How Federated Authentication Works

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
this video is one of a series produced by seamless access org to education inform users about the work we're doing to deliver a simpler privacy preserving access experience seamless access represents and comprises a diverse community of organizations and individuals my name is Tim Lloyd in addition to serving on the governance and outreach committees for seamless access I also run Lib links a company specializing in identity and access for online resources in this video I start with the basics and explain how federated authentication works federated authentication is an extension of single sign-on that allows you to use your institutional credentials to authenticate access to a wide variety of online resources which are provided by third parties outside your organization if you're unfamiliar with the term federated authentication you may recognize the name Shibboleth instead Shibboleth is an open source software commonly used to implement federated authentication in research and education institutions let's start with a simple analogy Bob runs a conference booth that provides books to anyone who studies at a subscribing institution Amy comes up to the booth and says hi can I have a book bob says sure and asks her if she's at a subscribing institution Amy says that she's a student at ABC college however Bob doesn't know Amy so he needs to verify that she's registered with ABC college luckily he has a phone book where he can look up someone who can help him in the case of ABC college the person to talk to is Carol Bob calls Carol to ask if she can confirm that the person at his booth is a student at ABC college Carol asked spob to pass the phone to the student so she can talk to her directly carol talks to Amy and is able to confirm that she is a valid student at ABC college ami passes the phone back to Bob so that Carol can confirm to him that she's a student at ABC College now Bob would ideally like to know the students name so that he can learn more about her interests and recommend other books to her in future however ABC colleges policy is not to release student names and so Carol can't provide Bob with any additional information on the student bob has now verified that the student in front of him is at ABC College Bob gives Amy her book and also gives her a bright green badge to wear that says I'm with ABC College Bob tells her as if the other booths see that badge it'll save some time as she wrote needs to tell every booth which institution she studies at this simple scenario is actually very close to how federated authentication works Bob is the service provider or SP that needs to check a visitor's institutional affiliation before providing access to services his phone book is an identity Federation a trusted list that details how to talk to a set of vetted institutions and vendors examples of identity Federation's in higher education include in common in the United States and the UK Access Management Federation Carol is the identity provider or IDP the institution's federated authentication service that confirms a visitor's identity and while our characters in this scenario speak English in reality Bob Carol and the Federation communicate using a language called security assertion markup language or sam'l for short finally the badge the Bob gives to Amy is what seamless access is really about making it easier for Amy to deal with other service providers it's important to note that Carol as the identity provider was in control of Amy's identity and opted not to share any information about Amy with Bob such as her name all Bob got was confirmation that Amy was definitely affiliated with ABC college and as Bob trusts the phonebook he trusts Carol is the right person to confirm that in federated authentication identity providers control user privacy by deciding whether or not to share extra user information known as attributes with a service provider an attribute might be affiliation information such as a departmental role or more personal information such as a name or email address in this example no attributes were shared to summarize in this video we covered Federation authentication which is a technology used to authenticate access to external resources we distinguish between service providers such as publishers and identity providers such as research and education institutions we identified the role this identity Federation's play in linking service providers and identity providers who explained how seamless access makes federated authentication more seamless by allowing service providers to determine a users preferred identity provider without the additional friction of asking the user and we introduced the concept of user attributes as a means of preserving privacy [Music]
Info
Channel: SeamlessAccess
Views: 5,623
Rating: undefined out of 5
Keywords:
Id: wjvC_PUj4CI
Channel Id: undefined
Length: 5min 53sec (353 seconds)
Published: Mon Jun 08 2020
Related Videos
What is Federation? - Intro to Identity Series
ForgeRock
68K
SAML 2.0: Technical Overview
VMware End-User Computing
257K
Authentication fundamentals: Federation | Azure Active Directory
Microsoft Azure
56K
An Illustrated Guide to OAuth and OpenID Connect
OktaDev
199K
Federated Authentication 101: The Basics
Dundas Data Visualization, Inc.
155
How To Speak by Patrick Winston
MIT OpenCourseWare
5.1M
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.2M
Inside the mind of a master procrastinator | Tim Urban
TED
45M
DevSecOps : What, Why and How
Black Hat
31K
Sitecore Identity Server | Implementing Azure AD Login
TechShare
1.4K
Federated Identities - CompTIA Security+ SY0-501 - 4.2
Professor Messer
86K
How not to take things personally? | Frederik Imbo | TEDxMechelen
TEDx Talks
10M
OAuth 2.0 and OpenID Connect (in plain English)
OktaDev
1.1M
Radiant Logic: What is a Federated Identity Service?
Radiant Logic
58K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.