Shibboleth at Penn State Renee Shuey Academic Services and Emerging Technologies Information Technology Services June 29, 2005.

Slides:



Advertisements
Similar presentations
Duke Enterprise CMS CGS Meeting 5/7/2004 Cheryl Crupi Senior Manager, Duke OIT Office of Web Services.
Advertisements

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Strategic Plan Prepared by Melissa Druckrey and Jama Lumumba Jackson State University Division of Library and Information Resources.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Penn State Steve Kellogg Penn State University 4/20/2004.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Your Logo Here An Administrative Framework for the Blackboard Academic Suite Presented By Chris J Jones University of Oklahoma HSC April 13, 2005.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.
Innovative Instruction Transformation Team Jeffrey Bartkovich, Monroe Community College Kim Scalzo, SUNY Center for Professional Development Carey Hatch,
June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.
Shibboleth and InCommon Copyright Texas A&M University This work is the intellectual property of the author. Permission is granted for this material.
InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
Athens Building Communities Ed Zedlewski & Lyn Norris UKSG, Warwick, April 2002.
InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.
1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.
Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.
Implementation and Management of an Information Systems Practicum in a Graduate Computer Information Technology Curriculum S amuel C onn, Asst. Professor.
7 October 2015 Shibboleth. Agenda  Shibboleth Background and Status  Why is Shibboleth Important (to Higher Ed)?  Current Pilots Course Management.
Shibboleth as Attribute Delivery for Authorization Renee Shuey Penn State University June 27, 2006.
Shibboleth federations: A Publisher’s Perspective Ale de Vries Product Manager ScienceDirect Elsevier Terena EuroCAMP Malaga, October 18-19, 2006.
David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Shibboleth A Federated Approach to Authentication and Authorization Fed/Ed PKI Meeting June 16, 2004.
Internet2 Spring 2004.pptApril 2004 Napster University Program Elements of Success W. Pence Chief Technology Officer Napster LLC.
Federations 101 John Krienke Internet2 Fall 2006 Internet2 Member Meeting.
Shibboleth Authenticate Locally, Act Globally A Penn State Case Study Renee’ Shuey May 4, 2004 ITS – Emerging Technologies.
Using Levels of Assurance Well, at least thinking about it…. MAX (just MAX)
Shibboleth at Columbia Update David Millman R&D July ’05
Shibboleth: An Introduction
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.
Shibboleth Access Management System Walter Hoehn & David Millman, Columbia University.
Holly Eggleston, UCSD Shibboleth and Library Resources InCommon Library/Shibboleth Project.
EDUCAUSE 2005 Annual Conference October 19, 2005.
IT and IM: Promises and Pitfalls Greta Lowe August 15, 2011.
1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.
Shibboleth Penn State Case Study Renée Shuey Senior Systems Engineer ITS – Emerging Technologies October 13, 2003.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
Federations Penn State Case Study Renée Shuey Senior Systems Engineer ITS – Emerging Technologies October 13, 2003.
Shibboleth: Molecules, Music, and Middleware. Outline ● Terms ● Problem statement ● Solution space – Shibboleth and Federations ● Description of Shibboleth.
Higher Ed Certificate Authority by CREN: Update CSG February 2, 2000.
Holly Eggleston, UCSD Beyond the IP Address: Shibboleth and Electronic Resources InCommon Library/Shibboleth Project.
Enterprise Archiving, Retention and Discovery System Jim Albert Deputy Director Department of Information Services April 19 th 2007.
Some thoughts on Authentication in general….and Shibboleth in particular James Mouw Asst. Director for Technical and Electronic Services The University.
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
Cyberinfrastructure Overview Russ Hobby, Internet2 ECSU CI Days 4 January 2008.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.
InCommon® for Collaboration Institute for Computer Policy and Law May 2005 Renee Shuey Penn State Andrea Beesing Cornell David Wasley Internet 2.
Shibboleth Authenticate Locally, Act Globally A Penn State Case Study.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
Shibboleth for Middle Schools James Burger -
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
David Millman—Columbia January 2005
LIGO Identity and Access Management
John O’Keefe Director of Academic Technology & Network Services
Shibboleth as Attribute Delivery for Authorization
Penn State and AES/PHEAA: e-Authentication
4th Annual Conference on Technology and Standards Washington
Presentation transcript:

Shibboleth at Penn State Renee Shuey Academic Services and Emerging Technologies Information Technology Services June 29, 2005

Some terms ● Authenticate – Determine that someone is who they say they are ● Authorize – Determine that someone has the privileges or attricbutes necessary to perform some function of gain access to information ● Federate – Take action across institutional realms ● Directory – Middleware service that describes people in your institution

Outline ● Problem statement ● Solution space – Shibboleth and Federations ● Description of Shibboleth ● Uses of Shibboleth at Penn State - Today ● Uses of Shibboleth at Penn State - Future ● What's it take to do all of this?

What's the problem? ● We're serving lots of people (120,000) ● Those people want access to web-based information resources ● Rising legal, ethical, and economic development concerns about legal consumption and distribution of digital information ● Continued concerns about privacy, growing concerns about privacy

Communications Learning Materials Student Life Research Materials Stuff

Communications Learning Materials Student Life Research Materials Stuff Communications Learning Materials Student Life Research Materials Stuff Communications Learning Materials Student Life Research Materials Stuff Communications Learning Materials Student Life Research Materials Stuff Communications Learning Materials Stuff Research Materials Student Life

What's a possible solution? ● Shibboleth – Let's us use our existing infrastructures, processes, identities – Preserves anonymity, provides tools for managing privacy – We can provide pathways for appropriate/legal consumption and distribution of digital materials

What's a possible solution? ● Federations – Provides an infrastructure of trust (“trust fabric”) – Associations of enterprises come together to exchange information about their users and resources in order to enable collaborations and transactions – Built on the premise of “Enroll,authenticate and attribute locally...Act federally.” – Two well known federations in higher education in the U.S. are InQueue and InCommon

Shibboleth – What is it?

An Internet2 middleware product designed to provide federated access management between Web-based resources Allows you to authenticate locally and access Web resources from other institutions or sites Can be used to make complex, directory-based authorization decisions Preserves privacy of individual from remote site

Shibboleth Architecture Resource WAY F I d e n ti t y P r o vi d e r S e r vi c e P r o vi d e r W e b S it e 1 ACS 3 2 HS User DB Crede ntials 4 AR Han dle 8 9 AA Attri bute s 1010 Resource Manager Attri bute s © SWITCH

Shibboleth High Level Architecture Service Provider site (SP) and (Identity Provider) IdP site collaborate to provide a privacy-preserving “context” for Shibboleth users Identity Provider authenticates user, asserts Attributes (using the Directory) Service Provider requests attributes about user directly from Identity Provider site Service Provider makes an Access Control Decision Users (and Identity Providers) can control what attributes are released Federations provide common Policy and Trust (more later)

Shibboleth at Penn State Today ● WebAssign – Access to course materials at another university – NC State, WebAssign, Penn State Dept. of Physics ● Napster Experiment – Access to digital repositories ● LionShare – Work in Progress – Authenticated peer-to-peer file sharing

WebAssign Summer 2002 ● ~ 20 students, 2 weeks, 1 course Fall 2002 ● ~200 students ● 3 courses Spring 2003 ● ~1800 students ● Successful login: 63,026 ● All physics courses at UP location can use Shibboleth Fall Production!

WebAssign ● Before Shib: – 1 st 2 weeks, 30 questions/day – Most questions about login ● After Shib – Down to 1-2 questions/day – Non Shib sections still at 15 questions/day

Napster Experiment ● Technical challenge ● Enable residence hall students access to web based music resource in less than 40 days ● Initial community size ~18,000 ● 24 campus locations throughout PA ● Roll-out to all of Penn State following semester ● Community size ~100,000

Napster Experiment ● Using Shibboleth allowed/allows us to: ● authenticate locally to the near universally-adopted Penn State Access Account ● query attributes of individual and determine eligibility ● present Napster with a role and unique identifier, without exposing the identity of the individual ● hand–off transaction to Napster where individual sets up Napster account ● execute the terms and conditions of the contract AND preserve the individual's ability to maintain the Napster relationship after eligibility changes

LionShare ● A federated peer-to-peer file search application ● Users can identify each other and restrict sharing ● Leverages Internet2's InCommon federation and Shibboleth middleware for trust ● Authorization is attribute-based: ● Ex: “Share syllabus.pdf with any student at Penn State in English 202A section 15.”

Shibboleth at Penn State Tomorrow ● Office of Student Aid/AES * ● Worldwide University Network * ● Turnitin ● Thomson Publishing ● CIC Learning Technologies Liaisons ● Merging of Medical Center, Law School, and Campus libraries ● Library vendors – Elsevier, OCLC, JSTOR, and many more

Shibboleth at Penn State - Future Office of Student Aid AES/PHEAA ● AES = American Educational Services PHEAA = PA Higher Education Assistance Agency ● Motivation was to create a more seamless, less cumbersome [loan application] process than what now exists – being transported from one database to another and needing to authenticate multiple times ● Decision to use Shibboleth as solution was driven by “compromise”

Shibboleth at Penn State - Future Office of Student Aid AES/PHEAA (continued) ● AES/PHEAA will assume the liability of using the PSU login as identity confirmation in order to access and sign a loan promissory note (legal document) (Current dollar value on this process is 350 – 400 million dollars) ● Penn State will need to sign a legal agreement with AES/PHEAA verifying this commitment of “trust” – lawyers have been consulted on both sides ● Future use will allow user to use the PSU logon to be transported to multiple databases (AES/PHEAA, Federal Dept of Ed ) – enhancing simplicity and ease of accessing student data in multiple databases

Shibboleth at Penn State - Future Worldwide Universities Network ● “An international alliance of leading higher-education institutions” ● Bergen, Bristol, UC - San Diego, U.Illinois (UC), Leeds, Manchester, Nanjing, Oslo, Penn State, Sheffield, Southampton, Utrecht, University of Washington, Wisconsin–Madison, York, Zhejiang ●

Worldwide Universities Network International Joint Course Development and Delivery in GIS ● Challenge: Geographic information science involves multiple disciplines and many professions, including geography, information science, computer science, and various application areas from business to defense to environmental resource management to energy utilities to local government planning offices. 1,000,000 users worldwide, 15% annual growth; urgent need for education and training at all levels. ● No one academic discipline or institution prepared to offer a comprehensive curriculum. Field too diverse and diffuse.

WUN (continued) Solution: consortia of distance education providers (encouraged by WUN) who are willing (trust) and able (Internet2 MACE) to share students. Sharing students is a more ambitious and powerful vision than sharing content (i.e., learning objects and repositories). Shib makes sharing students viable. NSF/JISC-funded DialogPLUS project fosters cooperation among geographers, educationalists, and computer scientists at Leeds, Southampton, Penn State, and Santa Barbara.

WUN Pilot Beginning April 2005, five students in Penn State's Master of GIS program enrolled in GEOG 497k: GIS for Analysis of Health, developed and offer by faculty members at Southampton. Because Shib is not in place, and Southampton was not prepared to create accounts to Penn State students, had to re-create course in Penn State's CMS. Beginning October 2005 (hopefully!), students in Southampton's and Leeds' joint Master of Science in GIS program will enroll in Penn State course GEOG 485: GIS Programming and Customization. If Shib is implemented successfully, will not need to create redundant course implementation or duplicative student accounts.

Shibboleth Leverages.... ● Processes, procedures and policies for distributing and managing digital identities – Signature Stations, AD-20, enforcement tools, etc. - > identity management ● An eduPerson compliant enterprise directory ● Authentication method(s) ● Acceptance of the identifier ● Strategies for protecting the identifier

Shibboleth speeds/feeds at PSU ● 7 Shibboleth servers – 2 for WebAssign – 5 for Napster ● Load balance using SLB ● Software – Shibboleth 1.1 ● Hardware – IBM Blade HS20 proc 2.4GHz mem 2.5GB

Useful URLs/pointers ● ● ● Subscribe to shib mailing lists ● ● ● Emerging issues/technologies/recipes – – SAML 2.0:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.