Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Phase two of OpenAthens SP evolution including OpenID connect option


Published on

David Orrell, System Architect and Phil Leahy, Service Relationship Manager, talk about Phase II of the OpenAthens Cloud Service Provider project, and also about how OpenAthens is being used as an identity provider service in the corporate sector.

Published in: Technology
  • Did you try ⇒ ⇐?. They know how to do an amazing essay, research papers or dissertations.
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Phase two of OpenAthens SP evolution including OpenID connect option

  1. 1. OpenAthens Service Provider Breakout session 2 for Publishers 9 November 2016
  2. 2. OpenAthens Service Provider as a service • Phil Leahy (OpenAthens Service Relationship Manager) • David Orrell (OpenAthens System Architect)
  3. 3. OpenAthens for corporate customers • Our roots are in UK academia and healthcare, plus… • Ministry of Defence • House of Commons Library • Healthcare organisations in the US, Spain & Australia • US Department of Defense
  4. 4. Publisher 1 Publisher 2 Publisher 3 Publisher 4 Banking/finance company Legal practice Pharmaceutical company Petrochemical company Corporate/publisher relationships 150 other publishers Other research activity SAML connection
  5. 5. Other access tools persist • IP authentication • Publisher-issued credentials • Pre-loading data • Domain-matching • …but none of them tell you anything about your users
  6. 6. Local authentication tools in OpenAthens • Shibboleth/SAML • ADFS • LDAP • SirsiDynix • PING Federate • other SAML systems • All of these can use attribute release in OpenAthens
  7. 7. Attribute release in action • Adam Snook (OpenAthens Technical Pre-Sales)
  8. 8. Resource Access for the 21st century (RA21) • Joint initiative between NISO and STM Association • Announced at Frankfurt Book Fair • Meetings in London in December • OpenAthens is part of the conversation
  9. 9. 1. Authentication: Providing the best possible end-user experience 2. Single Sign-On: Enabling simple SSO within publishing platforms 3. Establishing standards: Driving common standards for interoperability 4. Facilitating discussions: Providing forums for discussion 5. Embracing change: Understanding that change is constant
  10. 10. Questions?
  11. 11. OpenAthens Service Provider 9 November 2016
  12. 12. • State of Identity Management and Federated Identity in 2016 • Our plans for OpenAthens SP
  13. 13. Federated identity management • Adoption continues to grow “Through 2016, Federated Single Sign-On Will Be the Predominant SSO Technology, Needed by 80 Percent of Enterprises” – Gartner • New generation of standards are here • OAuth/OpenID Connect • ...and emerging • UMA (user-managed access)
  14. 14. How well does SAML fit today? • Mature standard, widely adopted • Many moving parts • metadata ~10s of megabytes • possibly addressed by MDQ protocol? • ...but SAML is widely deployed by organisations • Developers at ease working with JSON, REST APIs • consume and integrate cloud services • loosely-coupled and ‘version-less’ • micro-services vs monolithic
  15. 15. How well does OpenAthens SP fit today? • Server modules have limited integration options • servlet-filter, Apache module etc. • difficult to test • may not align well with modern architectures • Limited APIs
  16. 16. Customer feedback • Not familiar with concepts of federated identity • Installation and configuration steps unclear • Changes take too long to take effect • or require contact with Service Desk • Locally installed software required • prefer to use an API • Integrating with multiple applications is complex • duplication of configuration and registration • End-user experience inconsistent and confusing Phase 1 Phase 2
  17. 17. SAML connector Future OpenAthens SP Identity provider Service Provider Identity provider Identity provider App1 App2 App3 SAML OAuth/OpenID Connect REST Multiple applications can share the same connector SAML connector available as a service DashboardOpenAthens
  18. 18. OpenID Connect • Identity layer on top of OAuth 2.0 • Industry-wide adoption • Developer friendly • Wide variety of clients including JavaScript and mobile • Supports range of deployment scenarios
  19. 19. • Dashboard provides • Configuration • Access to logs • Analytics • Add additional applications without having to register multiple SAML entities OpenAthens SP Cloud
  20. 20. Federated login: UX issues! • One of the most common user complaints! • Users presented with too many options • “OpenAthens login” • “Shibboleth login” • “Institutional login” • “Choose you federation” • Drop-down lists of organisations • Search for organisation • … • Users often don’t even understand the question!
  21. 21. Current options for discovery • By-pass completely (WAYFless URL, OA redirector) • Use a federation discovery service • Does not work across multiple federations • Does user know their federation? • Build your own using OpenAthens SP API • Build your own using your own data
  22. 22. Federated discovery as a service? • A more opinionated approach to discovery UX • Consistent but brand-able via dashboard • Will work out-of-the-box • Delivered via: • Standalone hosted service • Embeddable JavaScript widget • REST APIs still available to build your own • Independent of a given federation but will support any
  23. 23. Phase 2 due Q1 2017 Questions?