feide connect – standard norge february 2015
TRANSCRIPT
Feide75 mill innlogginger
(2014)
~ 380utdannings
institusjoner
Web Single Sign-On
~ 300tjenester
Feide
ServiceProvider
SAML 2.0
WebSSOSAML 2.0 is specialized for Single Sign-On
ServiceProvider
OAuth 2.0 / OpenID Connect
API PlatformFeide Connect
Feide
DatakilderDatakilder
Gjestebrukere
IDporten? eduGAINGrupperPerson
søkAPI
Gatekeeper
Særdeles enkelt grensesnittOAuth2, REST
100% Selvbetjening
Andretjenester
Fremtidigetjenester..
100% Self service
Developer-friendly APIs
REST, OAuth 2.0
No XML, no xmlsec, no SOAP
Login flow
Replacement of the current Feide Consent page
User logs in to a newly registered app
Enterprise IdM User Centric
Batch provisioning Dynamic DataAPIs
Få store tjenester Mange små spesialiserte tjenester
Trends
SAML 1.1 WS-Federation
ID-FF 1.2 SAML 2.0
OpenID Information Card
OpenID 2 OpenID Connect
A shift towards the user centric paradigm
Enterprise User centric
OAuth 2.0
OpenID Connect
OAuth 2.0Protected APIs
Issue tokens
Access data
user tokens
Iden
tity u
ser
repr
esen
ted
by to
ken
Mobile
Web clients, but also
+ Mobile + Desktop + Client to service
Mobile › In-app browser vs. › System browser + custom url scheme
15
FeideSingle Sign-On session
= 8 hours
Tjenester
med interaksjon mellom brukere ikke bare mellom bruker og tjeneste
› Personsøk › Grupper
API for person lookup – white pages
Find people by search for name, and pick «contact cards».
In use for collaboration services, where people interact with each other.
18
Grupper
Person Medlemskap / rolle Gruppe Gruppetype
http://openvoot.org
Person Medlemskap / rolle Gruppe Gruppetype
GOUndervisningsgruppe
Ad-Hoc gruppe UHStudieretning
Tilknyttet skole X
http://openvoot.org
22
Groups Manage
ad-hoc groups
using groups and peoplesearch
APIs
API Gatekeeper
ServiceProvider
OAuth 2.0 / OpenID Connect
API PlatformFeide ConnectAPI
Gatekeeper
3rd partyservice or
data source
Support for multiple
Identity Providers
ServiceProvider
OAuth 2.0 / OpenID Connect
API PlatformFeide Connect
Feide Gjestebrukere
IDporten? eduGAIN
Særdeles enkelt grensesnittOAuth2, REST
100% Selvbetjening
FeideOpenIdP
gjestebruker-løsning
Feide Connect
› for eksisterende vertsorganisasjoner i Feide
Hva må man gjøre?
28
etherpad demo
Non-intrusive etherpad plugin no modifications
No external dependencies whatsoever! Not even simplesamlphp ;)
Uses Feide Connect for authentication and groups.
Setup with auto-configure
29
etherpad demo
Account
versus
Person
FeideID, fødselsnummer, overgang fra grunnskole til vgs til høyskole,
utvekslingsstudenter, høyskoler som slåes sammen, kommuner som slåes sammen.
Summary
Web Single Sign-OnDesktop applicationsMobile applicationsLong-lived access (tokens)GroupsGuest accountsInternational Cross-federationAuthentication and Authorizations of APIs
Feide
Summary
Web Single Sign-OnDesktop applicationsMobile applicationsLong-lived access (tokens)GroupsGuest accountsInternational Cross-federationAuthentication and Authorizations of APIs
FeideFeide Connect
Referansegruppe
› Representanter blandt tjenesteleverandører til GO.
Kontakt [email protected] Mer info feideconnect.no
Pilot Starter 1. juni 2015
Muligheter for tjenstelevandører å koble seg til en funksjonell plattform.
Kontakt [email protected] Mer info feideconnect.no
Andreas Åkre Solberg linkedin.com/in/andreassolberg
http://feideconnect.no