OpenAthens SP software end of life is approaching.
Keystone, Wayfinder and the OpenAthens federation are unaffected.

Search

Skip to end of metadata
Go to start of metadata

Attribute

A piece of information about an object, usually a user, supplied by an identity provider.

Authentication & authorisation

Authentication is the checking of user credentials which in a federated context is done by the identity provider. Authorisation is whether or not they can access a thing which is decided by the service provider based on the user's scope and attributes.

Discovery

The way a user accessing an SP identifies to that SP which IdP they are from. Ideally a type-ahead search but sometimes just a list, this is sometimes referred to by the Shibboleth term 'WAYF' (Where Are You From).

EntityID

The identifier of an entity within metadata. An identity provider will have one of these but may have multiple scopes. These usually take the form of a secure URI - e.g:

https://idp.eduserv.org.uk/openathens

Identity Provider (IdP)

The organisation that issues identities to its users, e.g. a library.

Metadata

Information about entities. Each IdP or SP entity will have its own published metadata that describe it in terms of signatures, certificates, sign-in addresses and what they support. There will also be a federation maintained central metadata which aggregates all the individual entities metadata.

This aggregated metadata is cached by entities for quick reference. The OpenAthens federation metadata has eTag support to help with this.

OpenAthens SP

The SP software developed and supported by OpenAthens.

SAML

Security Assertion Markup Language. The standard upon which most federations work.

Scope

The identifier of an organisation or organisational unit (OU) within an organisation. Usually expressed as a domain and TLD, an OU would include a subdomain which in this federation is usually a number. E.g:

domain.com

3032162.domain.com

The scope is supplied as part of the scopedAffiliation attribute (see below)

scopedAffiliation

The friendly name for urn:oid:1.3.6.1.4.1.5923.1.1.1.9. A user's roll, such as member, staff, student.

Service provider (SP)

The resource provider that authorises entry based on the scope and attributes of the user attempting access

Shibboleth

An open source SP software developed originally by Internet2 and supported by the community. You can use it in the OpenAthens federation if you like.

targetedID

The friendly name for urn:oid:1.3.6.1.4.1.5923.1.1.1.10. It is a pseudonymous identifier for an individual user that is consistent every time the user visits an SP but different for each separate SP.

WAYFless URL

An access URL that includes the entityID of a user's IdP so that the user does not have to pass through discovery to identify their home organisation to a service provider.


  • No labels