|
Shibboleth Single Sign-on Architecture
Shibboleth is a single sign-on log-in system for computer networks and the Internet. It allows people to sign in using just one identity to various systems run by federations of different organizations or institutions. The federations are often universities or public service organizations. The Shibboleth Internet2 middleware initiative created an Information technology architecture, architecture and open-source model, open-source implementation for identity management and federated identity-based authentication and authorization (or access control) infrastructure based on Security Assertion Markup Language (SAML). Federated identity allows the sharing of information about users from one security domain to the other organizations in a federation. This allows for cross-domain single sign-on and removes the need for content providers to maintain usernames and passwords. Identity providers (IdPs) supply user information, while service providers (SPs) consume this information and give ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Shibboleth
A shibboleth ( ; ) is any custom or tradition—usually a choice of phrasing or single word—that distinguishes one group of people from another. Historically, shibboleths have been used as passwords, ways of self-identification, signals of loyalty and affinity, ways of maintaining traditional segregation, or protection from threats. It has also come to mean a moral formula held tenaciously and unreflectingly, or a taboo. Origin The term originates from the Hebrew word (), which means the part of a plant containing grain, such as the ear of a stalk of wheat or rye; or less commonly (but arguably more appropriately) 'flood, torrent'. Biblical account The modern use derives from an account in the Hebrew Bible, in which pronunciation of this word was used to distinguish Ephraimites, whose dialect used a different first consonant. The difference concerns the Hebrew letter '' shin'', which is now pronounced as (as in ''shoe''). In the Book of Judges chapter 12, after the inhab ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OpenAthens
OpenAthens is an identity and access management service, supplied by Jisc, a British not-for-profit information technology services company. Identity provider (IdP) organisations can keep usernames in the cloud, locally or both. Integration with ADFS, LDAP or SAML is supported. OpenAthens for Publishers software for service providers supports multiple platforms and federations. Technically, the service provides deep packet inspection proxying (in a similar manner to EZproxy) and SAML-based federation, as well as various on-boarding services for institutions, consortia and vendors. History With its origins in a University of Bath initiative to reduce IT procurement costs for itself and other universities, the Athens project was conceived in 1996. Spun off from Bath University through the vehicle of charitable status, Eduserv was established as a not-for-profit organisation in 1999. The service was originally named ''Athena'' after the Greek goddess of knowledge and learn ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Transport Layer Security
Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible. The TLS protocol aims primarily to provide security, including privacy (confidentiality), integrity, and authenticity through the use of cryptography, such as the use of certificates, between two or more communicating computer applications. It runs in the presentation layer and is itself composed of two layers: the TLS record and the TLS handshake protocols. The closely related Datagram Transport Layer Security (DTLS) is a communications protocol that provides security to datagram-based applications. In technical writing, references to "(D)TLS" are often seen when it applies to both versions. TLS is a proposed Internet Engineering Task Force (IETF) standard, fir ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Central Authentication Service
Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as user ID and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name ''CAS'' also refers to a software package that implements this protocol. Description The CAS protocol involves at least three parties: a ''client'' web browser, the web ''application'' requesting authentication, and the ''CAS server''. It may also involve a ''back-end service'', such as a database server, that does not have its own HTTP interface but communicates with a web application. When the client visits an application requiring authentication, the application redirects it to CAS. CAS validates the client's authenticity, usually by checking a username and password against a database (such as Kerberos, LDAP or Active Dir ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Liberty Alliance
The Liberty Alliance Project was an organization formed in September 2001 to establish standards, guidelines and best practices for identity management in computer systems. It grew to more than 150 organizations, including technology vendors, consumer-facing companies, educational organizations and governments. It released frameworks for federation, identity assurance, an Identity Governance Framework, and Identity Web Services. By 2009, the Kantara Initiative took over the work of the Liberty Alliance. History The group was originally conceived and named by Jeff Veis, at Sun Microsystems based in Menlo Park, California. The initiative's goal, which was personally promoted by Scott McNealy of Sun, was to unify technology, commercial and government organizations to create a standard for federated, identity-based Internet applications as an alternative to technology appearing in the marketplace controlled by a single entity such as Microsoft's Passport. Another Microsoft in ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SAML 2
Security Assertion Markup Language (SAML, pronounced ''SAM-el'', ) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider (SAML), identity provider and a service provider (SAML), service provider. SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions). SAML is also: * A set of XML-based protocol messages * A set of protocol message bindings * A set of profiles (utilizing all of the above) An important use case that SAML addresses is web browser, web-browser single sign-on (SSO). Single sign-on is relatively easy to accomplish within a security domain (using HTTP cookie, cookies, for example) but extending SSO across security domains is more difficult and resulted in the proliferation of non-interoperable proprietary technologies. The SAML Web Browser SSO profile was specified and standardized to promote interoperability.J.&nb ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SAML 1
Security Assertion Markup Language (SAML, pronounced ''SAM-el'', ) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions). SAML is also: * A set of XML-based protocol messages * A set of protocol message bindings * A set of profiles (utilizing all of the above) An important use case that SAML addresses is web-browser single sign-on (SSO). Single sign-on is relatively easy to accomplish within a security domain (using cookies, for example) but extending SSO across security domains is more difficult and resulted in the proliferation of non-interoperable proprietary technologies. The SAML Web Browser SSO profile was specified and standardized to promote interoperability.J. Hughes et al. ''Profiles for the OASIS Security Assertion Markup Langu ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Software Architecture
Software architecture is the set of structures needed to reason about a software system and the discipline of creating such structures and systems. Each structure comprises software elements, relations among them, and properties of both elements and relations. The ''architecture'' of a software system is a metaphor, analogous to the architecture of a building. It functions as the blueprints for the system and the development project, which project management can later use to extrapolate the tasks necessary to be executed by the teams and people involved. Software architecture is about making fundamental structural choices that are costly to change once implemented. Software architecture choices include specific structural options from possibilities in Software design, the design of the software. There are two fundamental laws in software architecture: # Everything is a trade-off # "Why is more important than how" "Architectural Kata" is a teamwork which can be used to produce an ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Authentication And Authorization Infrastructure
Authentication and authorization infrastructure (AAI) refers to a service and a procedure that enables members of different institutions to access protected information that is distributed on different web servers. Traditional approaches to authorization and access control in computer systems are not sufficient to address the requirements of federated and distributed systems, where infrastructural support may be required. Authentication and authorization infrastructure solutions address such limitations. With an AAI, access control is not managed by a central register, but by the respective organization of the user who wishes to access a specific resource. In Switzerland, the SWITCH Information Technology Services Foundation is developing a Shibboleth-based AAI system that helps Swiss universities in particular to make their e-learning offers accessible to students beyond their own institutional boundaries. Based on the success of SWITCHaai, other countries are following with their ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Ephraimites
According to the Hebrew Bible, the Tribe of Ephraim (, ''ʾEp̄rayim,'' in pausa: , ''ʾEp̄rāyim'') was one of the Twelve Tribes of Israel. The Tribe of Manasseh, together with Ephraim, formed the Tribe of Joseph. It is one of the Ten Lost Tribes. The etymology of the name is disputed.For the etymology, see Ephraim as portrayed in biblical narrative According to the Bible, the Tribe of Ephraim is descended from a man named Ephraim, who is recorded as the son of Joseph, the son of Jacob, and Asenath, the daughter of Potiphera. The descendants of Joseph formed two of the tribes of Israel, whereas the other sons of Jacob were the founders of one tribe each. The Bible records that the Tribe of Ephraim entered the land of Canaan during its conquest by Joshua, a descendant of Ephraim himself. However, many archeologists have abandoned the idea that Joshua carried out a conquest of Canaan similar to that described in the Book of Joshua, seeing Jews instead as indigenous Canaan ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
