SlideShare une entreprise Scribd logo
1  sur  1
Télécharger pour lire hors ligne
Authentication and Authorization exchange for University Federation
                                                                                                                                                                                                                                                   †
                                                                                                                                                                                                  M Nakagawa
                                                                                                        †                                            †                             ††                †      †
                                                                          K Kanenishi                             K Matsuura                                Y Miyoshi                     H Mitsuhara Y Yano
                                                                                                                                                                                     †                                             ††
                                                                                                                  The University of Tokushima                                                 Kochi University

1. Background                                                                                                       3. Shibboleth
                        Informatization of higher education                                                             Features                                                  Federations
                                                                                                                    •       Open source                                                    Name                                Country
                        Introduction of many web systems                                                                    •       Developed by Internet2                               InCommon                        United States
                                                                                                                            •       MACE Project                                         SWITCHaai                         Switzerland
            e-Learning utilization                           System cooperation                                     •       SAML implementation                                           DFN-AAI                              Germany
                                                                                                                            •       Distributed infrastructure                      UK Federation                       United Kingdom
        Increase convenience                                Complex management                                                                                                                    Other federations...
                                                                                                                            •       Building federation
                        Merit                                             Demerit
                                                                                                                                                                      Components
2. Problem
    User                                                Organization
•       Many passwords                                  •    Scattered identity
•       Each authentication                             •    Synchronization

                                                                                                                        ‣ Manage identity                             ‣ Protect resource                          ‣ Find organization
                                                                                                                            ‣       Authentication                       ‣   Query attribute                        ‣   Multiple IdPs
                                                                                                                            ‣       Release attribute                    ‣   Control access                         ‣   SAML feature

                        How to solve?                                                                                       Identity Provider                             Service Provider                         Discovery Service



4. Extension
Authorization exchange                                                                                                              Anonymous user
•       Rewrite attribute                       Why?                  •   Reduce operations                                         •   Decrease traceability
                                                                                                                                                                                                                  Unidentify

        •    Between SP and web system                                    •    Rule maintenance                                         •   For questionnaire                                                                           System A
                                                                                                                                                                                                            Different identities
•       System architecture                                                    •   SP side < IdP side                               •   One time account                         Image

        •    Mapping server                                               •    Authentication processing                                •   Each identity                                                   Access restriction
                                                                                                                                                                                                                                        System B
        •    Library called by web system                             •   User normalization                                            •   Activity restriction                                                  Prototype


    ‣   Pattern matching                                                                                                                                                                                      1

                                                                                                                                        DS                 Request/Response                                                          Process
        ‣    Regular expression                                                                                                                                                                        AuthnRequest
                                                                                                        2                                                                                                                            Abbrev
        ‣    String                                                                                                                                                   Redirect                                3
                                         System                                            5                            3
                                                                                                                                4
    ‣   XML base                                                                                                                                                      Internal
                                                                                                                                                                                                         Assertion
                                            4   Attribute’                                                                                                                                              UUID or NO
                                                                                                            1
                                                                                                    6                                   AuthnRequest                                       SP
        Mapped result        3                                                SP side                                                                             IdP side                        ‣   UUID is user identifier
                                                                                                                                                                                          side
                                                 Library
                             2                                                Web server                                                                          Attribute
                                                                                                                                                                                                  ‣   Lock inactivates account
                                                                                            Session                                             10       SSO
                         Attribute                                                          Initiator                                                             Authority
                                            1    Attribute                                                                      8

                                                                                                             11
                                                                                                                                                                  9
                                                                                                                                                                                              4
                                                                                                                                                                                                        Web                    2

                                                                                            Asserion
                                                                                                                                            7         Authn                                Lock       Interface            UUID
                                                                                           Consumer                                 Credential       Handler
                                                                                                            Assertion
                                                                                            Service         Attribute                                    Tomcat                                           Account                   Anonymous
            Mapping server           Service Provider
                                                                                                                                                                                                          Manager                      IdP




5. Future work
Formulation                                                    Development                                                           Practical use                                        ‣   New federation in Japan
•   Federation policy                                         •   Anonymous user                                                    •   ek4 federation                                        ‣   8 universities
•   Extensionʼs specification                                      •   Reference implementation                                      •   Share educational materials                       ‣   e-Learning, HRD, etc...

Contenu connexe

En vedette

Dive into Fluentd plugin v0.12
Dive into Fluentd plugin v0.12Dive into Fluentd plugin v0.12
Dive into Fluentd plugin v0.12N Masahiro
 
Fluentd v0.14 Overview
Fluentd v0.14 OverviewFluentd v0.14 Overview
Fluentd v0.14 OverviewN Masahiro
 
Technologies for Data Analytics Platform
Technologies for Data Analytics PlatformTechnologies for Data Analytics Platform
Technologies for Data Analytics PlatformN Masahiro
 
Presto changes
Presto changesPresto changes
Presto changesN Masahiro
 
Fluentd and Kafka
Fluentd and KafkaFluentd and Kafka
Fluentd and KafkaN Masahiro
 
Docker and Fluentd
Docker and FluentdDocker and Fluentd
Docker and FluentdN Masahiro
 

En vedette (7)

Dive into Fluentd plugin v0.12
Dive into Fluentd plugin v0.12Dive into Fluentd plugin v0.12
Dive into Fluentd plugin v0.12
 
Fluentd v0.14 Overview
Fluentd v0.14 OverviewFluentd v0.14 Overview
Fluentd v0.14 Overview
 
Technologies for Data Analytics Platform
Technologies for Data Analytics PlatformTechnologies for Data Analytics Platform
Technologies for Data Analytics Platform
 
The basics of fluentd
The basics of fluentdThe basics of fluentd
The basics of fluentd
 
Presto changes
Presto changesPresto changes
Presto changes
 
Fluentd and Kafka
Fluentd and KafkaFluentd and Kafka
Fluentd and Kafka
 
Docker and Fluentd
Docker and FluentdDocker and Fluentd
Docker and Fluentd
 

Similaire à ICCE2009 Poster

Socializing Your Brand in the B2B Marketplace - Tim Husband - Cisco Canada
Socializing Your Brand in the B2B Marketplace - Tim Husband - Cisco CanadaSocializing Your Brand in the B2B Marketplace - Tim Husband - Cisco Canada
Socializing Your Brand in the B2B Marketplace - Tim Husband - Cisco CanadaTim Husband
 
Test Centre case studies - Brendan Kearns (Eircom)
Test Centre case studies - Brendan Kearns (Eircom)Test Centre case studies - Brendan Kearns (Eircom)
Test Centre case studies - Brendan Kearns (Eircom)NGN Test Centre
 
Socializing Your Brand in the B2B Marketplace
Socializing Your Brand in the B2B MarketplaceSocializing Your Brand in the B2B Marketplace
Socializing Your Brand in the B2B MarketplaceCisco Canada
 
An Overview of Dow Jones' Use of Semantic Technologies
An Overview of Dow Jones' Use of Semantic TechnologiesAn Overview of Dow Jones' Use of Semantic Technologies
An Overview of Dow Jones' Use of Semantic TechnologiesChristine Connors
 
BDI 9/16/09 B2B Social Communications Case Studies Conference - Deloitte
BDI 9/16/09 B2B Social Communications Case Studies Conference - DeloitteBDI 9/16/09 B2B Social Communications Case Studies Conference - Deloitte
BDI 9/16/09 B2B Social Communications Case Studies Conference - DeloitteBusiness Development Institute
 
Ea Landscape Capabilities Summary Slides 2009 Share
Ea Landscape Capabilities Summary Slides 2009 ShareEa Landscape Capabilities Summary Slides 2009 Share
Ea Landscape Capabilities Summary Slides 2009 Shareskipboe910
 
Stakeholder Engagement & Co-Creation: Reducing Project Risk
Stakeholder Engagement & Co-Creation: Reducing Project RiskStakeholder Engagement & Co-Creation: Reducing Project Risk
Stakeholder Engagement & Co-Creation: Reducing Project RiskJenny Ambrozek
 
493144 infosys slides_v5
493144 infosys slides_v5493144 infosys slides_v5
493144 infosys slides_v5Accenture
 
CIO Leadership on Web 2.0 and Social Media
CIO Leadership on Web 2.0 and Social MediaCIO Leadership on Web 2.0 and Social Media
CIO Leadership on Web 2.0 and Social MediaAnne Pauker Kreitzberg
 

Similaire à ICCE2009 Poster (11)

Socializing Your Brand in the B2B Marketplace - Tim Husband - Cisco Canada
Socializing Your Brand in the B2B Marketplace - Tim Husband - Cisco CanadaSocializing Your Brand in the B2B Marketplace - Tim Husband - Cisco Canada
Socializing Your Brand in the B2B Marketplace - Tim Husband - Cisco Canada
 
Test Centre case studies - Brendan Kearns (Eircom)
Test Centre case studies - Brendan Kearns (Eircom)Test Centre case studies - Brendan Kearns (Eircom)
Test Centre case studies - Brendan Kearns (Eircom)
 
Socializing Your Brand in the B2B Marketplace
Socializing Your Brand in the B2B MarketplaceSocializing Your Brand in the B2B Marketplace
Socializing Your Brand in the B2B Marketplace
 
An Overview of Dow Jones' Use of Semantic Technologies
An Overview of Dow Jones' Use of Semantic TechnologiesAn Overview of Dow Jones' Use of Semantic Technologies
An Overview of Dow Jones' Use of Semantic Technologies
 
N2Y4 Cisco Keynote
N2Y4 Cisco KeynoteN2Y4 Cisco Keynote
N2Y4 Cisco Keynote
 
BDI 9/16/09 B2B Social Communications Case Studies Conference - Deloitte
BDI 9/16/09 B2B Social Communications Case Studies Conference - DeloitteBDI 9/16/09 B2B Social Communications Case Studies Conference - Deloitte
BDI 9/16/09 B2B Social Communications Case Studies Conference - Deloitte
 
Coveo
CoveoCoveo
Coveo
 
Ea Landscape Capabilities Summary Slides 2009 Share
Ea Landscape Capabilities Summary Slides 2009 ShareEa Landscape Capabilities Summary Slides 2009 Share
Ea Landscape Capabilities Summary Slides 2009 Share
 
Stakeholder Engagement & Co-Creation: Reducing Project Risk
Stakeholder Engagement & Co-Creation: Reducing Project RiskStakeholder Engagement & Co-Creation: Reducing Project Risk
Stakeholder Engagement & Co-Creation: Reducing Project Risk
 
493144 infosys slides_v5
493144 infosys slides_v5493144 infosys slides_v5
493144 infosys slides_v5
 
CIO Leadership on Web 2.0 and Social Media
CIO Leadership on Web 2.0 and Social MediaCIO Leadership on Web 2.0 and Social Media
CIO Leadership on Web 2.0 and Social Media
 

Plus de N Masahiro

Fluentd Project Intro at Kubecon 2019 EU
Fluentd Project Intro at Kubecon 2019 EUFluentd Project Intro at Kubecon 2019 EU
Fluentd Project Intro at Kubecon 2019 EUN Masahiro
 
Fluentd v1 and future at techtalk
Fluentd v1 and future at techtalkFluentd v1 and future at techtalk
Fluentd v1 and future at techtalkN Masahiro
 
Fluentd and Distributed Logging at Kubecon
Fluentd and Distributed Logging at KubeconFluentd and Distributed Logging at Kubecon
Fluentd and Distributed Logging at KubeconN Masahiro
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellN Masahiro
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellN Masahiro
 
Fluentd v0.12 master guide
Fluentd v0.12 master guideFluentd v0.12 master guide
Fluentd v0.12 master guideN Masahiro
 
Fluentd and Embulk Game Server 4
Fluentd and Embulk Game Server 4Fluentd and Embulk Game Server 4
Fluentd and Embulk Game Server 4N Masahiro
 
Treasure Data and AWS - Developers.io 2015
Treasure Data and AWS - Developers.io 2015Treasure Data and AWS - Developers.io 2015
Treasure Data and AWS - Developers.io 2015N Masahiro
 
Fluentd Unified Logging Layer At Fossasia
Fluentd Unified Logging Layer At FossasiaFluentd Unified Logging Layer At Fossasia
Fluentd Unified Logging Layer At FossasiaN Masahiro
 
Treasure Data and OSS
Treasure Data and OSSTreasure Data and OSS
Treasure Data and OSSN Masahiro
 
Fluentd - RubyKansai 65
Fluentd - RubyKansai 65Fluentd - RubyKansai 65
Fluentd - RubyKansai 65N Masahiro
 
Fluentd - road to v1 -
Fluentd - road to v1 -Fluentd - road to v1 -
Fluentd - road to v1 -N Masahiro
 
Fluentd: Unified Logging Layer at CWT2014
Fluentd: Unified Logging Layer at CWT2014Fluentd: Unified Logging Layer at CWT2014
Fluentd: Unified Logging Layer at CWT2014N Masahiro
 
SQL for Everything at CWT2014
SQL for Everything at CWT2014SQL for Everything at CWT2014
SQL for Everything at CWT2014N Masahiro
 
Can you say the same words even in oss
Can you say the same words even in ossCan you say the same words even in oss
Can you say the same words even in ossN Masahiro
 
I am learing the programming
I am learing the programmingI am learing the programming
I am learing the programmingN Masahiro
 
Fluentd meetup dive into fluent plugin (outdated)
Fluentd meetup dive into fluent plugin (outdated)Fluentd meetup dive into fluent plugin (outdated)
Fluentd meetup dive into fluent plugin (outdated)N Masahiro
 
D vs OWKN Language at LLnagoya
D vs OWKN Language at LLnagoyaD vs OWKN Language at LLnagoya
D vs OWKN Language at LLnagoyaN Masahiro
 
Final presentation at pfintern
Final presentation at pfinternFinal presentation at pfintern
Final presentation at pfinternN Masahiro
 

Plus de N Masahiro (20)

Fluentd Project Intro at Kubecon 2019 EU
Fluentd Project Intro at Kubecon 2019 EUFluentd Project Intro at Kubecon 2019 EU
Fluentd Project Intro at Kubecon 2019 EU
 
Fluentd v1 and future at techtalk
Fluentd v1 and future at techtalkFluentd v1 and future at techtalk
Fluentd v1 and future at techtalk
 
Fluentd and Distributed Logging at Kubecon
Fluentd and Distributed Logging at KubeconFluentd and Distributed Logging at Kubecon
Fluentd and Distributed Logging at Kubecon
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshell
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshell
 
Fluentd v0.12 master guide
Fluentd v0.12 master guideFluentd v0.12 master guide
Fluentd v0.12 master guide
 
Fluentd and Embulk Game Server 4
Fluentd and Embulk Game Server 4Fluentd and Embulk Game Server 4
Fluentd and Embulk Game Server 4
 
Treasure Data and AWS - Developers.io 2015
Treasure Data and AWS - Developers.io 2015Treasure Data and AWS - Developers.io 2015
Treasure Data and AWS - Developers.io 2015
 
Fluentd Unified Logging Layer At Fossasia
Fluentd Unified Logging Layer At FossasiaFluentd Unified Logging Layer At Fossasia
Fluentd Unified Logging Layer At Fossasia
 
Treasure Data and OSS
Treasure Data and OSSTreasure Data and OSS
Treasure Data and OSS
 
Fluentd - RubyKansai 65
Fluentd - RubyKansai 65Fluentd - RubyKansai 65
Fluentd - RubyKansai 65
 
Fluentd - road to v1 -
Fluentd - road to v1 -Fluentd - road to v1 -
Fluentd - road to v1 -
 
Fluentd: Unified Logging Layer at CWT2014
Fluentd: Unified Logging Layer at CWT2014Fluentd: Unified Logging Layer at CWT2014
Fluentd: Unified Logging Layer at CWT2014
 
SQL for Everything at CWT2014
SQL for Everything at CWT2014SQL for Everything at CWT2014
SQL for Everything at CWT2014
 
Can you say the same words even in oss
Can you say the same words even in ossCan you say the same words even in oss
Can you say the same words even in oss
 
I am learing the programming
I am learing the programmingI am learing the programming
I am learing the programming
 
Fluentd meetup dive into fluent plugin (outdated)
Fluentd meetup dive into fluent plugin (outdated)Fluentd meetup dive into fluent plugin (outdated)
Fluentd meetup dive into fluent plugin (outdated)
 
D vs OWKN Language at LLnagoya
D vs OWKN Language at LLnagoyaD vs OWKN Language at LLnagoya
D vs OWKN Language at LLnagoya
 
Goodbye Doost
Goodbye DoostGoodbye Doost
Goodbye Doost
 
Final presentation at pfintern
Final presentation at pfinternFinal presentation at pfintern
Final presentation at pfintern
 

Dernier

Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...panagenda
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024Stephen Perrenod
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyUXDXConf
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?Mark Billinghurst
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 

Dernier (20)

Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 

ICCE2009 Poster

  • 1. Authentication and Authorization exchange for University Federation † M Nakagawa † † †† † † K Kanenishi K Matsuura Y Miyoshi H Mitsuhara Y Yano † †† The University of Tokushima Kochi University 1. Background 3. Shibboleth Informatization of higher education Features Federations • Open source Name Country Introduction of many web systems • Developed by Internet2 InCommon United States • MACE Project SWITCHaai Switzerland e-Learning utilization System cooperation • SAML implementation DFN-AAI Germany • Distributed infrastructure UK Federation United Kingdom Increase convenience Complex management Other federations... • Building federation Merit Demerit Components 2. Problem User Organization • Many passwords • Scattered identity • Each authentication • Synchronization ‣ Manage identity ‣ Protect resource ‣ Find organization ‣ Authentication ‣ Query attribute ‣ Multiple IdPs ‣ Release attribute ‣ Control access ‣ SAML feature How to solve? Identity Provider Service Provider Discovery Service 4. Extension Authorization exchange Anonymous user • Rewrite attribute Why? • Reduce operations • Decrease traceability Unidentify • Between SP and web system • Rule maintenance • For questionnaire System A Different identities • System architecture • SP side < IdP side • One time account Image • Mapping server • Authentication processing • Each identity Access restriction System B • Library called by web system • User normalization • Activity restriction Prototype ‣ Pattern matching 1 DS Request/Response Process ‣ Regular expression AuthnRequest 2 Abbrev ‣ String Redirect 3 System 5 3 4 ‣ XML base Internal Assertion 4 Attribute’ UUID or NO 1 6 AuthnRequest SP Mapped result 3 SP side IdP side ‣ UUID is user identifier side Library 2 Web server Attribute ‣ Lock inactivates account Session 10 SSO Attribute Initiator Authority 1 Attribute 8 11 9 4 Web 2 Asserion 7 Authn Lock Interface UUID Consumer Credential Handler Assertion Service Attribute Tomcat Account Anonymous Mapping server Service Provider Manager IdP 5. Future work Formulation Development Practical use ‣ New federation in Japan • Federation policy • Anonymous user • ek4 federation ‣ 8 universities • Extensionʼs specification • Reference implementation • Share educational materials ‣ e-Learning, HRD, etc...