Thursday 17th March 2016
At its core, federated identity answers two questions?
1. Are you who you say you are?
2. Do you have the authorization to access the resource?
To answer these questions securely, the federated world creates a network of trusted relationships within which the appropriate data attributes are encrypted and passed securely between the relevant parties.
1. Yes! We recognize who you are, and your credentials are valid
2. Yes! You have the right permissions within the subscription to proceed
The development protocols to enable this security are written using SAML (security assertion mark-up language). These protocols are shared by Shibboleth and all other SAML systems such as Microsoft ADFS (Active Directory Federated Services). Any system written in SAML is able to integrate with another – for example, OpenAthens can integrate with Shibboleth.
The simple part is this: OpenAthens ensures that your organization, whether you manage end-users or publishing platforms, is able to easily join this network of trusted relationships.
Once you have engaged with OpenAthens you will be able to manage the exchange of data and certificates that answers those two critical questions. End users can log-in and move from licensed resource to licensed resource.
There are still challenges for a successful implementation. Perhaps the most critical is the end-user journey. The end user still needs to identify which organization they are from. This is often done by controlling access through a single library or internal portal, or through an organizational look up on the resource itself (see https://discovery.refeds.org/guide/) often called the “Where are you from” (WAYF) page.
OpenAthens looks to solve many of the end-user challenges with its own federation and specialist service and support desk. Our ability to integrate with many national federations is another reason we are used by organizations across the world who are looking to establish secure, simple and effective single sign-on for their end-users and patrons.
Share this article