|
Overview
For information on what exactly Open Passport is you can read its mission statement. This covers its core ideals and how it tries to meet them.
This is rather simplistic though and doesn't really go into depth about why you would want Open Passport in the first place and why it could be a better solution than say Shibboleth or the numerous other offerings that are popping up all over the place.
So to try and cover as many angles as possible, this overview shows the key benefits that each organisation or person using Open Passport would benefit from. Open Passport was originally designed for use in the academic market and this is what we have concentrated on here. Having said that, everything here applies equally well to businesses and large corporations.
- Website Owner
- Website Developer
- College Management
Open Passport was designed originally to be integrated into existing web applications. Open Passport makes no assumptions as to what your application will do with the information it provides. It works by making a simple assertion as to the identity of a particular person and where they are from. For example it might identify a particular user as Joe Bloggs from Anywhere College. What happens next is entirely up to you.
For example Open Passport was initially designed with the Further Education market in mind. Imagine you provide a service to Colleges via your website. Each college pays a licence fee and then students from that college have their own individual accounts from which they can use your resources.
Now, if we also assume that you have 150 colleges and each college has 12,000 active students, you would have to coordinate and maintain approximately 1.8 million user accounts. You'll need to know when to create new accounts, when to change the password and then finally when to remove them from your system. This will obviously involve working with the colleges to extract and maintain all this information. That's a lot of hard work!
This is where Open Passport will save the day! When a student comes to your website from anywhere in the world they can select to login via Open Passport. Once they click the link, Open Passport takes over and handles all the authentication on behalf of the College. This all happens on Open Passport's servers - it requires nothing extra from your application. This is similar to buying a product from a website which then passes you to PayPal or Worldpay to handle the payment details.
If the user authenticates with Open Passport, he will be returned to your website with a token. This is the only extra work your application will need to do. It will take this ticket and present it to Open Passport. Open Passport will then return information about the person who just authenticated. Again for this example let us assume it was Joe Bloggs from Anywhere College.
Now you know who the person is, you can start to make decisions. Does Anywhere College have a valid licence? No? Perhaps a nice message to Joe explaining that currently Anywhere College doesn't subscribe to your service but if he fills in the form, you will contact the College to perhaps arrange a demonstration. Yes? Well then, on to the next step, we know Anywhere College has a licence so let's see what we know about Joe. Is there an account on the system that is linked to his Passport? If so then you can log him in immediately - after all, you know he has already been authenticated, there is no need to check again (unless you want to of course!).
If there isn't a linked account, perhaps he already has one from before Open Passport was set up. No problem, just ask him to login with his old details. This will authenticate him to your site and then you can associate his Passport with his old login. Next time he logs in to the system, the link will show up and he'll be authenticated automatically.
If he doesn't have an account from before, then he can fill in the details and create a new one which will be automatically linked back to his Passport. Again, next time he logs in to your website, he will not need to re-authenticate.
So how does all this help you? Well once your website is Open Passport enabled, you can automate user account creation and association. You also don't need to worry about password management as the passwords are held at and managed by the colleges themselves. In fact you never even see them. It also means that when a user is added by a college to their network, they will be able to authenticate to your website immediately. When the password is changed, again your website will reflect this straight away. When the user is deleted, authentication via Open Passport will stop and so effectively no one will be able to login to the account on your website either.
In all, Open Passport takes care of the headache of user management which can soon become an impossible task to try and manage. It allows colleges to use your website without any long set up periods and gives users instant access without having to wait for someone to set them up individually.
Then you're in luck! Open Passport was designed with your sanity in mind! Open Passport makes no assumptions about how your application works or what it does internally. In fact Open Passport simply provides you with some information about the user such as who they are, where they are from and when they authenticated. You then take this information and decide what to do with it. That's all there is to it really, an authentication system that puts no restrictions or constraints on what you do or how you do it. It doesn't even need you to setup or install any complex software - everything is accessible via SOAP, XMLRPC and standard HTTP forms.
To enable Open Passport you need to do two things. First of all your must provide a link that takes the user to the Open Passport website. You will be given the unique URL to link to. This is so that Open Passport knows where to send the user once they have authenticated.
Secondly you need to set up a URL that will take a GET parameter. This parameter is the ticket number assigned by Open Passport. Using any of the above mentioned techniques you can contact Open Passport and submit the ticket for verification. Open Passport will then provide you with information on the user.
That's it! This is the entire sum of what you will need to do to support Open Passport. With these two things you will be able to receive authentication details. Of course what you do next is restricted only by your imagination!
Then Open Passport will make you very happy indeed! Do you know how much staff and student time is wasted due to username and password related issues? How many students can't login to an important website and waste half their lesson trying to sort it out. How often do students find that they haven't been added to the website or that their password hasn't been updated? Considering the thousands of students that will be using these resources, it is likely that this will prove a constant and expensive battle.
For example most websites that require student logins also require colleges to submit new lists of usernames and passwords in CSV format to them for processing. This is a batch job and so by definition is never up to date. In fact it is normal for a college to only submit this file once a week. This will cause a long delay for new students and for those who are waiting on a password reset. Although it is true that some sites provide a way to update or edit individual students, this eats into staff and student time.
Of course even if this file were submitted daily, it is unlikely that the passwords in the file will always (if ever) match the ones used on the college network. When a student changes their network password, it won't be reflected on the websites that they use. This means they have to remember another password which can sometimes be several generations from the one they're now using on the network. This leads to more forgotten passwords and more wasted time.
Each website will also have different file format or perhaps a different procedure to submit the information. This means a college will have to put new procedures and practices in place and then find the time to follow them up - not to mention trying to get all the files to contain the same information. It can become a real headache!
Open Passport will relieve you of this pain. Open Passport securely authenticates against college resources such as an intranet or an email system. As these systems are already in place, there are no additional security considerations with regards to using Open Passport - it simply uses what is already there!
By checking against these resources Open Passport effectively provides live authentication to any website that is also Open Passport enabled. Open Passport handles authentication on your behalf and requires no additional overhead or staff time. It really does 'just work'!
This removes all overhead with regards to dealing with external websites. A student will authenticate using the same username and password they use to access the college network. If they change that password, all the Open Passport websites will now only accept this new password - this happens instantly, there are no delays or catch up periods. When a new student is added on the network, they can immediately authenticate to external websites. As soon as a student is removed, their access to those websites via Open Passport will also be instantly cancelled.
Open Passport is a real solution that is designed to meet all of your requirements! Why not try it today?
|
