Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Single Sign On, Identity, and System Integration
Transcript of Single Sign On, Identity, and System Integration
Yale University Library
User identity is library data
We think about databases of record for monographs, manuscripts, and processing metadata - but what about our user accounts?
How many library accounts do I need?
Special collections account
Search and discovery?
Electronic course reserves?
And how does membership affect experience?
Institutional SSO can help local patrons
But what about guests?
How have we solved this before?
And is this really the same problem?
*Logo-less enterprise targeted solutions*
OpenID Connect - Identity over OAuth2
Claims based - associate arbitrary information with an account
Single subject identifier - Any user, local or guest, is consistent across systems
Scoped information - Grant access only to what you need
Logical authorization / authentication balance
Modular web standard - many OSS clients, many OSS providers
Credentials never make it to consuming applications
What Users See
What Does this Look Like?
What can you do? - Application Control
Allow applications to specialize - pass user information between them with confidence
Set up trusted digital resources
Allow programmatic access to user data in a highly secure way
Allow for a database of record* for identity
What can you do? - APIs
An OIDC server equals an OAuth 2.0 server
Users can now securely grant permissions to library APIs to operate on their their behalf
Well known, well integrated
So, where are we?
Guests and local users have a unified login experience
Library applications can specialize more easily with known-trusted user accounts
Infrastructure is ready for API-first development
Federation with external OIDC providers (e.g., Google) or reconsumption of local credentials is possible