2. Terminology
Single Log On
• single point of authentication (e.g ldap)
• synchronised account and credentials
• authenticate to each application
Single Sign On
• single point of authentication
• single credential, single account
• authenticate once
3. Terminology
Identity Provider
• Organisation that holds identity data/credentials
Service Provider
• Organisation accepting federated identities
IdP, SP, OP, RP
5. Federated Access in Education
SAML widely adopted in national academic federations
• UK Access Management Federation
• InCommon
• Switch AAI
• HAKA
• Swamid
• AAF Confederation
• Surfederatie
• Feide
• GARR Idem AAI
SAML used in other sectors Realty, Aerospace, Automobile, 401k
6. Federation or Service
Provider WAYF
Server
Institutional SAML
Server
Service Provider
SAML server
Service Provider Web
Server
Se
Institutional User Institutional Web
rvi
c
Repository Server
eP
. )
rov
IdP
ide
n(
r(
tio
SP
titu
)
Ins
.
Service Provider User
Repository
8. Edugate
– IdP’s
• Institutes of Technology
• Universities
• Private colleges
• Research agencies
9. Edugate
– SP's
• Any IdP can be a SP
• Shared services offered by IdP's
• Academic content providers
• Research portals
• Organisations offering academic discount
10. Membership has its benefits
Federation is a web of trust underpinned by...
– Policy
• Membership rules
– Identity providers must ensure identities are assured
– Service providers must not abuse data protection rules
• Confederation/Interfederation
– Technical
• Standard protocol
11. Membership has its benefits
Management of identity provider
– Consent management
– Attribute release
HEAnet assistance to get started
– Directory integration for IdP's
– Application integration for SP's
18. Future Directions
– Confederation
• UK Federation / eduGAIN
– Attribute aggregation
• Student account is but one part of a user account
– Who knows?
• Schools
• Make a 'social' account out of of the 'campus' id.
• National student ID
19. Summary
Terminology
SAML
Edugate
Join us at www.edugate.ie