More and more institutions are asking SURFnet how to open up a back-end data store to the general public. If there is only one trusted party requiring access to a data set, this is no major problem: simply provide the relevant party with a username and password and they can use these credentials to gain access to the data via a secure https:// connection.
“Every solution to every problem is simple. It’s the distance between the two where the mystery lies.” ― Derek Landy, Skulduggery Pleasant After my first blog on how to make logging out possible for a single service within the SURFconext platform, we got some feedback on the proposed solution:
nice job, this works for us
we don’t like this solution, because it’s not single sign-out
will there be a ‘real solution’ for the single sign-out problem instead of this ‘work around’?
In a previous post, I wrote about the use of so called “rich” or “enhanced” clients in a Web SSO federation like SURFconext. The message I was trying to get across was primarily that the problems encountered using rich clients in a federation are not caused by the fact that federations do not support rich clients, but rich clients do not support federation (any federation – they simply assume users authenticate using a username and a password).
With the recent release of smart watches from established device manufacturers like Sony, Samsung, and Qualcomm I’m very interested in the potential use (or misuse) of this wearable technology in the field of higher education and research. What flavors are out there, what does it do, who is using it or will use it and can this technology enhance a field where the ink of the BYO(mobile)D policy document is still wet?
One of the best features of SURFconext is the support of single sign-on, which means that once you have entered your credentials to use a service connected to the SURFconext platform, you do not have to repeat this when you want to use another service that is also connected to SURFconext. This makes the user experience easier and faster.
Ik wil even een misverstand uit de weg ruimen. Iedereen heeft het over NAT en de problemen die daarbij optreden ten aanzien van het vinden van machines in het interne netwerk. Dat zou echter bij NAT niet het geval moeten zijn. NAT is namelijk Network Address Translation waarbij interne adressen 1-op-1 vertaald worden naar externe adressen. Als een extern adres, van de organisatie, bekend is, is uit de vertaaltabel te achterhalen wat het interne adres is.
For most people, Green ICT is about reducing the impact of ICT on the environment. It is about reducing the energy use of computers, servers and data centers. You might even consider the whole life cycle of ICT equipment and look at the rare material use or think about e-waste and recycling. However, ICT is not only part of the problem of our environmental impact, it is also part of the solution.
If, like us, you use an HSM to store your DNSSEC key material you may know that it is important to monitor memory usage in your HSM; with a typical DNSSEC key management scheme you may have as many as 5 keys active per signed domain. This can be a burden on your HSM, especially if it has a limited amount of storage like ours do.
Wat is IRMA?
Sinds begin 2012 werkt SURFnet samen met de Radboud Universiteit, TNO en SIDN in een project dat luistert naar de naam ‘IRMA’. In deze blogpost willen we wat meer vertellen over dit project en de onderliggende technologie.
SURFconext combines all sorts of technologies in a single collaboration platform, and when all these technologies are working in concert, that’s when SURFconext really shines. But the interweaving of those technologies can also make SURFconext seem complex and daunting at times. In this post I’ll try to shed some light on one of the most important pieces of the SURFconext jigsaw: the Security Assertion Markup Language, or SAML for short.
