Add to collection(s) Add to saved
  1. No category

NISO SSO Authentication Optimization Working Group

advertisement 
NISO SSO Working Group Charge
9/22/09 - Draft
Goals:
1. “Improve” the text of the charge by making it more general. The ‘charge’
(that is, the one sentence that describes the goal) is generally OK. But the
paragraph of explanatory text beneath each ‘charge’ statement constrains,
and in some cases confuses, the broader statement above. The ‘big print’
lays out the goal, while the ‘fine print’ starts to dictate how it ought to be
done.
2. Merge overlapping deliverables, where sensible and possible.
3. Avoid creating implementation constraints for Service Providers.
Assumptions:
4. There are two primary use cases: user arriving at an SP anonymously and
with no indication of their home authentication site, and user arriving with
an identifier of their home site. (A degenerate version of use case 2 would
be arriving and indicating which method/protocol to use but not indicating
a home site.)
5. SPs supporting multiple protocols may use different packages from
different vendors to provide support for the different protocols. SPs in
general will not want to write additional code to “frontend” a set of
packages; instead, they will probably prefer that the various packages
expose their own endpoints at the SP. A campus forwarding a user to an
SP will know which protocol/package it is using with each SP, and will be
able to forward to the appropriate endpoint.
6. Its very likely that the discovery/login GUI/flow will be different for
different protocols. This WG should define a standard flow/sequence that
an anonymous user would see from clicking a Login link on the front page
up to the point where they identify the package/protocol they will use;
from that point forward, the user would see a sequence of pages specific to
that protocol.
NISO SSO Authentication Optimization Working Group
Draft for Working Group Discussion/Approval
Expected Deliverables: NISO Recommended Practice(s)
Charge:
This Working Group will explore issues related to Single Sign-On (SSO) Authentication
Optimization in order to create a Recommended Practice(s) that will allow current SSO
technologies to work better in a networked environment, thereby providing a seamless
experience for the user. Included in the work of this group will plans for how to promote
the adoption of these Recommended Practices in order to make the access improvements
a reality. A business case/justification will be developed as part of these plans. The end
result of this work will be small, smart conventions for moving the user within a session
seamlessly from licensed site to licensed site. The creation of new SSO technologies or
the standardization of current SSO technologies is beyond the scope of this working
group’s charge.
Page 1 of 3
NISO SSO Working Group Charge
9/22/09 - Draft
The Working Group will produce three possible deliverables:
Deliverable 1: NISO Recommended Practice: Recommended Practice: standardizing
terminology
1. Articulate use cases describing the variety of ways in which a browser user
would arrive at Service Provider, and the experience up thru the
protocol/package specific login. Minimally, this should include direct to the
SP, starting from a home site library navigation page, federated searches, and
the Open Web (eg Google), as well as deep linking to and between
documents/results licensed by content sites (linking via OpenURL/link
resolvers and Crossref).
2. Develop a glossary collecting terms used by Web SSO and Federated
Authentication products. Try to promulgate a standard vocabulary.
Deliverable 2: NISO Recommended Practice: standardizing user interface presentation
for user authentication.
1. Identify a preferred location for login link and/or login input box (to help
users navigate to the appropriate login pages)
2. Recommend to sites a standard approach for guiding the user to the
desired authentication method. Develop standardized GUI flows that will
be presented to a user who clicks the login link. Include recommendations
on where SP and IDP branding could be inserted.
3. Working with the various authentication mechanisms, develop
standardized approaches for handling automatic login when the url
presented at the SP identifies the user’s preferred authentication method
and/or authentication provider.
4. Working with the various authentication mechanisms, develop a consistent
approach/link syntax for campus-based software to present a deep links to
SP-based content which will trigger an automatic login process with
presenting the user with the Discovery process..
Deliverable 3: NISO Recommended Practice: recommend a method for allowing
Federated Search technologies to leverage SSO authentication sessions of a user.
Federated Search has a unique set of challenges in that they perform searches of licensed
content acting as an agent for the user. Since the user is not directly interacting with the
content provider's site SSO, this provides unique challenges for a web SSO system.
Work with those packages that currently support “delegated authentication” to provide
SPs with the documentation they need to support this feature.
Change Log:
Page 2 of 3
NISO SSO Working Group Charge
9/22/09 - Draft
1. Create separate Deliverables for “standardizing use cases and
terminology” and GUI/user experience related issues.
2. Change an underlying assumption. Previously, sentences such as “Set
expectations that a content site implement a consistent approach/link
syntax for deep links to content regardless of authentication type” and
“Recommend practices for communicating the authentication method of
the user on the link “ seemed to imply that service providers would export
a single authentication-independent endpoint. SPs would develop and
deploy code at that endpoint to decifer the incoming information and route
the browser user to the appropriate protocol endpoint/stack. The new
model is described in Assumption 4.b. above.
3. Reworked Deliverable 3 (“NISO Recommended Practice: recommend a
method for allowing Federated Search technologies to leverage SSO
authentication sessions of a user.”), since it was premised on incorrect
information.
4. Pushed deliverable 4 (“Provide content providers with guidelines that
address the proliferation of Shibboleth Federations”) into the Shibbolethspecific flow.
Outstanding Questions:
1. the first paragraph contains these two sentences:
Included in the work of this group will plans for how to promote the
adoption of these Recommended Practices in order to make the access
improvements a reality. A business case/justification will be developed as
part of these plans.
2. Should those somehow be explicitly mentioned in the deliverables?
Page 3 of 3
Related documents
CS 2813 - Loyola College
CS 2813 - Loyola College
Chapter 11 HW
Chapter 11 HW
SHA Encryption
SHA Encryption
Single Sign-On
Single Sign-On
I think that public-key`s authentication process and symmetric key`s
I think that public-key`s authentication process and symmetric key`s
Single Sign On
Single Sign On
Davis
Davis
cryptography and network security
cryptography and network security
Authentication Systems, Single-Sign-On (SSO)
Authentication Systems, Single-Sign-On (SSO)
Download
advertisement