Breakout Session Details - Session 2


  • Who are my Users? - the SMART project
In this talk, Lukasz will introduce the SMART project conducted at Newcastle University. SMART aims to develop an online data access management system based on the User-Managed Access (UMA) protocol, a newly proposed technology that builds on OAuth that is incubated in the Kantara Initiative. Lukasz will introduce UMA and discuss Higher Education (HE) case studies for this new technology. He will also present progress on SMART UMA implementation and present a demo of the proposed solution. Additionally, Lukasz will discuss initial results of the conducted User Experience study of User-Managed Access and our prototype software. An overview of involvement in the User-Managed Access Work Group will be given as well.

  • Who Are my Users? - JISC Collections and BCE
Download the presentation here



  • Seamless SSO: Integrating the Shibboleth IdP with our home-grown Portal’s authentication
This session will describe how, at the University of Stirling, we have integrated our Shibboleth IdP’s authentication with our home-grown portal’s authentication using the IdP’s Remote User Handler and a Servlet Filter. This integration means that, once logged on to our portal, users can access Shibboleth protected resources without having to re-authenticate, and the use of WAYFless links from our Library’s A-Z list means single click access to resources for portal authenticated users.  In addition, our portal also makes use of Windows Integrated Authentication, which means that, once logged on to a machine, users on campus can access the portal without (re)entering their credentials - this, coupled with the IdP’s integration with portal authentication and the Library A-Z list, provides totally seamless, single click SSO access to Shibboleth protected resources for on campus users.
  • The WSTIERIA Project – A Web of Services
More and more of the functionality behind the web sites and applications we use today is being delivered by web services invoked by plain HTTP requests (as opposed to more complex protocols like SOAP).  These proliferating web-scale APIs generally either do not require authentication, or use limited, application-specific systems (developer API keys, traditional SP-issued username and password, or IP-address checking).  At present they do not integrate naturally with federated authentication systems

The WSTIERIA project has been investigating two approaches to marrying such web services with the kind of SAML-based authentication systems used within the UK federation.  The first involves a “façade” to handle authentication separately from the underlying, protected web service.  This permits the use of federated authentication for an existing web service without directly modifying its code.  The second approach uses recently introduced features of the Shibboleth software that enable a web site run by one SP to invoke web services provided by other SPs on behalf of a logged-in user, with the invoked web services having controlled access to that user’s attributes.


  • Not for the faint hearted
This session will be your opportunity to hear more about FAM from the bleeding edge of development.  Experts in their field Chad La Joie, Ian Young and Rhys Smith will take you through some of the complexities of their work, including developments in metadata aggregration, the Moonshot project, zombies and the problems faced when trying to integrate with other SSO models.  It really won't be for the faint hearted...

Download Ian's slides here.
Download Chad's slides here