InAcademia. Simple Validation Service

Similar documents
InAcademia Simple Validation Service

InAcademia Simple Validation Service

GÉANT project update. eduteams - AAI as a Service for Collaborative organisations. InAcademia Simple affiliation validation as a Service

EduKEEP Towards a User-Centric Identity Management Model

EGI-Engage: The AAI Strategy for the EGI Infrastructure

Best practices for managing authorisation

FIM4R Version 2. David Kelsey AARC2 Community Engagement/Policy and Best Practice Harmonisation. Federated Identity Requirements for Research

GÉANT SA5 Collabora9on européenne

ITSMA Release Release Readiness for Customers

Enabling Cross-University Collaboration with Harvard IAM: TIER, InCommon, and Grouper. IT Summit 2015 June 4, 2015 Thursday 1:10-2:00 p.m.

The 2015 State of Consumer Privacy & Personalization

HOW TO CONFIGURE SINGLE SIGN-ON (SSO) FOR SAP CLOUD FOR CUSTOMER USING SAP CLOUD IDENTITY SERVICE

EUDAT How manage Data into the Collaborative Data Infrastructure: a general overview of EUDAT services

SA1 Update, approach & discussion on pilots

Internet identity: Forward in All Directions. Dr Ken Klingenstein, Director, Middleware, Internet2

Recipes for Success in Creating Customer Identity. An API Approach To Building the Identity, and Identity Data, Ecosystem

GÉANT IaaS Framework Cookbook

Building Online Portals for Your Customers & Partners with Okta. An Architectural Overview OKTA WHITE PAPER

CUSTOMER ENGAGEMENT STARTS WITH SINGLE SIGN-ON

Sustainability Models for Guest IdPs

SAML 2 VO Platform Enable collaboration beyond institutional boundaries

e-prior Facilitating interoperable electronic procurement across Europe Technical Overview

Enhancing SWITCHaai with Micropayment Functionality for Swiss Universities White Paper

Baseline Expectations for Trust in Federation: Increasing Trust and Interoperability in InCommon

Working Groups. Swiss edu-id a joint effort. Petra Kauer-Ott

Installation Guide for Actionable Google Analytics by Tatvic for Magento

ISA Action Pilot DEMO session. Date: Authors: Britt Joosten, Guillermo Enero, Ignasi González

Preference Management. Eric Holtzclaw and Eric Tejeda PossibleNOW. November,

Today s presentation is focused on providing you with an overview of the upcoming

REFIT Platform Opinion

Pakistan Identity Federation Policy

Identity and Access Management

Store Signup. - Adding your custom logos - Adding your products or online transactions

Understanding Your Enterprise API Requirements

MONONA GROVE SCHOOL DISTRICT. Process DOC for Requesting Time Off for Teachers

Introduction 2 MARKETINGCLOUD.COM

Configuring Single Sign-On for Oracle Enterprise Performance Management Cloud. Configuring Single Sign-On Between EPM Cloud and NetSuite

CSP Forum 2014, Athens, May

SIFULAN Malaysian Access Federation. Identity Federation Policy [DRAFT] Copyright. Mohd Ishan Last Modified 17 January, 2018 Version 1.

Delete this page when ready. Do not include it in your presentation.

Sage 100. Sage Payroll Services Getting Started Guide

INCOMMON TRUST FEDERATION

OneStart/EDEN A Description of IU's Transaction Processing/Recordkeeping Environment

Shibboleth Consortium Update and Development Roadmap

Changing the delivery experience for the better. Updating our signature service

Accounting for the Authentication and Authorization Infrastructure (AAI) Pilot Study

What is Stripe? Is Stripe secure? PCI compliant?

FREQUENTLY ASKED QUESTIONS STUDENT UNIONS

InCommon Update. Ann West InCommon/Internet2

ITSMA Release Release Readiness for Customers

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

Powering your customers retail experience

Fairfax Media Adopts SaaS Apps Quickly While Enhancing Security

Planning and Implementing Enterprise Identity Management: Why we did it, what we did, and how we did it

DIGITAL KNOWHOW SIGNPOSTING TOOLKIT. Small Businesses and Charities Edition. Developed by the SME & Charity Digital Skills Taskforce.

Log into CSULB Single Sign On and Access the CSULB Parking System

Note: EPS features contained within these FAQs may not be applicable to all Payers.

Direct Deposit. In order to use direct deposit, you must set special parameters in the general ledger, deductions, and miscellaneous parameters.

Prepare for GDPR today with Microsoft 365

Four P's for User Adoption - Save SharePoint Implementations from Epic Failures!

Digital transformation

B X X L G H T MANUAL WELCOME. Welcome to our manual:

Your 5 Step Guide to the Apprenticeship Levy Funding System (TAS) How to allocate your levy to your apprentices

Facilitating interoperable electronic procurement across Europe

BEST PRACTICES: 2015 Credit Card Mobile Sites and Apps

Danske Bank International Privacy Notice

TIER Release One A Community Milestone, Why It's Important and What's Next

Danske Bank International Privacy Notice

sure every construction worker has the right to work in the UK?

Workspace ONE. Insert Presenter Name. Empowering a Digital Workspace. Insert Presenter Title

Produce World Document Management Codefree Web Approve Link Manager - Integration with Microsoft Dynamics NAV -

WELCOME TO WARWICK EMPLOYERS GUIDE

HeadMaster Billing for Schools

Deepening Collaboration through More Effective Document and Content Management

Accelerating Your Banner 9 Adoption Timeline

InCommon and edugain: Joining the International Federation Community

SuisseID My digital self

<Insert Picture Here> Externalizing Identity

My Tri-C Space Treasure Hunt. Adjunct Faculty

HRA IMPLEMENTATION GUIDE

Product. Portico Streamline Your Operation With a Highly Integrated and Intuitive Account Processing System

Up2Date Bookkeeping Plus Payroll Package. Please Click Below for a Video Demo of the Bookkeeping Spreadsheet

Reference Request for Proposal: Ticketing System for CFA & HPAC Dated: May 18, 2017

THE EVOLUTION OF CONSUMER IDENTITY 10 PREDICTIONS FOR 2015

About augmented (attribute) reality

Entrepreneurial Finance Part - 1

CardNav SM by CO-OP Frequently Asked Questions

Banking at the speed of your life. Online. Mobile. Superior. Safe. PARKSTERLING. Answers You Can Bank On.

MANAGE THE LIFECYCLE OF EVERY DIGITAL USER

RICHARD HARBRIDGE SPEAKER AUTHOR SUPER FRIENDLY. My twitter handle my blog is and I work at

Deltek Touch Time & Expense for GovCon 1.2. User Guide

RSA SECURID ACCESS Implementation Guide. Rescale

IBM Terms of Use SaaS Specific Offering Terms. IBM Marketing Cloud. 1. IBM SaaS. 2. Charge Metrics

RENU Identity Federation (RIF)

BLOCKCHAIN CLOUD SERVICE. Integrate Your Business Network with the Blockchain Platform

Installation Guide for Actionable Google Analytics by Tatvic for Magento

GIGYA: Connect, Collect, Convert

UK SCHOOL TRIPS PRIVACY POLICY

SAP HANA Cloud Danone

Frequently Asked Questions (FAQs):

Transcription:

InAcademia Simple Validation Service Niels van Dijk InAcademia lead niels.vandijk@surfnet.nl Mark Bevers InAcademia business development Mark.bevers@surfmarket.nl edugain Town Hall Feb 21, 2017 Vienna

InAcademia - a Simple validation Service InAcademia radically simplifies affiliation validation for services, in a privacy preserving way, while at the same time leveraging existing edugain infrastructure for Institutions Microsoft wants to offer free Office365 to all students in EU ORCID seeks to improve account quality SMEs (webshops) want low barriers for leveraging digital academic Identity: a simple contract, a predictable cost model and high assurance on identity

InAcademia affiliation validation made easy How to make affiliation validation much easier? Ø Services get most attributes from user (self asserted) Ø Only affiliation must come from the Home Organisation Ø Query a single, centralised service to confirm affiliation (yes or no) Ø A user proves affiliation by authentication with home IdP Ø Validation service accessible for all edugain IdPs Ø A simple protocol is used by the Services (OpenID Connect) Ø The policy barrier for using should be low (a single contract) Ø Service pays a small transaction fee (pay per use) Ø Academic services get 100% discount

InAcademia demo: Select a product

InAcademia demo: Prove affiliation

InAcademia demo: validated!

InAcademia Flow overview Service Provider (RP) 1- Is this user a student? 4- Yes 2- Please login to prove affiliation 3- IdP says Affiliation: Student

Services perspective Very easy to implement Common integration pattern (Google/Facebook) Setup and forget Same Terms and Conditions for all academic users in EU No contracts or dealings with Institutions No user data; persistent identifier, country and institution domain name optional No integration across services (atomic) Small transaction fee per transaction Implement SAML SP SAML (federation) has learning curve Metadata; ARP; opt-in/opt-out Per federation differences in policy Interaction w/ institutions needed Rich attribute set possible Good integration across services (SSO) Free; technical knowhow is needed 8

Institutional perspective SAML SP proxy in edugain Effort and cost free access to bonus services for your end users SAML NameID + (scoped) affiliation Highly privacy preserving Institution hidden behind InAcademia SP and end user support covered CoCo complient Service sustained by fees Usage free for end users SAML SP in edugain Core campus and scientific services Rich attribute set possible Depends on attributes sent Direct transaction between SP and IdP Support via internal IT or fed ops Per SP policy and contracts Institition pays for sustaining Usage free for end users 9

Federation perspective Gateway to many services Uses existing SAML IdPs SAML NameID + (scoped) affiliation Highly privacy preserving SP and end user support covered Infrastructure provided by GEANT Usage Free Zero effort tool for long tail services Gateway to entities abroad Uses existing SAML IdP Rich attribute set possible Depends on attributes send Support & coordination via fed ops (towards other fed ops & internal IT ) Local Infrastructure required Usage Free Core campus and scientific services 10

When to suggest InAcademia over regular edugain? When the service has no needs beyond affiliation validation When a service has low transaction volume or When a service has world domination aspirations When service owner is not technically adapt When you have no ability or willingness to provide support When you want user privacy guaranteed To reduce the amount of work required when dealing with the services When you feel the R&E community as a whole can get a better deal than a single institution/federation/country Aspirational note: InAcademia fees may help sustain other edugain services also 11

If you are an Academic peer, e.g. a research service You mayuse InAcademia for free (best effort/ fair use) No user data = no data protection troubles Validation backed by institutional IdM Very easy to implement (see https://github.com/inacademia) 12

Ready for Playing & Pilots Play If you want to test or play, please let us know Have a look at https://inacademia.org/getting-started or try the demo shop at https://demoshop.inacademia.org/shop We welcome your input and feedback! Pilots Ready to talk to services, with your endorsment, for pilotting InAcademia Currently in discussion with Amazon, Google, SheerID, Mecenat, Parantion For now, GEANT project partners only No fees charged for pilot period We want to work with identity federations to find the best fit for InAcademia 13

https://inacademia.org Technical: https://github.com/inacademia info@inacademia.org Thank you This work is part of a project that has received funding from the European Union s Horizon 2020 research and innovation programme under Grant Agreement No. 691567 (GN4-1). 14

InAcademia Technical setup

InAcademia Component overview

InAcademia - Supported scopes Description Affiliation Scopes Based on [1], [2] affiliated employee student faculty alum This person is affiliated to the institution Institutional workers whose primary role is teaching or research and workers other than teachers or researchers A student at the institution Institutional workers whose primary role is teaching or research An alumnus at the institution Identifier Scopes persistent transient (not the SAML persistent ID) A persistent identifier, unique for this person, on a per RP, per IdP basis A transient identifier, which is unique for each transaction [1] http://www.geant.net/service/edugain/resources/documents/gn3-11-012%20edugain_attribute_profile-05%2012%202013.pdf [2] http://www.terena.org/activities/refeds/docs/epsacomparison_0_13.pdf

InAcademia - Supported claims Claims country domain Description (Optional) What is the country of the users home institution? -> Deducted from Country of IdP What is the domain name of the institution of the user? -> SchacHomeOrganisation attribute Examples: scope=affiliated scope=affiliated transient scope=affiliated persistent scope=affiliated persistent & claim = country scope=student persistent & claim = country domain

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback