Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Single Sign On, Identity, and System Integration

No description

Steelsen Smith

on 10 March 2016

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Single Sign On, Identity, and System Integration

Single Sign On, Identity, and System Integration
Steelsen Smith
Yale University Library

User identity is library data
We think about databases of record for monographs, manuscripts, and processing metadata - but what about our user accounts?
How many library accounts do I need?
ILS account
ILL account
Special collections account
Search and discovery?
Digital collections?
Electronic course reserves?
Special services?
And how does membership affect experience?
Institutional SSO can help local patrons
But what about guests?
How have we solved this before?
And is this really the same problem?
*Logo-less enterprise targeted solutions*
OpenID Connect - Identity over OAuth2
Claims based - associate arbitrary information with an account
Single subject identifier - Any user, local or guest, is consistent across systems
Scoped information - Grant access only to what you need
Logical authorization / authentication balance
Modular web standard - many OSS clients, many OSS providers
Credentials never make it to consuming applications
What Users See
What Does this Look Like?
Source: https://fhirblog.files.wordpress.com/2014/06/openid.png
What can you do? - Application Control
Allow applications to specialize - pass user information between them with confidence
Set up trusted digital resources
Allow programmatic access to user data in a highly secure way
Allow for a database of record* for identity
What can you do? - APIs
An OIDC server equals an OAuth 2.0 server
Users can now securely grant permissions to library APIs to operate on their their behalf
Back-end integration
Mobile apps
Student developers
Well known, well integrated
So, where are we?
Guests and local users have a unified login experience
Library applications can specialize more easily with known-trusted user accounts
Infrastructure is ready for API-first development
Federation with external OIDC providers (e.g., Google) or reconsumption of local credentials is possible
Full transcript