Presentation on theme: "WebISO PanelEducause SAC 2003 1 Implementing Single Sign On Technologies for Campus Portals Panel Nathan Dors, Project Lead Security/Middleware Unit Univ."— Presentation transcript:
WebISO PanelEducause SAC 2003 1 Implementing Single Sign On Technologies for Campus Portals Panel Nathan Dors, Project Lead Security/Middleware Unit Univ. of Washington Dors@cac.washington.edu Mike Pickett, Deputy CIO, Duke Mike.Pickett@duke.edu Jack Suess, CIO, UMBC, firstname.lastname@example.org http://userpages.umbc.edu/~jack/talks/SAC2003 Copyright 2003. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non- commercial, educational purposes, provided that this copyright appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the authors.
WebISO PanelEducause SAC 2003 2 What is a WebISO? A Web-based initial sign on (WebISO) provides an authentication mechanism to support a single sign on across a variety of Web-based applications, including portals, learning management systems, ERP, and others that fall outside of central IT, including 3rd party applications.
WebISO PanelEducause SAC 2003 3 When Did Your University Develop its WebISO? Washington - Pubcookie was released in 1997 UMBC- WebAuth released in August 2000 Duke - Webauth released in July 2001.
WebISO PanelEducause SAC 2003 4 What is the Authentication Service for Your WebISO Washington - Kerberos, SecurID Duke - Kerberos, LDAP, DCE UMBC - LDAP, Kerberos, custom
WebISO PanelEducause SAC 2003 5 What Alternatives Were Considered Before Developing Your Own? Washington - None. Duke - Started with a commercial product, SnareWorks, for web registration. Cost and performance were factors that led to developing their own product. UMBC - None. However in 2001 we did look at Oblix as a possible choice. Cost and flexibility were the factors against changing.
WebISO PanelEducause SAC 2003 6 Does Your Campus Have A Portal? If So, How Does the WebISO Fit In? UMBC - WebISO is the glue that holds together our homegrown 1st generation portal. Looking at myEAI, BB6, and uPortal. Washington - myUW homegrown portal but looking at uPortal. Duke - looking at uPortal but presently uses WebISO to provide access to many applications
WebISO PanelEducause SAC 2003 7 What Are the Most Important Applications Using the WebISO? Duke - Blackboard, ACES, PeopleSoft 8, WebMail, Net registration UMBC - Portal, Blackboard, Webmail, and ERP in terms of logins. Washington - myUW, have 1210 unique applications.
WebISO PanelEducause SAC 2003 8 Do Other Groups on Campus Use the WebISO? Duke - Broadly used across campus. Washington - 210 servers are using pubcookie with about half outside of central IT. UMBC- Just a few on-campus groups. One external 3rd party (one-card) uses this.
WebISO PanelEducause SAC 2003 9 How do you Insure Uptime of the Service Washington - clustering with DNS round-robin. UMBC - In is treated in same class as DNS and Kerberos. Uptime is handled through redundancy, load balancing, and proactive monitoring (netsaint). Duke - Redundant servers, DNS round-robin, monitoring tools
WebISO PanelEducause SAC 2003 10 Haw have you Handled Proxy and 3-Tier Login Washington - Yes for Proxy. 3-Tier not implemented in this release, CMU has done some work with this. Duke - Yes for proxy. 3-tier for Kerberos/DCE services UMBC - Yes for proxy. Not yet for 3-tier login Yales CAS provides a good solution to 3-Tier.
WebISO PanelEducause SAC 2003 11 Is WebISO Development Still Happening? If So, Please Describe. Duke - Yes. Watermarking the authentication page. Washington - Yes. come to tutorial on Wednesday:-) UMBC - Yes. Recent work has been PeopleSoft servlet. ERP auditing issues required additional functionality for password aging and management. We are also looking at.Net interface for Windows 2000 and a Cold-Fusion servlet.
WebISO PanelEducause SAC 2003 12 Were There Any Disappointments or Issues You Want Others to Avoid? ALL - Dont bother to write your own WebISO! Washington - Would like to add attributes and remove DNS limitations (Washington.edu) Duke - Put a lot of effort and cost into SnareWorks but learned valuable lessons. UMBC - Success is never final. Campus expects us to be able to integrate our WebISO across everything and are disappointed if we dont.
WebISO PanelEducause SAC 2003 13 Resources Pubcookie - pubcookie.org Duke - webauth.duke.edu UMBC - http://www.umbc.edu/oit/syssw/WebAuth/ Internet2 - http://middleware.internet2.edu/webiso Yale - CAS http://www.yale.edu/tp/cas/ Nathan will have a tutorial session on Pubcookie and Shibboleth at Snowmass on Wednesday at 8:30 Slides: http://userpages.umbc.edu/~jack/talks/SAC2003