Sep 17 – 21, 2012
Clarion Conference Centre
Europe/Prague timezone

Integrating non-web based services with identity federations

Sep 19, 2012, 3:10 PM
Nadir (Clarion Conference Centre)


Clarion Conference Centre

Presentation Resource Infrastructure services (Peter Solagna: track leader) AAI Workshop


Jens Koehler

Description of the work

Additionally, it is preferable to hook non web-based services into (web-based) federations that have already been established. In this talk we present FACIUS (Federated Access Control Integration for Universal Services), an approach to integrate non web-based services into widely deployed SAML federations. The focus of our concept lies on deployability, i.e., the minimization of interference with existing service deployments, the perpetuation of usabilty and the immutabilty of already deployed SAML identity providers. The approach has already been successfully applied to federate SSH access to cluster/grid ressources based on a SAML federation consisting of nine universities of the state of Baden-Württemberg (Germany) in the context of the bwIDM project.

Wider impact of this work


Printable Summary

Federated authentication and authorisation infrastructures (AAIs) for web-based services are already well established and yield advantages such as enhanced usability and improved quality of identity information. Non web-based services such as grid resources could benefit from federated identity management in a similiar way web-based services do. However, web-based approaches such as the Security Assertion Markup Language (SAML) commonly rely on the versatile user interface as well as the HTTP protocol implementation of web browsers and are thus not seamlessly applicable for non web-based services. Furthermore, a clean slate approach to build federation technologies for non web-based services is not viable, as it has to be taken into account that most services to be federated are already deployed and operational.

Primary author

Presentation materials