Office 365 and Rich Client Support in a federated environment, solved by proxies, can this scale to solve other problems
DATE: 20 November 2012
TIME: 15:00-15:45
ROOM: Alternative
TOPIC: Proxies in a federation environment
CONVENER: Joost
SCRIBE: Brook
# of ATTENDEES: Roland vRW, Martin, Klaas, Ajay, Lukas
MAIN ISSUES DISCUSSED
- Clients (humans) are happy when Google stores an additional password to provide the service.
- Users are "educated" to put their password everywhere!!!
- Helpdesks try to educate users to avoid phishing attacks.
- Applications don't support SAML/SASL or SAML-ECP.
- OAuth is a better model than long term replayable key.
- Constrained by the install base.
- Long term solutions will emerge and be deployed (Moonshot).
- Clients (IdPs) want a scalable solution.
- As an alternative to storing passwords in O365:
- password' provided to user + O365 talks to proxy which uses alternative UserDB.
- user talks to IMAP proxy + proxy verifies auth to Home UserDB + proxies IMAP to O365.
- currently a PoC with TUDelft.
- Need to do the same with Google Apps.
- Offering these interim solutions might halt providers solving the problem correctly.
ACTIVITIES GOING FORWARD / NEXT STEPS
- Engage the enterprise space to encourage Microsoft.
- Develop a Proof of Concept proxy on top of simpleSAMLphp which supports XMPP, IMAP, SIP to encourage commercial solutions providers to adopt.
RESOURCES
If slides, websites or other pointers for information are used in the session, please attach them to this page or send them to the secretary for posting.
If you don't have an account on the TERENA wiki you can post your notes as a comment to this page - and they'll be incorporated into the notes and then deleted.