Identity Federation
Starting small and reaching
way beyond
Thomas Lenggenhager
SWITCH, Switzerland
Mots clefs
AAI, Federated Identity, inter-federation, SAML, Shibboleth, WebSSO
Résumé
How to extend Web Single Sign-On beyond the security domain of a single university? This well-known problem initiated the implementation of the Swiss identity federation (SWITCHaai).
Universities issue digital identities to registered students and their staff by providing them their user account. If the university participates in an identity federation, such digital identities can also provide access to web based applications run by other institutions.
In Switzerland, the primary use case to establish the Authentication & Authorization Infrastructure (AAI) was to enable access for students to courses on learning management systems (LMS) hosted by third party universities. After five years of operational experience, SWITCHaai is well established and has become 'the key' for authenticated access to web servers in higher education.
The first part of the talk tells the story of SWITCHaai and lessons learned.
Today's federations are limited to their national scope, as they are mostly operated by a national research & education network (NREN). The time has come to reach beyond national borders by building the technical and trust framework on which national federations shall be able to inter-federate.
Once inter-federation is a reality, a professor of a French university could direct her students to a course hosted on the LMS of e.g. Université de Genève. Today, unless the course is accessible for any Internet user, it would require a huge overhead to bilaterally enable authenticated access.
Ideas and activities towards a scalable inter-federation future are in the focus of the second half of the talk.
Identity Federation
Starting small and reaching
way beyond
Thomas Lenggenhager
SWITCH, Switzerland
Mots clefs
AAI, Federated Identity, inter-federation, SAML, Shibboleth, WebSSO
Résumé
How to extend Web Single Sign-On beyond the security domain of a single university? This well-known problem initiated the implementation of the Swiss identity federation (SWITCHaai).
Universities issue digital identities to registered students and their staff by providing them their user account. If the university participates in an identity federation, such digital identities can also provide access to web based applications run by other institutions.
In Switzerland, the primary use case to establish the Authentication & Authorization Infrastructure (AAI) was to enable access for students to courses on learning management systems (LMS) hosted by third party universities. After five years of operational experience, SWITCHaai is well established and has become 'the key' for authenticated access to web servers in higher education.
The first part of the talk tells the story of SWITCHaai and lessons learned.
Today's federations are limited to their national scope, as they are mostly operated by a national research & education network (NREN). The time has come to reach beyond national borders by building the technical and trust framework on which national federations shall be able to inter-federate.
Once inter-federation is a reality, a professor of a French university could direct her students to a course hosted on the LMS of e.g. Université de Genève. Today, unless the course is accessible for any Internet user, it would require a huge overhead to bilaterally enable authenticated access.
Ideas and activities towards a scalable inter-federation future are in the focus of the second half of the talk.