Shibboleth Project at GSU

Slides:

Advertisements

Similar presentations

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Advertisements

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

A.Vandenberg August 7, 2001 HE PKI Summit State of Georgia and PKI Art Vandenberg Director, Advanced Campus Services Information Systems & Technology.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

Shibboleth: EBSCOhost implementation Lech Wojtowicz Director of Software Development EBSCO Publishing Access 2003 October 3, 2003.

Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 1 Georgia State University Sharing Resources – Sharing.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

Mairéad Martin The University of Tennessee September 13, 2015 Federated Digital Rights Management.

7 October 2015 Shibboleth. Agenda  Shibboleth Background and Status  Why is Shibboleth Important (to Higher Ed)?  Current Pilots Course Management.

Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?

Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.

Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

Shibboleth A Federated Approach to Authentication and Authorization Fed/Ed PKI Meeting June 16, 2004.

Shibboleth for Real Dave Kennedy

Internet2 CAMP Shibboleth Scott Cantor (Hey, that’s my EPPN too.) Tom Dopirak Scott Cantor (Hey, that’s my.

FEDERATIONS Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO September 27,

Shibboleth Update Advanced CAMP 7/31/02 RL “Bob” Morgan, Washington Steven Carmody, Brown Scott Cantor, Ohio State Marlena Erdos, IBM/Tivoli Michael Gettes,

Shibboleth Authenticate Locally, Act Globally A Penn State Case Study Renee’ Shuey May 4, 2004 ITS – Emerging Technologies.

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Shibboleth: An Introduction

Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.

Shibboleth Access Management System Walter Hoehn & David Millman, Columbia University.

Holly Eggleston, UCSD Shibboleth and Library Resources InCommon Library/Shibboleth Project.

US of A and A Activities Ken Klingenstein, Director Internet2 Middleware Initiative.

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 NMI R3 Enterprise Directory Components.

Shibboleth: Status and Pilots. The Golden Age of Plywood.

Project Shibboleth Update, Demonstration and Discussion Michael Gettes May 20, 2003 TERENA Conference, Zagreb, Croatia Michael Gettes.

Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.

Shibboleth: Early Experience at OSU Scott Cantor October 28, 2002 Scott Cantor October 28, 2002.

1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.

Shibboleth A word which was made the criterion by which to distinguish the Ephraimites from the Gileadites. The Ephraimites, not being able to pronounce.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Digital Diversity: Multi- institutional Access to Distributed Course Resources Barry Ribbeck UT HSC - Houston.

Shibboleth: OSU Early Adoption Scenarios Scott Cantor April 10, 2003 Scott Cantor April 10, 2003.

Internet2 Spring Meeting, Washington DC April NMI R2 Shibboleth recipe experience Art Vandenberg Director, Advanced Campus Services Information.

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

Mairéad Martin The University of Tennessee December 16, 2015 Federated Digital Rights Management.

Holly Eggleston, UCSD Beyond the IP Address: Shibboleth and Electronic Resources InCommon Library/Shibboleth Project.

Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck

Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.

Shibboleth Update January, 2001 Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado at Boulder.

2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect.

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

WebISO, Single Sign-On & Authorization General Overview Shelley Henderson Project Manager, Grid Software USC Information Services Copyright.

Internet2 Spring Meeting, Washington DC April NMI R2 Directory Services Components Overview Art Vandenberg Director, Advanced Campus Services Information.

Shibboleth for Middle Schools James Burger -

Blackboard Learning System r6 and Shibboleth Barry Ribbeck U.Texas Health Science Center at Houston Christopher Etesse Blackboard Inc.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

The FederID project The First Identity Management and Federation Free Software.

Access Policy - Federation March 23, 2016

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

John O’Keefe Director of Academic Technology & Network Services

e-Infrastructure Workshop 28th March 2006, University of Leeds

ESA Single Sign On (SSO) and Federated Identity Management

Michael R Gettes, Duke University On behalf of the shib project team

Federated Digital Rights Management

Supporting Institutions Towards a Shibbolized Infrastructure

Shibboleth Deployment Overview

Shibboleth: Status and Pilots

Shibboleth 2.0 IdP Training: Introduction

Shibboleth Architecture and Requirements

KC-ROLO Project Kidderminster College – Repository Of Learning Objects

Presentation transcript:

Shibboleth Project at GSU Art Vandenberg Director, Advanced Campus Services Information Systems & Technology Georgia State University avandenberg@gsu.edu A.Vandenberg March 14, 2003

Overview “Shibboleth” – the word Shibboleth – the project Internet2/IBM Middleware collaboration Beginnings in Fall 2000 Component of NSF Middleware Initiative (NMI) Integration Testbed Program Inter-institutional sharing of web resources A.Vandenberg March 14, 2003

Key Concepts Federated administration Access control based on attributes Active management of privacy – Origin site & user control release of data Standards based – OpenSAML (security access markup language) Framework for scaleable Trust & Policy (Clubs) Standard (extensible) AttributeValue Vocabulary – eduPerson LDAP objectClass A.Vandenberg March 14, 2003

Problem Space Access to digital library resources from off campus Using distance education courseware Accessing research web site Accessing co-taught class web site at another university A.Vandenberg March 14, 2003

Current solutions – issues IP-based access – spoofable, limiting Proxy servers – how many do you need…? Shared or group accounts & passwords – no accountability, poor auditability, low level assurance Additional accounts – management hassles, synchronization complexity, too many accounts for user A.Vandenberg March 14, 2003

Shibboleth Solution Access without proxy Leverage local authentication Access based on role attributes Enables access from anywhere on web User can dynamically review/limit release of identifying information (privacy) Reduced logins A.Vandenberg March 14, 2003

Architecture Sun Solaris or Red Hat Linux Apache, Tomcat, J2SE Enterprise single signon (SSO) or WebISO (initial signon) Enterprise directory service (LDAP, mySQL) Target vs. Origin sites A.Vandenberg March 14, 2003

From: Shibboleth Architecture v5 Scott Cantor and Marlena Erdos, 13 May 2002

Current Status Shibboleth architecture doc v05 - May 2002 Test deployments - v 0.7, v 0.8 http://shibboleth.internet2.edu/ WebCT, EBSCO, OCLC, Elsevier… Georgia State implementation http://wayf.internet2.edu/shibboleth-old/sample.jsp http://er1.erp.ohio-state.edu:8900/ A.Vandenberg March 14, 2003

Access Web Resource

Redirect to WAYF

Handle Service: Login

Local Authentication

Access to Web Resource

Access without re-login

Shibboleth – GSU goals Implement v 0.8 origin Authenticate using CampusID Attributes via eduPerson LDAP Pilot with vendors or applications: “affiliation=member” access to EBSCO, Elsevier, OCLC, WebCT, IS&T intranet…? …Implement Attribute Release Policies Be technical resource for Shibboleth A.Vandenberg March 14, 2003

Shibboleth – next steps. Q&A Art Vandenberg avandenberg@gsu Shibboleth – next steps? Q&A Art Vandenberg avandenberg@gsu.edu Victor Bolet vbolet@gsu.edu A.Vandenberg March 14, 2003