Thursday 17th March 2016
At its core, federated identity answers two questions?
1. Are you who you say you are?
2. Do you have authorisation to access the resource?
To answer these questions securely, the federated world creates a network of trusted relationships within which the appropriate data attributes are encrypted and passed securely between the relevant parties.
1. Yes! You are, we recognise who you are, and your credentials are valid.
2. Yes! You have the right permissions within the subscription to proceed
The development protocols to enable this security are written using SAML (security assertion mark-up language). These protocols are shared by Shibboleth and all other SAML systems. Microsoft ADFS (Active Directory Federated Services) is a common system. Any system written in SAML is able to integrate with other – for example OpenAthens can integrate with Shibboleth.
The simple part is this: OpenAthens ensures that your organisation, whether you manage end-users or publishing platforms, is able to easily join this network of trusted relationships.
Once you have engaged with OpenAthens you will be able to manage the exchange of data and certificates that answers those two critical questions. End users can log-in and move from licensed resource to licensed resource.
There are still challenges for a successful implementation. Perhaps the most critical is the end-user journey. The end user still needs to identify which organisation they are from. This is often done by controlling access through a single library or internal portal; or through an organisational look up on the resource itself (see https://discovery.refeds.org/guide/) often called the “Where are you from” (WAYF) page.
OpenAthens looks to solve many of the end-user challenges with its own federation and specialist service and support desk. Our ability to integrate with many national federations is another reason we are used by organisations across the world who are looking to establish secure, simple and effective single sign on for their end-users and patrons.
Share this article