SlideShare uma empresa Scribd logo
1 de 29
Baixar para ler offline
«Feide Connect»
Next generation service platform for advanced services
and collaboration services for higher education.

Andreas Åkre Solberg
andreas.solberg@uninett.no
Once upon a time
Web Single Sign-On with Feide was sufficient to provide
a seamless user experience across services.

!2
Collaboration on Internet
✤

A dynamic working groups spanning multiple organizations, work
together using digital collaboration tools:
✤

A wiki

✤

Document sharing tool

✤

Meeting planner and calendar

✤

A Web meeting tool

✤

A web forum or mailinglist
!3
Feide Connect
Feide Connect
Authenti
cation
Self
Service

Groups
and
Roles

Activity People
streams search

API
Authz
Mngmnt

OAuth
Authorization Engine
HTTP API

5
Feide Connect
New architecture

Feide
tjeneste

Mobil app

Web app

Tredjepartsklient /
integrasjon

API-based instead of SSO-flow
OAuth + authentication
Makes use of Feide (without changes)

Feide

Feide Connect
grupper

personsøk

lagring

aktivitetstr

API authz

Offers additional services
Better support for mobile, desktop etc.
API Authorization Management

Tjeneste
backend
API

Extremely simple integration for Service
Providers
Low-bar of entry 

(for students, non-commercial, etc)

oktober 23, 2013

!6
Authentication
Feide based upon SAML 2.0
Rather complex results in relatively high integration cost for Service Providers.
Limited opportunities to the «login request -> response»-flow.

!
Trends in consumer markets (Facebook, Google, Twitter, Linkedin, Salesforce)
From enterprise protocols towards APIs / REST and OAuth
Providers needs to offer APIs and third party integration anyway; OAuth
Easy to establish a simple authentication protocol (userinfo) on top of that
OpenID Connect
Built-in support for cross-federation (eduGAIN, Kalmar) and guest users.

oktober 23, 2013

7
Groups and roles

!8
Groups and roles
API Service
Base layer: builds groups 

from Feide attributes

Feide
tjeneste

Mobil app

Web app

Tredjepartsklient /
integrasjon

Connector to FS:

emner, studieretning med mer.

Feide Connect

Support for Ad-Hoc groups

Feide
Anyone can create groups for their
collaboration needs. Cross-organizational
groups.
Support for custom external connectors
to an institutions authoritative source of
group data.

Groups

FS

personsøk

lagring

aktivitetstr

API authz

Ext Connectors
AdHoc

!9
Ad-hoc group management front-end

!10
People Search
Separate People Search API
Authenticated API
Also available as a JS library
And as a Federated Widget
Relies on already public information
Better user experience to search for real
user names, than to add userids.

!11
Modell for grupper
Superenkel, men utvidbar, informasjonsmodell

!
!
!
!
!
Protokoll for:
hente ut liste over grupper for gjeldende bruker (fra FeideID)
hente ut liste over medlemmer for en gitt gruppe (fra gruppeID)

!12
Utvidet modell
Standardisering per gruppe-type for utvidede egenskaper.

!13
Subscriptions
Content associated with public
groups. Users may subscribe.

!14
Activity Streams

!15
ma

Ar
ha

zs

WebApp frontend

Widgets

dr
wi eas
l l a co
tte nfi
nd rm
me ed
eti an
ng d

df»

!
sc
he

du

led

an

ew

me

eti

ng

Generic information model

A
n
ad ew u
de se
dt rT
o t ho
he rle
gr if i
ou s
p

Si
mo
n

re
«w as c
elc rea
om ted
e!» a
at wiki
Ag pa
or ge
a

User interfaces
An
d

Acitivites posted to one or more groups

An

re
.p

Mobile app frontend

da
at file
Cl «a
o u rc
ds hi
tor tec
tu

API
re

Activity Streams
One activity stream per group.

!16
!17
Notifications
The most important activity updates
Email and mobile push notifications
Personal preferences

!18
Open Data

!19
Open Data
Universities increasing interest to share their data using APIs.
Motivates growth of new innovative, and better services for the employees and
students.

!
Privacy very important!
Complex to provide authentication model for delegated access to personal data.

!20
Self-service

!21
Registration of new clients
!

Third parties register new
clients, and requests access
to API scopes.

!22
Managing clients
!

› Trust
› Scope management
› Statistics
!

› Authorization workflow

!23
API Authorization workflow
!

API owner grants access to new clients.
› Clients bounded to authenticated users / organizations

!24
Users accessing clients, is handled through Feide login

The platform will make sure end users accessing the
clients are authenticated (using Feide).

!25
API Authorization Dialog

!26
Client has obtained a token, and can access
«Feide Connect» services, such as:
!

> user info,
> groups,
> activity streams

!27
International Collaboration
Any student or employee in Europe should be able to login with their local credentials on the
through the platform.
Established cross-federation connections through eduGAIN and Kalmar.

!
Collaboration on harmonizing group definitions and exchange protocols with other countries.

Collaboration through GÉANT, Terena.
Nordic collaboration through NordForum?
Standardization

OAuth, OpenID Connect, SCIM, OpenSocial, ActivityStreams, Misc W3C

!28
Til diskusjon
Identifikator for mapping av bruker, brukerID, FeideID, studentID, personnummer, etc.
Hvilke type grupper, og evnt roller
Avtaleverk, og tilgang i utviklingsfasen
Kilde for dataene, WS vs database
Hastighet på oppslag
Samarbeid, UNINETT <-> FS

!29

Mais conteúdo relacionado

Mais procurados

Wsdl Bahankuliah
Wsdl BahankuliahWsdl Bahankuliah
Wsdl BahankuliahEri Alam
 
70 346 Managing office 365 identities
70 346 Managing office 365 identities70 346 Managing office 365 identities
70 346 Managing office 365 identitiesclounoud
 
Authentication Using Twitter, Google, Facebook, And More
Authentication Using Twitter, Google, Facebook, And MoreAuthentication Using Twitter, Google, Facebook, And More
Authentication Using Twitter, Google, Facebook, And MoreBilly Cravens
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
MicroSoft Sharepoint Online Training in Canada
MicroSoft Sharepoint Online Training in Canada MicroSoft Sharepoint Online Training in Canada
MicroSoft Sharepoint Online Training in Canada BoundTechS
 
Getting Started with Microsoft Bot Framework
Getting Started with Microsoft Bot FrameworkGetting Started with Microsoft Bot Framework
Getting Started with Microsoft Bot FrameworkAkshay Deshmukh
 
OWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptOWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptwebhostingguy
 
Topic5 Web Services
Topic5 Web ServicesTopic5 Web Services
Topic5 Web Servicessanjoysanyal
 
Cics Web 2.0 With Atom Feeds And Php
Cics Web 2.0 With Atom Feeds And PhpCics Web 2.0 With Atom Feeds And Php
Cics Web 2.0 With Atom Feeds And PhpCICS ROADSHOW
 
Windows Server 2008 Active Directory ADFS Claims-base Idm for Windows Part 2
Windows Server 2008 Active Directory ADFS Claims-base Idm for Windows Part 2Windows Server 2008 Active Directory ADFS Claims-base Idm for Windows Part 2
Windows Server 2008 Active Directory ADFS Claims-base Idm for Windows Part 2Tũi Wichets
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedIsmaeel Enjreny
 
Xamarin Dev Days - Connected & Disconnected Apps with Azure Mobile Apps
Xamarin Dev Days - Connected & Disconnected Apps with Azure Mobile AppsXamarin Dev Days - Connected & Disconnected Apps with Azure Mobile Apps
Xamarin Dev Days - Connected & Disconnected Apps with Azure Mobile AppsGuy Barrette
 
Microsoft bot framework in azure
Microsoft bot framework in azureMicrosoft bot framework in azure
Microsoft bot framework in azureShahriar Hossain
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
 
Wso2 is integration with .net core
Wso2 is   integration with .net coreWso2 is   integration with .net core
Wso2 is integration with .net coreIsmaeel Enjreny
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 

Mais procurados (20)

Wsdl Bahankuliah
Wsdl BahankuliahWsdl Bahankuliah
Wsdl Bahankuliah
 
70 346 Managing office 365 identities
70 346 Managing office 365 identities70 346 Managing office 365 identities
70 346 Managing office 365 identities
 
Authentication Using Twitter, Google, Facebook, And More
Authentication Using Twitter, Google, Facebook, And MoreAuthentication Using Twitter, Google, Facebook, And More
Authentication Using Twitter, Google, Facebook, And More
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
MicroSoft Sharepoint Online Training in Canada
MicroSoft Sharepoint Online Training in Canada MicroSoft Sharepoint Online Training in Canada
MicroSoft Sharepoint Online Training in Canada
 
Getting Started with Microsoft Bot Framework
Getting Started with Microsoft Bot FrameworkGetting Started with Microsoft Bot Framework
Getting Started with Microsoft Bot Framework
 
OWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptOWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.ppt
 
Topic5 Web Services
Topic5 Web ServicesTopic5 Web Services
Topic5 Web Services
 
Cics Web 2.0 With Atom Feeds And Php
Cics Web 2.0 With Atom Feeds And PhpCics Web 2.0 With Atom Feeds And Php
Cics Web 2.0 With Atom Feeds And Php
 
Windows Server 2008 Active Directory ADFS Claims-base Idm for Windows Part 2
Windows Server 2008 Active Directory ADFS Claims-base Idm for Windows Part 2Windows Server 2008 Active Directory ADFS Claims-base Idm for Windows Part 2
Windows Server 2008 Active Directory ADFS Claims-base Idm for Windows Part 2
 
Blue Button 2.0
Blue Button 2.0Blue Button 2.0
Blue Button 2.0
 
Web Services ppt
Web Services pptWeb Services ppt
Web Services ppt
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting Started
 
Xamarin Dev Days - Connected & Disconnected Apps with Azure Mobile Apps
Xamarin Dev Days - Connected & Disconnected Apps with Azure Mobile AppsXamarin Dev Days - Connected & Disconnected Apps with Azure Mobile Apps
Xamarin Dev Days - Connected & Disconnected Apps with Azure Mobile Apps
 
Microsoft bot framework in azure
Microsoft bot framework in azureMicrosoft bot framework in azure
Microsoft bot framework in azure
 
Web 2 0 Technologies
Web 2 0 TechnologiesWeb 2 0 Technologies
Web 2 0 Technologies
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
 
Wso2 is integration with .net core
Wso2 is   integration with .net coreWso2 is   integration with .net core
Wso2 is integration with .net core
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based Authentication
 

Semelhante a Feide Connect

Web 2.0 Tech Talk
Web 2.0 Tech TalkWeb 2.0 Tech Talk
Web 2.0 Tech Talkpooyad
 
Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015Andreas Åkre Solberg
 
Developing, Distributing, And Monetizing Web Applications With Web Ex Connect...
Developing, Distributing, And Monetizing Web Applications With Web Ex Connect...Developing, Distributing, And Monetizing Web Applications With Web Ex Connect...
Developing, Distributing, And Monetizing Web Applications With Web Ex Connect...jward5519
 
Introduction to the Microsoft identity platform for developers
Introduction to the Microsoft identity platform for developersIntroduction to the Microsoft identity platform for developers
Introduction to the Microsoft identity platform for developersChristos Matskas
 
#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...
#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...
#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...Vincent Biret
 
#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...
#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...
#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...Vincent Biret
 
SPSMad2016 Rubén Toribio - Template
SPSMad2016 Rubén Toribio - TemplateSPSMad2016 Rubén Toribio - Template
SPSMad2016 Rubén Toribio - TemplateRub Toribio Gallardo
 
JoTechies - Cloud identity
JoTechies - Cloud identityJoTechies - Cloud identity
JoTechies - Cloud identityJoTechies
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in PracticeForgeRock
 
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...Vincent Biret
 
PowerApps, the Developer Story: Build an API to Integrate Corporate Data
PowerApps, the Developer Story: Build an API to Integrate Corporate DataPowerApps, the Developer Story: Build an API to Integrate Corporate Data
PowerApps, the Developer Story: Build an API to Integrate Corporate DataBram de Jager
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Kris Wagner
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityMark Diodati
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?Vignesh Ganesan I Microsoft MVP
 
Securely expose protected resources as ap is with app42 api gateway
Securely expose protected resources as ap is with app42 api gatewaySecurely expose protected resources as ap is with app42 api gateway
Securely expose protected resources as ap is with app42 api gatewayZuaib
 
RSA Europe: Future of Cloud Identity
RSA Europe: Future of Cloud IdentityRSA Europe: Future of Cloud Identity
RSA Europe: Future of Cloud IdentityMike Schwartz
 

Semelhante a Feide Connect (20)

Feide Connect (IoU Fagdag)
Feide Connect (IoU Fagdag)Feide Connect (IoU Fagdag)
Feide Connect (IoU Fagdag)
 
Web 2.0 Tech Talk
Web 2.0 Tech TalkWeb 2.0 Tech Talk
Web 2.0 Tech Talk
 
Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015
 
Feide Connect TNC2014
Feide Connect TNC2014Feide Connect TNC2014
Feide Connect TNC2014
 
Developing, Distributing, And Monetizing Web Applications With Web Ex Connect...
Developing, Distributing, And Monetizing Web Applications With Web Ex Connect...Developing, Distributing, And Monetizing Web Applications With Web Ex Connect...
Developing, Distributing, And Monetizing Web Applications With Web Ex Connect...
 
Introduction to the Microsoft identity platform for developers
Introduction to the Microsoft identity platform for developersIntroduction to the Microsoft identity platform for developers
Introduction to the Microsoft identity platform for developers
 
#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...
#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...
#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...
 
#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...
#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...
#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...
 
SPSMad2016 Rubén Toribio - Template
SPSMad2016 Rubén Toribio - TemplateSPSMad2016 Rubén Toribio - Template
SPSMad2016 Rubén Toribio - Template
 
JoTechies - Cloud identity
JoTechies - Cloud identityJoTechies - Cloud identity
JoTechies - Cloud identity
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in Practice
 
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...
 
PowerApps, the Developer Story: Build an API to Integrate Corporate Data
PowerApps, the Developer Story: Build an API to Integrate Corporate DataPowerApps, the Developer Story: Build an API to Integrate Corporate Data
PowerApps, the Developer Story: Build an API to Integrate Corporate Data
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern Identity
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
Third party api integration
Third party api integrationThird party api integration
Third party api integration
 
What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?
 
Securely expose protected resources as ap is with app42 api gateway
Securely expose protected resources as ap is with app42 api gatewaySecurely expose protected resources as ap is with app42 api gateway
Securely expose protected resources as ap is with app42 api gateway
 
RSA Europe: Future of Cloud Identity
RSA Europe: Future of Cloud IdentityRSA Europe: Future of Cloud Identity
RSA Europe: Future of Cloud Identity
 

Mais de Andreas Åkre Solberg

Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017Andreas Åkre Solberg
 
Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)Andreas Åkre Solberg
 
UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)Andreas Åkre Solberg
 
Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)Andreas Åkre Solberg
 
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyenNorsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyenAndreas Åkre Solberg
 

Mais de Andreas Åkre Solberg (20)

OpenID Connect Federation
OpenID Connect FederationOpenID Connect Federation
OpenID Connect Federation
 
Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017
 
Dataporten Workshop
Dataporten WorkshopDataporten Workshop
Dataporten Workshop
 
Dataporten
DataportenDataporten
Dataporten
 
Dataporten for Sigma2, Hell
Dataporten for Sigma2, HellDataporten for Sigma2, Hell
Dataporten for Sigma2, Hell
 
Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)
 
UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)
 
Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)
 
Connect (USIT)
Connect (USIT)Connect (USIT)
Connect (USIT)
 
Connect (Feide fagdag, Gardemoen)
Connect (Feide fagdag, Gardemoen)Connect (Feide fagdag, Gardemoen)
Connect (Feide fagdag, Gardemoen)
 
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyenNorsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
 
Feide Connect SUHS 2014
Feide Connect SUHS 2014Feide Connect SUHS 2014
Feide Connect SUHS 2014
 
Feide Connect (NOKIOS 2014)
Feide Connect (NOKIOS 2014)Feide Connect (NOKIOS 2014)
Feide Connect (NOKIOS 2014)
 
Feide connect tnc2014
Feide connect   tnc2014Feide connect   tnc2014
Feide connect tnc2014
 
SCIM and VOOT
SCIM and VOOTSCIM and VOOT
SCIM and VOOT
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 
UWAP Tjenesteplattform
UWAP TjenesteplattformUWAP Tjenesteplattform
UWAP Tjenesteplattform
 
UNINETT IoU - UWAP Prototype
UNINETT IoU - UWAP PrototypeUNINETT IoU - UWAP Prototype
UNINETT IoU - UWAP Prototype
 
UNINETT WebApp Park
UNINETT WebApp ParkUNINETT WebApp Park
UNINETT WebApp Park
 
Federation Lab and OpenID Connect
Federation Lab and OpenID ConnectFederation Lab and OpenID Connect
Federation Lab and OpenID Connect
 

Último

Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 

Último (20)

Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 

Feide Connect

  • 1. «Feide Connect» Next generation service platform for advanced services and collaboration services for higher education. Andreas Åkre Solberg andreas.solberg@uninett.no
  • 2. Once upon a time Web Single Sign-On with Feide was sufficient to provide a seamless user experience across services. !2
  • 3. Collaboration on Internet ✤ A dynamic working groups spanning multiple organizations, work together using digital collaboration tools: ✤ A wiki ✤ Document sharing tool ✤ Meeting planner and calendar ✤ A Web meeting tool ✤ A web forum or mailinglist !3
  • 5. Feide Connect Authenti cation Self Service Groups and Roles Activity People streams search API Authz Mngmnt OAuth Authorization Engine HTTP API 5
  • 6. Feide Connect New architecture Feide tjeneste Mobil app Web app Tredjepartsklient / integrasjon API-based instead of SSO-flow OAuth + authentication Makes use of Feide (without changes) Feide Feide Connect grupper personsøk lagring aktivitetstr API authz Offers additional services Better support for mobile, desktop etc. API Authorization Management Tjeneste backend API Extremely simple integration for Service Providers Low-bar of entry 
 (for students, non-commercial, etc) oktober 23, 2013 !6
  • 7. Authentication Feide based upon SAML 2.0 Rather complex results in relatively high integration cost for Service Providers. Limited opportunities to the «login request -> response»-flow. ! Trends in consumer markets (Facebook, Google, Twitter, Linkedin, Salesforce) From enterprise protocols towards APIs / REST and OAuth Providers needs to offer APIs and third party integration anyway; OAuth Easy to establish a simple authentication protocol (userinfo) on top of that OpenID Connect Built-in support for cross-federation (eduGAIN, Kalmar) and guest users. oktober 23, 2013 7
  • 9. Groups and roles API Service Base layer: builds groups 
 from Feide attributes Feide tjeneste Mobil app Web app Tredjepartsklient / integrasjon Connector to FS:
 emner, studieretning med mer. Feide Connect Support for Ad-Hoc groups
 Feide Anyone can create groups for their collaboration needs. Cross-organizational groups. Support for custom external connectors to an institutions authoritative source of group data. Groups FS personsøk lagring aktivitetstr API authz Ext Connectors AdHoc !9
  • 10. Ad-hoc group management front-end !10
  • 11. People Search Separate People Search API Authenticated API Also available as a JS library And as a Federated Widget Relies on already public information Better user experience to search for real user names, than to add userids. !11
  • 12. Modell for grupper Superenkel, men utvidbar, informasjonsmodell ! ! ! ! ! Protokoll for: hente ut liste over grupper for gjeldende bruker (fra FeideID) hente ut liste over medlemmer for en gitt gruppe (fra gruppeID) !12
  • 13. Utvidet modell Standardisering per gruppe-type for utvidede egenskaper. !13
  • 14. Subscriptions Content associated with public groups. Users may subscribe. !14
  • 16. ma Ar ha zs WebApp frontend Widgets dr wi eas l l a co tte nfi nd rm me ed eti an ng d df» ! sc he du led an ew me eti ng Generic information model A n ad ew u de se dt rT o t ho he rle gr if i ou s p Si mo n re «w as c elc rea om ted e!» a at wiki Ag pa or ge a User interfaces An d Acitivites posted to one or more groups An re .p Mobile app frontend da at file Cl «a o u rc ds hi tor tec tu API re Activity Streams One activity stream per group. !16
  • 17. !17
  • 18. Notifications The most important activity updates Email and mobile push notifications Personal preferences !18
  • 20. Open Data Universities increasing interest to share their data using APIs. Motivates growth of new innovative, and better services for the employees and students. ! Privacy very important! Complex to provide authentication model for delegated access to personal data. !20
  • 22. Registration of new clients ! Third parties register new clients, and requests access to API scopes. !22
  • 23. Managing clients ! › Trust › Scope management › Statistics ! › Authorization workflow !23
  • 24. API Authorization workflow ! API owner grants access to new clients. › Clients bounded to authenticated users / organizations !24
  • 25. Users accessing clients, is handled through Feide login The platform will make sure end users accessing the clients are authenticated (using Feide). !25
  • 27. Client has obtained a token, and can access «Feide Connect» services, such as: ! > user info, > groups, > activity streams !27
  • 28. International Collaboration Any student or employee in Europe should be able to login with their local credentials on the through the platform. Established cross-federation connections through eduGAIN and Kalmar. ! Collaboration on harmonizing group definitions and exchange protocols with other countries.
 Collaboration through GÉANT, Terena. Nordic collaboration through NordForum? Standardization
 OAuth, OpenID Connect, SCIM, OpenSocial, ActivityStreams, Misc W3C !28
  • 29. Til diskusjon Identifikator for mapping av bruker, brukerID, FeideID, studentID, personnummer, etc. Hvilke type grupper, og evnt roller Avtaleverk, og tilgang i utviklingsfasen Kilde for dataene, WS vs database Hastighet på oppslag Samarbeid, UNINETT <-> FS !29