+ - 0:00:00
Notes for current slide
Notes for next slide

JSON web:

  • token
  • signature
  • encryption
  • key
  • algorithms

OpenID Connect for Swiss edu-ID

Etienne Dysli-Metref
etienne.dysli-metref@switch.ch

1

What is OpenID Connect?

  • OAuth 2.0: authorisation protocol for applications
  • Adds “simple identity layer” on top of OAuth 2.0
  • Easy solution for delegating access to protected resources
  • Reinvents the wheel with JSON (see JW*)
  • OpenID Connect 1.0 finalised early 2014
  • Popular with web and mobile developers
2

JSON web:

  • token
  • signature
  • encryption
  • key
  • algorithms

Meanwhile, in our community...

  • Very few concrete use cases for OAuth or OIDC so far
  • SAML isn't going away soon
  • Bridging SWITCHaai and OIDC is technically possible, see our mobile proxy example from 2011

Operate SAML and OIDC together

  • Ask each institution to operate an OIDC service?
    rollout too slow
  • One IdP with OIDC for the whole federation
    the Swiss edu-ID IdP!
3

Mobile proxy wasn't met with much enthusiasm and was forgotten.

Pilot IdP with OpenID Connect

  • Shibboleth IdPv3 addon developed by the University of Chicago and Unicon
  • Successfully tested by another team @SWITCH
  • Open for other testers
  • Manual client registration
  • Contact us if you want to try
4
  • We took UChicago's project and installed it as a trial.
  • Our Cloud team tried their own client against it.
  • Scott said it is not going to be integrated in the Shibboleth IdP like this. Don't expect this to happen soon.

Other interesting projects

5
  • SAML eduPerson attributes and OIDC claims come from totally different worlds. Can we find some common ground?
  • Roland Hedberg (Umeå University, Sweden) is writing a specification to build OIDC federations.

What is OpenID Connect?

  • OAuth 2.0: authorisation protocol for applications
  • Adds “simple identity layer” on top of OAuth 2.0
  • Easy solution for delegating access to protected resources
  • Reinvents the wheel with JSON (see JW*)
  • OpenID Connect 1.0 finalised early 2014
  • Popular with web and mobile developers
2

JSON web:

  • token
  • signature
  • encryption
  • key
  • algorithms
Paused

Help

Keyboard shortcuts

, , Pg Up, k Go to previous slide
, , Pg Dn, Space, j Go to next slide
Home Go to first slide
End Go to last slide
b / m / f Toggle blackout / mirrored / fullscreen mode
c Clone slideshow
p Toggle presenter mode
t Restart the presentation timer
?, h Toggle this help
Esc Back to slideshow