The the software created is based on the already existing open source software samlidp.io (https://github.com/samlidp/samlidp.io). This software does already include a sound code base and was already used in production at samlidp.io Technologies: PHP, Simphony, SimpleSAMLphp Solution design: The following key concepts and assumptions are taken into account by designing a solution: - Remote user database
An important architecture decision is to provide an interface to use a remote user database to provide user accounts to the system. The initial version will integrate only Microsoft Active Directoy (AD) and OpenLDAP (LDAP), because they are expected to be the most common choice and even available in small organizations, which are the main target group of the service. Several solutions were designed for the connection of remote databases (Remote user database solution design), which will be analyzed within the scope of the activity. - Local user database
Additionally to the option to use a remote database, there will be an integrated local user database including user management. This offer is aimed in particular at very small organisations, which have no user management in place right now. The user management offered will be a closed system, i.e. the customer will not have access to the user database. User administration is only possible via the integrated user administration. This ensures that the user data is managed correctly. If a customer wants to access the user data directly, a remote user database must be used under his control. - Hosting
The software is intended to be hosted by NRENS to provide a service to institutions within their federation. Regardless of the implemented user management system, the software will at least process user data even if they are not stored locally. In terms of data protection regulations, this makes the NREN a data processor. This means the NREN must implement appropriate security measures and host the software in a secure environment. The Incubator will provide the software only, no support or hosting guidelines will be provided. The institutions will remain the data controllers and therefore responsible for handling and managing their user data according to law.
|