DK update David Simonsen, WAYF (the federation formerly known as DK-AAI) It's a WAYFIt's...

DK updateDavid Simonsen, WAYF

(the federation formerly known as DK-AAI)

It's a WAYFIt's about consentIt's a project

SAML2 LDAPHost’ed

simpleSAMLphp

Shibboleth 1.3 + CAS

WAYF architecture

Supported interfaces

•SP: SAML2

•SP: Shibboleth 1.3

•IdP: SAML2

•IdP: LDAP (hosted login page)

•IdP: CAS + LDAP

IdM requirements

•Describe your IdP routines (will not be publicly available)

•24 hours after status is changed, status is changed...

•LoA - not supported

•Strenth of initial authentication not flagged

AttributesMUST

---- Personal information-----

SurName

GivenName

CommonName

eduPersonPricipleName

Mail

eduPersonPrimaryAffiliation

----- Information about the organisation-----

schacHomeOrganization

MAY

---- Personal information ----

norEduPersonNIN

eduPersonScopedAffiliation

PreferredLanguage

eduPersonEntitelment

----- Information about the organisation------

Attributtes provided / generated by WAYF

eduPersonTargedID (hash (SP-ID + hash (IdP-ID + salt + unique-personID) + salt)

OrganizationName

Attribute profilesNormal profile

eduPersonPrimaryAffiliation

schacHomeOrganization

Extended profile with persistent ID

eduPersonPrimaryAffiliation

schacHomeOrganization

eduPersonTargedID

Extended profil with persistent ID and name

eduPersonPrimaryAffiliation

schacHomeOrganization

eduPersonTargedID

SurName

GivenName

CommonName

Extended profil with persistent ID, name and email

eduPersonPrimaryAffiliation

schacHomeOrganization

eduPersonTargedID

SurName

GivenName

CommonName

mail

WAYF is live•as of 28th of March 2008

•All central services running

•WAYF, consent, consent-admin

•Central federating component (CFC): simpleSAMLphp

•Contract draft (turned down yesterday)

•websites open (Danish only so far)

•Production evironment + QA

•Press release to come (with ministers)

•Only a few services still

•Cross federated to FEIDE (OpenWiki, Foodle)

WAYF is live

Connected institutions

•The Royal Library

•Roskilde University

•Syddansk University

•The State Library

• WAYF Orphanage

•Århus University

•Technical University of DK

Planned services•Connect, Forskningsnettets

videotjeneste

•DSB

•NetID

•BBC Motion Gallery

•Danske reklamefilm

•eduMedia, Forskningsnettet

•Studenterportaler

•NIAS, Nordisk Inst. for Asien Studier (Kalmar)

•Microsoft's 'Dream Sparks'

•ElseVier (forlag)

•OVID (forlag)

•EBSCO (forlag)

•WAYF-baseret ID-oprettelse

Planned services

Users' consent

The users' informed consent

Obligation to inform

Consent

Volontarily

InformedSpecific

No personal info is kept

Ingen personlige oplysninger gemmes

2km4756k4l3n43j34j38ds989g+sdfhkjrwk30!

DEMONSTRATION

•www.wayf.dk

•www.dk-aai.dk

•wiki.dk-aai.dk

•https://wayf.wayf.dk/consent/consentAdmin.php