Access Keys:
Skip to content (Access Key - 0)

Neil Witheridge and Francois Kooman

OpenConext: enabling Federated Team Management, Group-Aware SPs, and SP Shop-Fronts 

Federated identity and access management has seen wide adoption in less than a decade. Identity Providers (IdPs) provide user authentication and user information for which the IdP is authoritative to Service Providers (SPs). In general, in order for Services to make authorisation decisions, user information other than that available from an IdP, and for which the IdP is not authoritative, is required. In particular, many Services would benefit from being 'Group-Aware'; that is, being able to obtain information on a user's group/team/VO membership and roles. As Australia's NREN, AARNet plans to deliver group-aware collaboration services (e.g. future Cloudstor, VideoConferencing Management tools). 

SURFnet's OpenConext federated identity management platform provides for group/team/VO management, and an OpenSocial-based API enabling SPs to securely request a user's team information. OpenConext provides a "Team" application based on Internet2's Grouper for secure Team management. OpenConext uses the OAuth-based OpenSocial API to enable services to securely query team information for users, including user consent. OpenConext is, in fact, a total Federated Identity Management solution used by SURFnet. Its architecture allows it to be used in an 'IdP-SP-proxy' mode which allows it to present a number of SPs behind a single 'shop-front'. 

We will describe OpenConext technology, AARNet's experience with OpenConext and collaboration with SURFnet, and AARNet's plans to use OpenConext's Team Management, Team Information API, as well as the OpenConext IdP-SP Proxy functionality.

 

(tick)

Neil Witheridge and Francois Kooman's Biographies 

Neil Witheridge
Neil Witheridge is AARNet’s Manager, Authentication and Authorisation Services. Neil has been working in the Australian HE&R sector for the past 9 years, involved in SII funded projects at Macquarie University which introduced Internet2’s Shibboleth federated identity infrastructure to Australia & established a pilot federation, then the NCRIS-funded ARCS project integrating federated identity and access with ARCS services (e.g. Grid tools, Data Fabric) and developing the ARCS Access Service.  Neil is currently responsible for the “eduroam AU” service operated by AARNet, as well as providing technical support for federated services and development activities contributing to AARNet’s services strategy, recently focusing on SURFnet’s OpenConext. Neil has a Master of Engineering Science degree from University of Sydney.

François Kooman
François Kooman works as Technical Product Manager for SURFnet, NREN for The Netherlands, and works on identity management and the OpenConext/SURFconext collaboration infrastructure in addition to working on authentication and authorization systems like SAML, OAuth 2.0, OpenID Connect, Mozilla Persona. François obtained a Master of Science degree in Computer Science, specialization computer security, from the Radboud University Nijmegen (2009).