Download JRA1.4 AAs in eduGAIN

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
Document related concepts

Computer security wikipedia , lookup

Information privacy law wikipedia , lookup

Security-focused operating system wikipedia , lookup

Deep packet inspection wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Trusted Computing wikipedia , lookup

SAML 2.0 wikipedia , lookup

Information security wikipedia , lookup

Medical privacy wikipedia , lookup

Unix security wikipedia , lookup

Secure multi-party computation wikipedia , lookup

Security and safety features new to Windows Vista wikipedia , lookup

Mobile security wikipedia , lookup

Social engineering (security) wikipedia , lookup

Authentication wikipedia , lookup

3-D Secure wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Example Use Case for Attribute Authorities and
Token Translation Services
- the case for eduGAIN
Andrea Biancini
The architecture
● eduGAIN is a SAML based identity federation, in this scenario Attribute
Providers has been implemented leveraging two main protocols:
○
the Attribute Authority role for a SAML federation entity, for orline information flows to be
retrieved during user login;
○
the VOOT protocol (based on SCHIM) to describe groups and memberships offline from
user authentication.
Interactions - AA
Interactions - VOOT
VOOT is a protocol for exchanging group information externally to applications.
Very simple API:
Benefits and issues
● The architecture shown permitted to:
1.
Distribute the responsibility to provide information about known
users to different subjects within the federation.
2.
Decouple authentication and authorization processes.
● AAs in eduGAIN still have some significant limitation:
1.
AAs still have some issue regarding privacy and security.
2.
User enrolment must be supported to reduce effort.
Conclusions, challenges addressed
● Permit delegation of the management of user information in a clear and
secure way.
● Provide new architectural elements that could seamlessly integrate
with existing architectures (to simplify technical adoption of such a
solution by all the participants to the federation).
● Leverage the existing federations in building the reciprocal trust,
needed to guarantee security.
Related documents
govPP - weidertworldstudies
govPP - weidertworldstudies
Grade 9 Polynomials
Grade 9 Polynomials
Assignment 1 - Al Akhawayn University
Assignment 1 - Al Akhawayn University
Self – serving bias
Self – serving bias
e-Grad School (Australia)
e-Grad School (Australia)
Platform for Big Data, NoSQL and Relational Data. What
Platform for Big Data, NoSQL and Relational Data. What
Russian Federation
Russian Federation
Marketing Management
Marketing Management
Grade 9 Linear Equations in Two Variables
Grade 9 Linear Equations in Two Variables
International Federation of Communication Association
International Federation of Communication Association
Primary Care Cancer Checklist
Primary Care Cancer Checklist
The Gaian Database: a Dynamic Distributed Federated Database
The Gaian Database: a Dynamic Distributed Federated Database
Grade 6 Natural and Whole Numbers
Grade 6 Natural and Whole Numbers
Class 6 Decimals
Class 6 Decimals
Grade 6 Algebra
Grade 6 Algebra
Quinteros-DI4R
Quinteros-DI4R
Grade 7 Data Handling - Probability, Statistics
Grade 7 Data Handling - Probability, Statistics
Grade 5 Decimal Numbers
Grade 5 Decimal Numbers
Grade 7 Exponents and Powers
Grade 7 Exponents and Powers
Grade 10 Probability
Grade 10 Probability
Decimal Numbers Grade 5
Decimal Numbers Grade 5
Class 6 Integers
Class 6 Integers