Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo

Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, 30396468 Supervisor: Dr. Steve Cassidy Workshop Presentation [1]

Talk Outline • Introduction to Federated Identity Management – Example • Multiple Frameworks – Shibboleth – Liberty Alliance • Project Objectives and Motivation • Deconstructing the Frameworks • Conclusion Workshop Presentation [2]

Federated Identity Management (FIM) • • Reduce number of online identities Reduce privacy exposure User controls who sees what Enables easy sharing of resources Workshop Presentation [3]

Main Actors in FIM • Users – Using a User Agent (Browser) • Service Provider – Provide resources and services – Protect resources and services • Identity Provider – Authenticates users – Provides security assertions to Service Providers Workshop Presentation [4]

Example Interaction 1. 2. Resource Request Redirection to Id. P • • 3. Form Response • 4. SAML Authentication Response Automatic Form Submission • 5. SAML Authentication Request Id. P authenticates User Process Assertion Resource Acquired Workshop Presentation [5]

Multiple Frameworks • Shibboleth – Higher Education focus – Resource Sharing, privacy, security – In. Common, AAF • Liberty Alliance – Commercial sector focus – Service integration, privacy, security – Intel, GM Workshop Presentation [6]

Issues with Multiple Frameworks • User perspective – More credentials due to technology limitation – Less privacy • Unnecessary federations – Formed from having to support multiple technologies • Increases difficulty of forming federations – Need to support services within each framework? What do you do? Workshop Presentation [7]

Project Objectives • Investigating whether we can extend a federation beyond the boundaries imposed by the technologies it employs – integration… Workshop Presentation [8]

Deconstructing the Frameworks • Both frameworks base on SAML specification • Identified the following: – – Assertions – identical to each other (both SAML) Protocols – identical (SAML) Bindings - Different Profiles – Similar enough (derived from SAML). Workshop Presentation [9]

Relevant Logical Subcomponents • Service Provider – Attribute Requester – Assertion Consumer Service • Identity Provider – Attribute Authority – Single Sign On Service Workshop Presentation [10]

Technology Example • Shibboleth Identity Provider – Java Web Application based – Employs servlets as endpoint processors – Has filter capabilities (interceptor pattern) Workshop Presentation [11]

Conclusion • Identified the binding differences and conversions – Message structure – Parameter referencing • Identified strategic architectural locations for adaptation • Provided technology example • Identified implementation as future work Workshop Presentation [12]