SlideShare ist ein Scribd-Unternehmen logo

Authentication options for Open edX: focus on OAuth and OpenID

Frederik Questier
Frederik Questier

F. Questier, Authentication options for Open edX: focus on OAuth and OpenID, presentation for the Erasmus+ MarMOOC project, Universidade de Vigo, Spain, 04/04/2018

Bildung
1 von 25
Downloaden Sie, um offline zu lesen
Federated identity: a technological overview (part II/II) Authentication options for Open edX: focus on OAuth and OpenID Prof. dr. Frederik Questier Vrije Universiteit Brussel Presented at Universidade de Vigo, Spain, April 2018 Project No. 573583-EPP-1-2016-1-ES-EPPKA2-CBHE-SP (2016-2558/001-001)
Who needs access to your Open edX server?
Who needs access to your Open edX server?
Who do you need to authenticate / identify? ➢ Authentication: could be self-registration ➢ Identification: real name
Open edX ➢ Supported Identity Providers ➢ OAuth2, OAuth1 ➢ Google, Facebook, LinkedIn, Microsoft Azure AD (365),… ➢ SAML 2 / Shibboleth ➢ Learning Tools Interoperability (LTI) ➢ Provisionally Supported Identity Providers ➢ OpenID ➢ Apache-hosted Shibboleth ➢ SSL client certificates ➢ Central Authentication Service (CAS)
Open standards Development history 2005 2007 2012 2014 OpenID OpenID2 OpenID Connect Oauth OAuth2
is an authentication layer on top of
Use cases designed for? ➢ OpenID ➢ Federated authentication ➢ Login at site B with your credentials from site A (identity provider) without giving B your password. ➢ E.g. login at edX by verifying at Google. ➢ Oauth ➢ Delegated authorization ➢ Authorize app/site B to access your data at site A without giving B your password. ➢ E.g. allow mobile edX app access to your edX server data
In practice, also by Open edX, ... ➢ OAuth is often abused for pseudo-authentication ➢ Possible ➢ But requires custom code for each authorization provider. ➢ Well known for the famous ones like Google and Facebook ➢ Provided by Open edX
Here is the Here you go Google – The Identity Provider Here is the Here you go Google – The Identity Provider OpenID Authentication vs. Pseudo-Authentication using OAuth adapted from a drawing by @_nat_en *valet key = limited scope OAuth Token & the API Provider Who are YOU? Send me a notarized referral letter. Give me the valet key* to your house (account) so that I know you are the owner of the house Please issue me a valet key* for the core APIs valet key* certificate Please write a referral stating that I'm user@gmail name: Real Name email: user@gmail notary: Google name: Real Name email: user@gmail notary: Google
OpenID = user-centric :) ➢ Dream: login everywhere with your preferred identity provider or with your own URL ➢ e.g. login by writing “http://questier.com“ ➢ = my server that runs openid identity server ➢ or that has rel-link to http://questier.myopenid.com
The user-centric dream killed :( ➢ 2014 MyOpenID shuts down ➢ Facebook OpenID connect → Facebook Connect ➢ 2018 Stackexchange OpenID support shuts down
Recommendation 1 Check which of these Open edX solutions fit your institutional identity provider ➢ Supported Identity Providers ➢ OAuth2, OAuth1 ➢ Google, Facebook, LinkedIn, Microsoft Azure AD (365),… ➢ SAML 2 / Shibboleth ➢ Learning Tools Interoperability (LTI) ➢ Provisionally Supported Identity Providers ➢ OpenID ➢ Apache-hosted Shibboleth ➢ SSL client certificates ➢ Central Authentication Service (CAS)
Recommendation 2 Check Open edX manual
Recommendation 3 Consider if you want to identify MarMOOC members or others
Additional copyright credits ➢ https://commons.wikimedia.org/wiki/File:OpenIDvs.Pseudo-AuthenticationusingOAuth.svg CC0 ➢ Social Icons by Iconshock http://www.iconshock.com/social-icons/
This presentation was made with 100% Free Software No animals were harmed Questier.com Frederik AT Questier.com www.linkedin.com/in/fquestie www.diigo.com/user/frederikquestier www.slideshare.net/Frederik_Questier Q uestions? Merci!

Empfohlen

An Introduction to OpenID
An Introduction to OpenIDAn Introduction to OpenID
An Introduction to OpenIDMax Manders
 
Open learning Experiences from the MarMOOC project
Open learning Experiences from the MarMOOC projectOpen learning Experiences from the MarMOOC project
Open learning Experiences from the MarMOOC projectFrederik Questier
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
OpenID Foundation/Open Banking Workshop - OpenID Foundation OverviewOpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
OpenID Foundation/Open Banking Workshop - OpenID Foundation OverviewMikeLeszcz
 
Securing .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applicationsSecuring .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applicationsNETUserGroupBern
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
Authentication with zend framework
Authentication with zend frameworkAuthentication with zend framework
Authentication with zend frameworkGeorge Mihailov
 

Empfohlen

An Introduction to OpenID
An Introduction to OpenIDAn Introduction to OpenID
An Introduction to OpenIDMax Manders
 
Open learning Experiences from the MarMOOC project
Open learning Experiences from the MarMOOC projectOpen learning Experiences from the MarMOOC project
Open learning Experiences from the MarMOOC projectFrederik Questier
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
OpenID Foundation/Open Banking Workshop - OpenID Foundation OverviewOpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
OpenID Foundation/Open Banking Workshop - OpenID Foundation OverviewMikeLeszcz
 
Securing .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applicationsSecuring .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applicationsNETUserGroupBern
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
Authentication with zend framework
Authentication with zend frameworkAuthentication with zend framework
Authentication with zend frameworkGeorge Mihailov
 
PayPal Access GDG DevFest
PayPal Access GDG DevFestPayPal Access GDG DevFest
PayPal Access GDG DevFestPayPal
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET CoreNETUserGroupBern
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)Torsten Lodderstedt
 
Accessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webAccessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webFelix Arntz
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Aaron Ralls
 
OAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootOAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootGeert Pante
 
Auth proxy pattern on Kubernetes
Auth proxy pattern on KubernetesAuth proxy pattern on Kubernetes
Auth proxy pattern on KubernetesMichał Wcisło
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)Torsten Lodderstedt
 
Steam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explainedSteam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explainedinovia
 
Authenticator and provisioning connector in wso2 Identity Server
Authenticator and provisioning connector in wso2 Identity ServerAuthenticator and provisioning connector in wso2 Identity Server
Authenticator and provisioning connector in wso2 Identity ServerRajendram Kathees
 
OAuth 2.0
OAuth 2.0 OAuth 2.0
OAuth 2.0 marcwan
 
OAuth2 Best Practices in Native Apps
OAuth2 Best Practices in Native AppsOAuth2 Best Practices in Native Apps
OAuth2 Best Practices in Native AppsJeff Fontas
 
Codemash-2017
Codemash-2017Codemash-2017
Codemash-2017Kevin Cody
 
Authenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 isAuthenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 isH Mohammed Rajjaz
 
Implementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking SiteImplementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking SiteDavid Keener
 
Openid+Opensocial
Openid+OpensocialOpenid+Opensocial
Openid+OpensocialSebastiano Merlino (eTr)
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenIDFoundation
 
AdWords API and OAuth 2.0
AdWords API and OAuth 2.0AdWords API and OAuth 2.0
AdWords API and OAuth 2.0marcwan
 
Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFrederik Questier
 
OER & Copyrights
OER & CopyrightsOER & Copyrights
OER & CopyrightsFrederik Questier
 

Weitere ähnliche Inhalte

Ähnlich wie Authentication options for Open edX: focus on OAuth and OpenID

PayPal Access GDG DevFest
PayPal Access GDG DevFestPayPal Access GDG DevFest
PayPal Access GDG DevFestPayPal
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET CoreNETUserGroupBern
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)Torsten Lodderstedt
 
Accessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webAccessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webFelix Arntz
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Aaron Ralls
 
OAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootOAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootGeert Pante
 
Auth proxy pattern on Kubernetes
Auth proxy pattern on KubernetesAuth proxy pattern on Kubernetes
Auth proxy pattern on KubernetesMichał Wcisło
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)Torsten Lodderstedt
 
Steam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explainedSteam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explainedinovia
 
Authenticator and provisioning connector in wso2 Identity Server
Authenticator and provisioning connector in wso2 Identity ServerAuthenticator and provisioning connector in wso2 Identity Server
Authenticator and provisioning connector in wso2 Identity ServerRajendram Kathees
 
OAuth 2.0
OAuth 2.0 OAuth 2.0
OAuth 2.0 marcwan
 
OAuth2 Best Practices in Native Apps
OAuth2 Best Practices in Native AppsOAuth2 Best Practices in Native Apps
OAuth2 Best Practices in Native AppsJeff Fontas
 
Authenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 isAuthenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 isH Mohammed Rajjaz
 
Implementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking SiteImplementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking SiteDavid Keener
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenIDFoundation
 
AdWords API and OAuth 2.0
AdWords API and OAuth 2.0AdWords API and OAuth 2.0
AdWords API and OAuth 2.0marcwan
 

Ähnlich wie Authentication options for Open edX: focus on OAuth and OpenID (20)

PayPal Access GDG DevFest
PayPal Access GDG DevFestPayPal Access GDG DevFest
PayPal Access GDG DevFest
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET Core
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)
 
Accessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webAccessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) web
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4
 
OAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootOAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring Boot
 
Auth proxy pattern on Kubernetes
Auth proxy pattern on KubernetesAuth proxy pattern on Kubernetes
Auth proxy pattern on Kubernetes
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)
 
Steam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explainedSteam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explained
 
Authenticator and provisioning connector in wso2 Identity Server
Authenticator and provisioning connector in wso2 Identity ServerAuthenticator and provisioning connector in wso2 Identity Server
Authenticator and provisioning connector in wso2 Identity Server
 
OAuth 2.0
OAuth 2.0 OAuth 2.0
OAuth 2.0
 
OAuth2 Best Practices in Native Apps
OAuth2 Best Practices in Native AppsOAuth2 Best Practices in Native Apps
OAuth2 Best Practices in Native Apps
 
Codemash-2017
Codemash-2017Codemash-2017
Codemash-2017
 
Authenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 isAuthenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 is
 
Implementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking SiteImplementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking Site
 
Openid+Opensocial
Openid+OpensocialOpenid+Opensocial
Openid+Opensocial
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018
 
AdWords API and OAuth 2.0
AdWords API and OAuth 2.0AdWords API and OAuth 2.0
AdWords API and OAuth 2.0
 

Mehr von Frederik Questier

Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFrederik Questier
 
Plagiarism prevention and detection
Plagiarism prevention and detectionPlagiarism prevention and detection
Plagiarism prevention and detectionFrederik Questier
 
Open e-learning - MarMOOC experiences - Cuba
Open e-learning - MarMOOC experiences - CubaOpen e-learning - MarMOOC experiences - Cuba
Open e-learning - MarMOOC experiences - CubaFrederik Questier
 
Open learning experiences from the MarMOOC project presented at BDU
Open learning experiences from the MarMOOC project presented at BDUOpen learning experiences from the MarMOOC project presented at BDU
Open learning experiences from the MarMOOC project presented at BDUFrederik Questier
 
Open learning Experiences from the MarMOOC project (presented at UHo)
Open learning Experiences from the MarMOOC project (presented at UHo)Open learning Experiences from the MarMOOC project (presented at UHo)
Open learning Experiences from the MarMOOC project (presented at UHo)Frederik Questier
 
E-learning design models - Primer for (educational) technologists
E-learning design models - Primer for (educational) technologistsE-learning design models - Primer for (educational) technologists
E-learning design models - Primer for (educational) technologistsFrederik Questier
 
New learning paradigms and learning technologies
New learning paradigms and learning technologiesNew learning paradigms and learning technologies
New learning paradigms and learning technologiesFrederik Questier
 
Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...
Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...
Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...Frederik Questier
 
Students' Experiential Knowledge Production in the Teaching-Learning Process ...
Students' Experiential Knowledge Production in the Teaching-Learning Process ...Students' Experiential Knowledge Production in the Teaching-Learning Process ...
Students' Experiential Knowledge Production in the Teaching-Learning Process ...Frederik Questier
 
Institutional strategies for educational innovation and e-learning
Institutional strategies for educational innovation and e-learningInstitutional strategies for educational innovation and e-learning
Institutional strategies for educational innovation and e-learningFrederik Questier
 
New learning paradigms and technologies
New learning paradigms and technologiesNew learning paradigms and technologies
New learning paradigms and technologiesFrederik Questier
 
Free & Open Source Software (2017 update)
Free & Open Source Software (2017 update)Free & Open Source Software (2017 update)
Free & Open Source Software (2017 update)Frederik Questier
 
Challenges for 21st century education and blended learning
Challenges for 21st century education and blended learningChallenges for 21st century education and blended learning
Challenges for 21st century education and blended learningFrederik Questier
 
(Disruptive) innovations: education and society
(Disruptive) innovations: education and society(Disruptive) innovations: education and society
(Disruptive) innovations: education and societyFrederik Questier
 

Mehr von Frederik Questier (20)

Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software Development
 
OER & Copyrights
OER & CopyrightsOER & Copyrights
OER & Copyrights
 
Plagiarism prevention and detection
Plagiarism prevention and detectionPlagiarism prevention and detection
Plagiarism prevention and detection
 
FLOSS strategies & policies
FLOSS strategies & policiesFLOSS strategies & policies
FLOSS strategies & policies
 
Computer & Data Security
Computer & Data SecurityComputer & Data Security
Computer & Data Security
 
Open e-learning - MarMOOC experiences - Cuba
Open e-learning - MarMOOC experiences - CubaOpen e-learning - MarMOOC experiences - Cuba
Open e-learning - MarMOOC experiences - Cuba
 
Open learning experiences from the MarMOOC project presented at BDU
Open learning experiences from the MarMOOC project presented at BDUOpen learning experiences from the MarMOOC project presented at BDU
Open learning experiences from the MarMOOC project presented at BDU
 
Open learning Experiences from the MarMOOC project (presented at UHo)
Open learning Experiences from the MarMOOC project (presented at UHo)Open learning Experiences from the MarMOOC project (presented at UHo)
Open learning Experiences from the MarMOOC project (presented at UHo)
 
FLOSS development
FLOSS developmentFLOSS development
FLOSS development
 
E-learning design models - Primer for (educational) technologists
E-learning design models - Primer for (educational) technologistsE-learning design models - Primer for (educational) technologists
E-learning design models - Primer for (educational) technologists
 
MOOCs & Openness
MOOCs & OpennessMOOCs & Openness
MOOCs & Openness
 
New learning paradigms and learning technologies
New learning paradigms and learning technologiesNew learning paradigms and learning technologies
New learning paradigms and learning technologies
 
Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...
Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...
Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...
 
Students' Experiential Knowledge Production in the Teaching-Learning Process ...
Students' Experiential Knowledge Production in the Teaching-Learning Process ...Students' Experiential Knowledge Production in the Teaching-Learning Process ...
Students' Experiential Knowledge Production in the Teaching-Learning Process ...
 
Institutional strategies for educational innovation and e-learning
Institutional strategies for educational innovation and e-learningInstitutional strategies for educational innovation and e-learning
Institutional strategies for educational innovation and e-learning
 
New learning paradigms and technologies
New learning paradigms and technologiesNew learning paradigms and technologies
New learning paradigms and technologies
 
Free & Open Source Software (2017 update)
Free & Open Source Software (2017 update)Free & Open Source Software (2017 update)
Free & Open Source Software (2017 update)
 
Challenges for 21st century education and blended learning
Challenges for 21st century education and blended learningChallenges for 21st century education and blended learning
Challenges for 21st century education and blended learning
 
FLOSS & OER
FLOSS & OERFLOSS & OER
FLOSS & OER
 
(Disruptive) innovations: education and society
(Disruptive) innovations: education and society(Disruptive) innovations: education and society
(Disruptive) innovations: education and society
 

Kürzlich hochgeladen

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 

Kürzlich hochgeladen (20)

Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 

Authentication options for Open edX: focus on OAuth and OpenID

  • 1. Federated identity: a technological overview (part II/II) Authentication options for Open edX: focus on OAuth and OpenID Prof. dr. Frederik Questier Vrije Universiteit Brussel Presented at Universidade de Vigo, Spain, April 2018 Project No. 573583-EPP-1-2016-1-ES-EPPKA2-CBHE-SP (2016-2558/001-001)
  • 2. Who needs access to your Open edX server?
  • 3. Who needs access to your Open edX server?
  • 4. Who do you need to authenticate / identify? ➢ Authentication: could be self-registration ➢ Identification: real name
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10. Open edX ➢ Supported Identity Providers ➢ OAuth2, OAuth1 ➢ Google, Facebook, LinkedIn, Microsoft Azure AD (365),… ➢ SAML 2 / Shibboleth ➢ Learning Tools Interoperability (LTI) ➢ Provisionally Supported Identity Providers ➢ OpenID ➢ Apache-hosted Shibboleth ➢ SSL client certificates ➢ Central Authentication Service (CAS)
  • 11. Open standards Development history 2005 2007 2012 2014 OpenID OpenID2 OpenID Connect Oauth OAuth2
  • 12. is an authentication layer on top of
  • 13.
  • 14. Use cases designed for? ➢ OpenID ➢ Federated authentication ➢ Login at site B with your credentials from site A (identity provider) without giving B your password. ➢ E.g. login at edX by verifying at Google. ➢ Oauth ➢ Delegated authorization ➢ Authorize app/site B to access your data at site A without giving B your password. ➢ E.g. allow mobile edX app access to your edX server data
  • 15. In practice, also by Open edX, ... ➢ OAuth is often abused for pseudo-authentication ➢ Possible ➢ But requires custom code for each authorization provider. ➢ Well known for the famous ones like Google and Facebook ➢ Provided by Open edX
  • 16. Here is the Here you go Google – The Identity Provider Here is the Here you go Google – The Identity Provider OpenID Authentication vs. Pseudo-Authentication using OAuth adapted from a drawing by @_nat_en *valet key = limited scope OAuth Token & the API Provider Who are YOU? Send me a notarized referral letter. Give me the valet key* to your house (account) so that I know you are the owner of the house Please issue me a valet key* for the core APIs valet key* certificate Please write a referral stating that I'm user@gmail name: Real Name email: user@gmail notary: Google name: Real Name email: user@gmail notary: Google
  • 17. OpenID = user-centric :) ➢ Dream: login everywhere with your preferred identity provider or with your own URL ➢ e.g. login by writing “http://questier.com“ ➢ = my server that runs openid identity server ➢ or that has rel-link to http://questier.myopenid.com
  • 18. The user-centric dream killed :( ➢ 2014 MyOpenID shuts down ➢ Facebook OpenID connect → Facebook Connect ➢ 2018 Stackexchange OpenID support shuts down
  • 19.
  • 20.
  • 21. Recommendation 1 Check which of these Open edX solutions fit your institutional identity provider ➢ Supported Identity Providers ➢ OAuth2, OAuth1 ➢ Google, Facebook, LinkedIn, Microsoft Azure AD (365),… ➢ SAML 2 / Shibboleth ➢ Learning Tools Interoperability (LTI) ➢ Provisionally Supported Identity Providers ➢ OpenID ➢ Apache-hosted Shibboleth ➢ SSL client certificates ➢ Central Authentication Service (CAS)
  • 23. Recommendation 3 Consider if you want to identify MarMOOC members or others
  • 25. This presentation was made with 100% Free Software No animals were harmed Questier.com Frederik AT Questier.com www.linkedin.com/in/fquestie www.diigo.com/user/frederikquestier www.slideshare.net/Frederik_Questier Q uestions? Merci!