Project Concordia presentation by Patrick Harding, Paul Madsen, and Mary Ruddy at DIDW 2008

5. The Matrix Front channel attributes Back channel attributes Authn SSO SLO OpenID SAML Infocards WS-Fed ID-WSF OAuth Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Paul Mary Patrick

6. SAML ->OpenID

11. Sequence OpenID SAML SAML requestedauthncontext(password) authncontext(password) pape(password) RP IdP/RP OP pape(password) logon(pwd) service? service 1 2 3 4

13. Information Cards -> ID-WSF

16. Today you go from site to site filling in forms and passwords Copyright © 2008 Parity. Made available under EPL 1.0 Type, type, type. Click, click. Here a password, there a password. Everywhere a password. Here a form, there a form, ... Websites…

17. Information Cards Put You in Control Copyright © 2008 Parity. Made available under EPL 1.0 Each card is a slice of the digital you (or a friend of yours) held in some data silo. Any kind of information: your preferences, favorite songs, employee id numbers, drivers licenses, affiliations, your health plan id, ...you get the idea, can be accessed using a card. This wallet-like thing is an app called an Identity Selector

19. Sample Use Case

21. Bootstrap Flow Identity Selector Browser Extension & Client App Identity Provider Relying Party Website or App Cards are generated and downloaded from here. Token Service issues tokens as requested by Selector. Cards are stored and selected here Tokens containing claim data are requested and received here ( tag on Website contains a reference for an ID-WSF service)

22. ID-WSF integration- Higgins IdP Identity Selector IdAS LDAP Server ID-WSF Layer ID-WSF Personal Profile Service ID-WSF CP LDAPCP PP CP I-card Services DS IS AS ID-WSF STS

23. SAML -> OAuth

26. SP-Initiated SAML Brokerage.com Identity Provider Calculators.com Service Provider Browser 1. SAML MetaData Exchange (i.e. Certs/Keys, EndPoints) 5. User redirect back with SAML Token 4. User Authenticates & Handles User Consent 3.User redirect with SAML AuthN Request 6. Get Account Balances with SAML Token 2. View Calculators 7. Display Calculators API

28. OAuth Brokerage.com Oauth Service Provider Calculators.com OAuth Consumer Browser 1. Consumer Key and Secret 6. User Redirect back with Authorized Request Token 5. User Authenticates & Handles User Consent 4. User Redirect with Unauthorized Request Token 8. Get Account Balances with Access Token 2. View Calculators 3. Get Unauthorized Request Token 7. Exchange Authorized Token for AccessToken API 10. Display Calculators

30. SAML + oAuth Brokerage.com Identity Provider Calculators.com Service Provider Browser 1. SAML MetaData Exchange (i.e. Certs/Keys, EndPoints) 5. User redirect back with SAML Token + oAuth Authorised Token 4. User Authenticates & Handles User Consent 3.User redirect with SAML AuthN Request + oAuth Unauthorized Token 2. View Calculators 8. Display Calculators API 7. Get Account Balances with Access Token 6. Exchange Authorized Token for AccessToken