Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CIFER (TIER?) Update

William G. Thompson, Jr.
June 02, 2014
Technology
0
250

CIFER (TIER?) Update

Community Identity Framework for Education and Research (CIFER) is an ambitious cross community initiative to create and promote a comprehensive, community-based approach to identity and access management (IAM) in higher education. This session provides an overview of CIFER to date. Work has been proceeding in parallel tracks with teams made up of technical and functional experts drawn from Kuali, Internet2, Apereo and various higher education institutions. The presentation will highlight the ways in which CIFER is focused on solutions to real-world campus problems of IAM integration including the challenging tasks of authentication, authorization, provisioning and de-provisioning for cloud services.

William G. Thompson, Jr.

June 02, 2014
Tweet

More Decks by William G. Thompson, Jr.

See All by William G. Thompson, Jr.
Enterprise Authorization Strategies - Intro to Grouper
wgthom
1
490

Other Decks in Technology

See All in Technology
競技としてのKaggle、役に立つKaggle
yu4u
3
1.5k
[新卒向け研修資料] テスト文字列に「うんこ」と入れるな(2024年版)
infiniteloop_inc
4
15k
私が trocco を推す理由
__allllllllez__
1
220
ChatGPT for IT Service Management (IT Pro)
dahatake
7
1.6k
Google Cloud Next '24 Recap(Cloud Run/k8s)
mokocm
0
220
複雑な構成要素を持つUIとの向き合い方 〜新・支出グラフでの実例〜 / B43 TECH TALK
nakamuuu
0
140
自己改善からチームを動かす! 「セルフエンジニアリングマネージャー」のすゝめ
shoota
6
700
Postman v10リリース後を振り返る / Looking back at Postman v10 after release
yokawasa
1
160
Reducing Cross-Zone Egress at Spotify with Custom gRPC Load Balancing Recap
koh_naga
0
210
データベース02: データベースの概念
trycycle
0
160
アクセシビリティを考慮したUI/CSSフレームワーク・ライブラリ選定
yajihum
2
1k
元インフラエンジニアに成る / Human Resources to Human Relations
bobtani
4
920

Featured

See All Featured
Atom: Resistance is Futile
akmur
259
25k
Being A Developer After 40
akosma
57
580k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
30
6k
The Invisible Customer
myddelton
114
12k
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
Building Effective Engineering Teams - LeadDev
addyosmani
28
1.8k
BBQ
matthewcrist
80
8.8k
Docker and Python
trallard
34
2.7k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
244
20k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
60
14k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
125
32k
How to Ace a Technical Interview
jacobian
272
22k

Transcript

  1. CIFER TIER? Update ! Community Identity Framework for Education and

    Research Trusted Identities in Education and Research William G. Thompson, Jr., CISSP, CSSLP Director Identity & Access Management Practice [email protected]

  2. • 3 years - Director, IAM Practice, Unicon - IAM

    Practice, CAS, Shibboleth, Grouper, CAS PMC, CIFER Project, CISSP, CSSLP • 2.5 years - Senior Associate Director, Princeton University - .NET CAS Client, Enterprise WebSSO Strategy • 6 years - Associated Director - Rutgers University - myRutgers (uPortal), Jasig CAS Project, uPortal Release Engineer, Jasig Board of Directors About Bill http://www.linkedin.com/in/wgthom

  3. • Trusted Partner since 1993 • Expertise in Open Source

    Software for Education • Professional Services for uPortal, Sakai, CAS, Shibboleth, Grouper, Student Success Plan,… • Open Source Support Program • Timely, expert, private advice and assistance About Unicon

  4. Unicon Advantage • Domain Expertise in Higher Education • Commitment

    to Open Source • Experienced People • Large Company Abilities, Small Company Values

  5. Overview • Why Identity and Access Management? • WebSSO &

    Federation • Enterprise Authorization Strategies • CIFER - Person Registry, Shared APIs • IAM Testbed • TIER

  6. “It's not just about federation, it's about enabling high-value collaboration

    across thousands of disciplines and millions of people. Hence agreement on attribute and authorization management, application integration, administration procedures, workflow, privacy management,...” - RL 'Bob' Morgan Why IAM?

  7. Why CIFER TIER? Concordia res larvae crescent

  8. WebSSO and Federation CAS and Shibboleth - more perfect together

  9. None

  10. •User experience and expectations •Existing IAM architecture and infrastructure •Enterprise

    Portal •Closed source enterprisey systems - Peoplesoft, Banner,... •Home-grown ASP, .NET, ColdFusion, Perl, Python, PHP, Ruby, Java, GWT,...,Zope •CAS supported - Sakai, uPortal, TWiki, Altassian, WordPress, Zimbra,... •The hard cases: OWA, IMAP,... Enterprise WebSSO

  11. • Flexible user experience • SSO Session logout • Opt-in/out

    of SSO per application • Flexible login/logout flow via SWF • Supple, Extensible, Elegant • Multi-protocol - CAS, SAML*, OAuth,... • Spring configuration • Easy to deploy, scale and operate • Simple protocol with wide range of clients and application support • Huge adoption across Higher Education CAS is great!

  12. • Cross-organizational collaboration • Inter-Federation • EduRoam • Net+ Services

    • Cloud-based services Federation

  13. • Robust SAML implementation • InCommon Federation • Growing list

    of “Cloud”-based SAML Service Providers • NET+ • Levels of Assurance Shib is great too!

  14. LDAP/AD Google Apps* Any SaaS InCommon Federation SP SP SP

    SP SP SP Campus Web Applications CAS Attribute Resolution Primary Authentication OpenId Providers Jasig CAS Enterprise Web SSO External AuthN Shibboleth Identity Provider ClearPass OAuth Attribute Resolver WebSSO Campus Web Applications Shib Enterprise Portal Enterprise Service CAS Web SSO Domain SAML

  15. • CAS Shib Integration • https://github.com/Unicon/shib-cas-authenticator • https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration ! •

    CAS Client Integrations • https://github.com/Unicon/cas-blackboard-learn • https://github.com/Unicon/cas-webadvisor • https://github.com/Unicon/cas-owa-2010 • https://github.com/Unicon/cas-chalk-wire-webapp ! Resources

  16. Enterprise Authorization Strategies  Groups, Permissions and Grouper

  17. None

  18. • Authentication, WebSSO is not enough • Lots of apps,

    lots of groups • Identities -> Groups -> Roles/Permissions • IAM Maturity • Cloud enablement • Distributed management • Security, Efficiency, Agility Why Grouper?
  19. None

  20. Ad-hoc Collaboration Communities Creates various groups in Grouper

  21. None
  22. None
  23. None

  24. ! • Grouper Project • http://www.internet2.edu/grouper ! • Grouper demo

    server: • https://grouperdemo.internet2.edu/ ! • Grouper 2.2 UI • http://grouper-ui.uchicago.edu/hifi/index.html Resources

  25. 1 CIFER

  26. CIFER Person Registry Workstream • Person Registry Evaluation • https://spaces.internet2.edu/display/cifer/Registry

    +Evaluation ! • Rutgers Overview for CIFER • https://spaces.internet2.edu/download/ attachments/29655678/Open+Registry +Review.zip? version=1&modificationDate=1336166170966
  27. None
  28. None

  29. IAM Testbed • https://github.com/apereo/iam-testbed/ issues?milestone=2&state=open • https://spaces.internet2.edu/display/ InCCollaborate/IAM+Testbed

  30. TIER • http://www.internet2.edu/vision-initiatives/ initiatives/trusted-identity-education/

  31. • Guest Management with Open Registry, Monday 1pm • Identity

    Match, Monday, 3:15pm • RESTful APIs, Tuesday 10am • Open Registry in Production, Tuesday 11am • Grouper, GAE, and Sakai, Tuesday, 1pm • Grouper for Beginners, Tuesday 2pm • Identity Console, Tuesday, 4pm