Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2.

Published byAubrey Griffith Modified over 8 years ago

Similar presentations

Presentation on theme: "Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2."— Presentation transcript:

1 Shibboleth Akylbek Zhumabayev September 2008

2 Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2

3 Introduction Started in 2000 by Internet2/MACE Current version: 2.0 (March 19, 2008) http://shibboleth.internet2.edu Open source (Apache2 license) Large projects in 15 countries 3

4 Description Purpose: cross-domain access control Authentication: single sign-on (SSO) Authorization: attribute-based Additional feature: user privacy Platform: SOA - WS technologies Standard: WS-Federation 4

5 WS Standards XML, SOAP, WSDL, UDDI – no comments WS-Addressing: stateful resource behind WS XML-Encryption, XML-Signature: basic security WS-Security: how to carry secure data WS-Policy: how to define settings WS-Trust: how to manage tokens WS-Federation: how to process SAML token 5

6 WS-Federation Contributors: IBM, Microsoft etc. Purpose: cross-domain identity portability Current version: 1.1 (December, 2006) Carrier: SAML token Domain trust: WS-Trust Trust carrier: X.509 6

7 Picture user@X Identity Provider Identity Provider Service Provider Service Provider WAYF LDAP System Domain X Domain Y 1 2 3 Attributes 4 WS-Federation Username/password 7

8 Grid Security GSI: X.509 Certificates Client System CA MyProxy X.509 Entity Certificate Proxy Certificate Certificates 8

9 GridShib user@X Identity Provider Identity Provider GridShib WAYF LDAP System Domain X Grid System 1 2 3 Attributes Profile 4 WS-Federation X.509 9

10 References 1. Website: http://shibboleth.internet2.edu 2. Short introduction: http://iamsect.ncl.ac.uk/deliverables/docs/practical_access/index.html#id2462832 3. Technical Overview: http://grid.ncsa.uiuc.edu/presentations/shibboleth-intro-dec05.ppt 4,5. Integration with Grid: http://www.globus.org/toolkit/presentations/gridshib-pki06-final.pdf http://grid.ncsa.uiuc.edu/GridShib/presentations/GridShib-uk-april05.ppt 6. SAML introduction: https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/2a563903-0b01-0010-b9a1-d3875ff74b32 7. Use Case (article in IEEE): "ShibGrid: Shibboleth Access for the UK National Grid Service" Spence, D.; Geddes, N. http://ieeexplore.ieee.org.ezproxy.rit.edu/iel5/4090056/4090057/04090093.pdf?tp=&arnumber=4090093&isnumber= 4090057 10

Download ppt "Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
MyProxy Jim Basney Senior Research Scientist NCSA

MyProxy Jim Basney Senior Research Scientist NCSA
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Gridshell Web Services Akylbek Zhumabayev. Content Gridshell Architecture Gridshell Mediator Gridshell Client Gridshell Full Picture Security Patterns.

Gridshell Web Services Akylbek Zhumabayev. Content Gridshell Architecture Gridshell Mediator Gridshell Client Gridshell Full Picture Security Patterns.
Security Standards (…and Competing Standards … and Implementations … and Interoperability) Marty Humphrey Assistant Professor Computer Science Department.

Security Standards (…and Competing Standards … and Implementations … and Interoperability) Marty Humphrey Assistant Professor Computer Science Department.
Will Darby 91.514 5 April 2010.  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.

Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
Content provided under the terms and conditions of the Eclipse Public License Version 1.0 2006.06.12 1 Eclipse Foundation - www.eclipse.org Kathy Chan.

Content provided under the terms and conditions of the Eclipse Public License Version Eclipse Foundation - Kathy Chan.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.

Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Will Darby 91.514 5 April 2010.  What is Federated Security  Example Implementations  Security Assertion Markup Language (SAML) Overview  Alternative.

Will Darby April  What is Federated Security  Example Implementations  Security Assertion Markup Language (SAML) Overview  Alternative.
Secure Web Services Akylbek Zhumabayev Rochester Institute of Technologies.

Secure Web Services Akylbek Zhumabayev Rochester Institute of Technologies.
GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.

GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
OFC-B317 Overview Identity Management in Office 365 Synchronization Topics Federation Topics Integration of SAML/OAUTH with Office Works with Office.

OFC-B317 Overview Identity Management in Office 365 Synchronization Topics Federation Topics Integration of SAML/OAUTH with Office Works with Office.
SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.
Federated A(A(A))I Jens Jensen hepsysman, RAL, 20110701.

Federated A(A(A))I Jens Jensen hepsysman, RAL,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Similar presentations

Ads by Google