Inter-federating SURFfederatie - Joost van Dijk
•
1 like•714 views
The document summarizes the Dutch Identity Federation for Higher Education called SURFfederatie. It discusses how SURFfederatie uses a central gateway protocol to interconnect multiple identity providers and service providers. It also describes SURFfederatie's integration with eduGAIN to enable single sign-on across international federations and its plans to further support new technical standards, consent models, and applications beyond web single sign-on.
![Inter-federating SURFfederatie ,[object Object],FAM11 – Federated Access Management Conference 9 November 2011](https://image.slidesharecdn.com/surffederatie-fam11-joostvandijk-final-111110085338-phpapp02/85/Inter-federating-SURFfederatie-Joost-van-Dijk-1-320.jpg)
![Content ,[object Object],[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
Recommended
More Related Content
Similar to Inter-federating SURFfederatie - Joost van Dijk
Similar to Inter-federating SURFfederatie - Joost van Dijk (20)
More from Eduserv
More from Eduserv (20)
Recently uploaded
Recently uploaded (20)
Inter-federating SURFfederatie - Joost van Dijk
- 5. Functional view (Since August 2008) Identity Providers Service Providers SURFfederatie CFC Applications Credentials Central Federation Components A-Select Cross A-Select Cross Shibboleth SAML 2.0 WS-Fed / ADFS SAML 2.0 WS-Fed / ADFS
- 7. IDP Products
- 9. Metadata & proxying IDP 1 IDP 2 IDP 3 SP 1 SP 2 SP 3 WAYF WAYF A-1 A-2 A-3 B-1 B-2 B-3 IDP1=B-1 IDP2=B-2 IDP3=B-3 SP1=A-1 {IDP1, IDP2} SP2=A-2 {IDP2, IDP3} SP3=A-3 {all}
- 10. WAYF/WAYF-less operation IDP 1 IDP 2 IDP 3 SP 1 SP 2 SP 3 WAYF WAYF
- 16. SURFfederatie vs SURFconext SURFfederatie SURFconext federation x federation y IDP 1 IDP 2 IDP 3 SP 4 SP 5 SP 1 SP 2 SP 3 proxy
- 22. Importing eduGAIN SPs IDP 1 IDP 2 IDP 3 SP 1 SP 2 SP 3 WAYF WAYF IDP1=B-1 IDP2=B-2 IDP3=B-3 SP1=A-1 {IDP1, IDP2} SP2=A-2 {IDP2, IDP3} SP3=A-3 {all} SPz=A-z {IDP2, IDP3} SPx=ddd SPy=eee SPz=fff eduGAIN SP z A-1 A-2 A-3 A-z B-1 B-2 B-3
- 23. Exporting IDPs IDP 1 IDP 2 IDP 3 SP 1 SP 2 SP 3 WAYF WAYF IDP1=B-1 IDP2=B-2 IDP3=B-3 SP1=A-1 {IDP1, IDP2} SP2=A-2 {IDP2, IDP3} SP3=A-3 {all} SPz=A-z {IDP2, IDP3} SPx=ddd SPy=eee SPz=fff IDP3=B-3 eduGAIN A-1 A-2 A-3 A-z B-1 B-2 B-3
- 24. Exporting SPs to eduGAIN IDP 1 IDP 2 IDP 3 SP 1 SP 2 SP 3 WAYF WAYF IDP1=B-1 IDP2=B-2 IDP3=B-3 SP1=A-1 {IDP1, IDP2} SP2=A-2 {IDP2, IDP3} SP3=A-3 {all} SPz=A-z {IDP2, IDP3} SPx=ddd SPy=eee SPz=fff SP3=SP3 eduGAIN A-1 A-2 A-3 A-z B-1 B-2 B-3 IDP z
- 25. SP auth list (optional) IDP 1 IDP 2 IDP 3 SP 1 SP 2 SP 3 WAYF WAYF IDP1=B-1 IDP2=B-2 IDP3=B-3 SP1=A-1 {IDP1, IDP2} SP2=A-2 {IDP2, IDP3} SP3=A-3 {all} SPz=A-z {IDP2, IDP3} SPx=ddd SPy=eee SPz=fff SP3=SP3 IDPx IDPy IDPz eduGAIN A-1 A-2 A-3 A-z B-1 B-2 B-3 IDP z Per SP auth list SP3: - IDP1 - IDP2 - IDPz
- 27. How does it work? SURFnet. We make innovation work
Editor's Notes
- Proxy nodig om protocol vertaling te kunnen doen, voordeel: maar 1 koppeling te leggen. Betekent wel dat IDP maar 1 ‘SP’ ziet en niet per SP koppeling legt/enabled. Dat zullen wij dus voor ze moeten doen.
- Paul van Dijk Product Manager SURFnet
- example Case for eduGAIN: Apple won’t subscribe to all feds in europe individually