Exploring Mobility, Chatbots, Blockchain and Augmented Reality solutions in the Cloud to re-imagine Education & Research

Open Identity

Kevin Roebuck
Director, Digital Experience

Here's the project plan with OKI to address Inter-operability among authentication systems
which continues to be a problem on campus, notably for the CSU digital marketplace project. I just need the funding to get rocking on it which shouldn't long to nail down.

The Authentication Open Service Interface Definition offers a solution to achieve interoperability among varying
authentication systems using modular software interfaces where adapters
can be utilized in a plug-and-play manner to map the identity namespaces among varying authentication providers.

goal of this project is to develop a demonstration for the OpenIWorld
conference in August. The demonstration will be an application
and server that each can use either a Kerberos or SAML2
based authentication mechanism. Specifically:

a client-side application that can use either Kerberos or SAML
(depending on what the service protocol requires) to
acquire credentials.

        \* a server-side application that can authenticate using either Kerberos or SAML and utilize the same authorization service.

Below outlines the deliverables required to produce a demonstration usable at the OpenIWorld:eLearn conference.

1. A SAML 2.0 client OSID implementation

The client-side OSID is used by native applications to acquire the SAML 2.0 credential from a Shibboleth authentication transaction and prepare those credentials for transport to the server.

2. A SAML 2.0 server OSID implementation

The server-side OSID is used by servers and web-application servers to validate and extract attributes from the SAML data for the purpose of establishing an identity and/or other data for use with an authorization service.

3. A Kerberos client OSID implementation

The client side OSID is used by native applications to acquire a Kerberos ticket and prepares that data for transport to the server. This work will leverage on prior work related to Kerberos and the OSIDs.

4. A Kerberos server OSID implementation

The server side OSID is used by servers and web application servers to validate a Kerberos ticket and extracts an identity for use with an authorization service.This work will leverage on prior work related to
Kerberos and the OSIDs.

5. A Authentication OSID adapter for federation

The adapters will federate the Kerberos and SAML authentication OSIDs to present to the application and server software a single authentication interface.

6. A test client/server

A client that demonstrates the usage of these OSIDs.

7. Documentation of demonstration

8. Production and delivery of the OpenIWorld demonstration

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.