Log in with Google and Facebook! Expand the reach of your application by allowing social identities

Transcript

1. June 1-5 2014, Miami Log in with Google and Facebook!

   Expand the Reach of Your Application by Allowing Social Identities Keith Hazelton, University of Wisconsin

2. June 1-5 2014, Miami Use Cases for Federation and Social

   Identities

3. June 1-5 2014, Miami Students - Access to Course Tools

   Common “Course Tools”: LMS, Wiki, Webcast • Guest lecturers • Auditors • Continuing Education Programs • Learning services or “courses” outside the context of a traditional for-credit course. • Many of these opportunities extend outside the campus community.

4. June 1-5 2014, Miami Students - ePortfolios • Students can

   create e-portfolios, either within the context of their academic or career-related pursuits • Students want to be able to share these portfolios with families, friends, and prospective employers • Students may not want to make the portfolios openly available to the world

5. June 1-5 2014, Miami Parents • Pay tuition • Access

   course materials • Encourage ongoing engagement • Sign up for events • Mentor • Donate to the university

6. June 1-5 2014, Miami Research Collaborators Common Shared Platforms: wiki,

   project tracking, filesharing • Brainstorm research problems • Document findings • Share contact info • Share project timelines and budget

7. June 1-5 2014, Miami Incoming Students Student Groups, Course Tools,

   Campus Events • Meet current students with shared interests • Check out some courses • Register for campus activities and events

8. June 1-5 2014, Miami Alumni Career Center Tools, Mailing lists

   and FileShares, Campus Events, Student Groups • Use career center tools seamlessly after graduation • Maintain access to contact lists and shared materials • Register for campus events • Mentor current students

9. June 1-5 2014, Miami Account Linking to Support Identity Lifecycle

   Student Use Case • Incoming students uses social ID • Creates university ID upon matriculation • Migrates to social ID upon graduation Research Use Case • Grad student at Stanford finishes PhD • Takes a summer off working for a private research firm • Accepts PostDoc at MIT

10. June 1-5 2014, Miami The Pain Point University or School

    Prospective Students Alumni/Donors Research Collaborators Guest Faculty Parents Continuing Ed Students Your Application. Students, Staff and Faculty are in... Everyone Else is Out Other Universities

11. June 1-5 2014, Miami Federation Universities created a trust framework

    to share resources with each other Any campus in the federation can access a federated online service 4000 Campuses are out Campus 1 Federated Online Service Campus 2 Campus 3 Campus 4 InCommon Federation for the US 450 campuses are in….

12. June 1-5 2014, Miami Current Solution – Guest Account System

    12 April 29 - BCNET 2014 Conference University or School Register Guests Store Guests Prospective Students Alumni/Donors Research Collaborators Guest Faculty Parents Continuing Ed Students

13. June 1-5 2014, Miami + + =

14. June 1-5 2014, Miami Solution – Gateway Service Provide Access

    to Federated Resources with a Social Identity Prospective Students: Log into course catalog Alumni/Donors: Sign up to volunteer Research Collaborators: Academic/Industry partnerships Guest Faculty: Teach a class! Parents: Pay bills for their kids Continuing Ed Students: Enroll in online courses Gateway Service Campus 1 Federated Online Service Campus 2 Campus 3 Campus 4 *All Logos are Trademarked

15. June 1-5 2014, Miami Gateway Options

16. June 1-5 2014, Miami Run Your Own • A couple

    campus examples – https://apps.canvas.uw.edu/wayf – http://www.cmu.edu/hub/MyPlaidStudent/index.html • InCommon Pilot: https://samlgwtest.theotislab.com/servDetails.html • simpleSAMLphp: https://simplesamlphp.org/

17. June 1-5 2014, Miami Subscribe to a Service • Cirrus

    Identity Gateway Service – Console for Integrating Social Identity Providers (Google, Facebook, etc) – Authentication Gateway – Configurable Discovery Service – Invitation Service

18. June 1-5 2014, Miami Configuring Social Identity Providers with the

    Cirrus Console

19. June 1-5 2014, Miami

20. June 1-5 2014, Miami

21. June 1-5 2014, Miami

22. June 1-5 2014, Miami

23. June 1-5 2014, Miami

24. June 1-5 2014, Miami Do You Want to Enable Everyone

    with a Google Account to Log Into Your App? Probably Not… So You Need an Invitation Service

25. June 1-5 2014, Miami Brown University MACE-Grouper Invitation

26. June 1-5 2014, Miami

27. June 1-5 2014, Miami

28. June 1-5 2014, Miami

29. June 1-5 2014, Miami

30. June 1-5 2014, Miami

31. June 1-5 2014, Miami

32. June 1-5 2014, Miami Cirrus Identity Invitation Service

33. June 1-5 2014, Miami

34. June 1-5 2014, Miami

35. June 1-5 2014, Miami

36. June 1-5 2014, Miami

37. June 1-5 2014, Miami

38. June 1-5 2014, Miami

39. June 1-5 2014, Miami Discovery with Social Identities

40. June 1-5 2014, Miami Penn State Wiki - Current Gateway

    • “Double” discovery • Only supports OpenID (no OAuth) • Accessibility? 1) Choose OpenID from List 2) Select OpenID Provider

41. June 1-5 2014, Miami With Cirrus Gateway • No more

    double discovery • Can customize service order • OAuth (so now we can support Facebook and Twitter)

42. June 1-5 2014, Miami Social Identity Risks and Cautions

43. June 1-5 2014, Miami API Changes • Social Providers place

    API call limits on number/rate of allowed authNs • Social Providers can change terms at any time • If a gateway is set up at the campus level (not per SP), those limits apply to all apps using the gateway • One high volume app can max out a campus-wide gateway for all other apps

44. June 1-5 2014, Miami Level of Assurance • Social Identities

    most appropriate for “arms length” relationships • No guarantee of user’s real identity • Ideal where user is “sponsored’ by a known campus identity, lending some trust • A way to know the same entity logged in, even if you can tie that to a person

45. June 1-5 2014, Miami Attribute Persistence • Social Identities typically

    lack a true persistent, unique identifier – Facebook users allowed to change username at least once – Twitter users can change handle anytime – LinkedIn IDs change when API key and secret change • Google is the only social IdP with a reasonable persistent identifier (see long number string associated with Google + profile)

46. June 1-5 2014, Miami Attribute Consistency • Social Identities lack

    a standard way of defining standard person profile attributes • Sample social IdP/SAML attribute mappings:http://cirrusidentity.com/docs/gateway- service/social-providers-overview • For standard attribute like “mail”, no consistency – Google hosts 1000s of email domains – Windows Live asserts mail as multivalued

47. June 1-5 2014, Miami So Why Use Social Identities? •

    Eliminate costs of running local guest account systems and helpdesk support associated with forgotten guest username/passwords • Reduce friction associated with providing access to external guests • Enhance collaboration and expand access for your institution

48. June 1-5 2014, Miami Resources • Cirrus Identity • simpleSAMLphp

    • OpenID Connect • InCommon Social/External Identities workgroup • InCommon Gateway Pilot • Internet 2 Global Summit Social Identity Preso

49. June 1-5 2014, Miami Questions?