Educause Security Discussion mailing list archives
Re: 3rd party want to authenticate our users
From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Mon, 3 Mar 2008 09:59:45 -0500
We are using Shibboleth for this purpose in production - it will most probably do what you want. Joel Rosenblatt Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel --On Monday, March 03, 2008 8:49 AM -0600 "Sealey, Adam L." <Adam_Sealey () BAYLOR EDU> wrote:
You might take a look at Shibboleth. It's a federated identity solution where you still own all the credentials (you still do the "Password Stuff"), and the service provider just provides the service. We haven't yet gotten it fully operation on our campus, but I know there are other Higher Education places that are leading the way (A&M, UT, Ohio State...). http://shibboleth.internet2.edu/ Adam -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Oscar Knight Sent: Monday, March 03, 2008 8:23 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] 3rd party want to authenticate our users We have 3rd parties that have fully hosted remote applications. The applications are hosted on servers for which we have no administrative access, control, or audit capabilities. The 3rd parties wish to perform the initial authentication, ie the part that requires our unified username and raw password? Note, the "unified" username/password is the username and password our users use to get to EVERYTHING, in some cases statutorily protected data. Of course the 3rd party will use some method to connect to some database at our site to perform the authentication. But the crux of the matter is that the 3rd party has access to the raw password. Comments. Thanks, odk -- Oscar D. Knight knightod at appstate dot edu ITS Voice: 828-262-6946 Appalachian State University, Boone, NC 28608 FAX: 828-262-2236
Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel
Current thread:
- 3rd party want to authenticate our users Oscar Knight (Mar 03)
- <Possible follow-ups>
- Re: 3rd party want to authenticate our users Sealey, Adam L. (Mar 03)
- Re: 3rd party want to authenticate our users Wood, Anne M (wood) (Mar 03)
- Re: 3rd party want to authenticate our users Joel Rosenblatt (Mar 03)
- Re: 3rd party want to authenticate our users Greg Vickers (Mar 04)
- Re: 3rd party want to authenticate our users Basgen, Brian (Mar 07)
- Re: 3rd party want to authenticate our users Morrow Long (Mar 07)