocols* • Statements • From SAML authority • About the Subject (or application-implied Subject(s)) • And other coordination (conditions, advice, encrypt) • Extensible • Kinds of Statements from SAMLAuthority about Subject: • Authentication Statement • Attribute Statement • Authorization Decision Statement • Statement (Extension point) * and Bindings, and Profiles

  18. OASIS SAML v2.0

  19. OASIS SAML v2.0

  20. Liberty ID-WSF v2.0 http://projectliberty.org/liberty/specifications__1

  21. Modern Authentication Architectures • General interaction architectures • Decorated for identity • Attractive for specialization • At level of message exchange, and • At level of message object

  22. Core Interaction Patterns of an Identity Federation Framework • Explore general interaction aspects • Using Interactions to integrate an architecture • By example

More Related