UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.

Slides:

Advertisements

Similar presentations

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Advertisements

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Business Productivity Online Suite Enterprise class software delivered via subscription services hosted by Microsoft and sold with partners.

Shibboleth and InCommon Copyright Texas A&M University This work is the intellectual property of the author. Permission is granted for this material.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March

Shibboleth Case Studies: Shibboleth as the Campus Web SSO Albert Wu, UCLA Datta Mahabalagiri, UCLA.

State of Information Technology Presentation for Faculty Council November 14, 2013 Mike Carlin Vice Chancellor for IT and CIO.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.

Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.

SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….

10 years of HEAL-Link Trieste, Italy. Increase of electronic journals accessible to the members of HEAL-Link

Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.

UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

Internet2 Spring 2004.pptApril 2004 Napster University Program Elements of Success W. Pence Chief Technology Officer Napster LLC.

Openness and Extending Blackboard Software Asbed Bedrossian Otto Khera USC.

10/25/2015 AEB/Yleisesittely Organising Federated Identity in Finnish Higher Education TNC2005 Mikael Linden June 8th, 2005.

Federations 101 John Krienke Internet2 Fall 2006 Internet2 Member Meeting.

Identity Services Technical Briefing Tuesday, November 5, 2013 Nicholas Roy – Technical Manager 11/5/13Identity Services Technical Briefing1.

Shibboleth: An Introduction

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.

Shibboleth Access Management System Walter Hoehn & David Millman, Columbia University.

Holly Eggleston, UCSD Shibboleth and Library Resources InCommon Library/Shibboleth Project.

Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for ISIS Developers January 30, 2007.

Federations round table Haka federation of Finland EuroCAMP Mikael Linden CSC, the Finnish IT Center for Science.

Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

Shibboleth: Molecules, Music, and Middleware. Outline ● Terms ● Problem statement ● Solution space – Shibboleth and Federations ● Description of Shibboleth.

Esri UC 2014 | Technical Workshop | What is new in ArcGIS 10.2.x for Server Ismael Chivite, Greg Tieman.

Shibboleth Trust Model Shibboleth/SAML Communities (aka Federated Administrations) Club Shib Club Shib Application process Policy decision points at the.

Some thoughts on Authentication in general….and Shibboleth in particular James Mouw Asst. Director for Technical and Electronic Services The University.

Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.

Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.

2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect.

Copyright © 2006 by the University of Kansas Providing Intra-campus SSO Service Kathryn Huxtable Identity Management/Core Middleware Information Technology,

Fermilab supports several authentication mechanisms for user and computer authentication. This talk will cover our authentication systems, design considerations,

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,

Overview SPIRE project: Looking at the feasibility of P2P in UK higher education Focused on Penn States open source P2P system ‘LionShare’ which is a heavily.

Scope UCLA Implementation UCOP Pilot

David Millman—Columbia January 2005

Federated Identity Management at Virginia Tech

Introducing Access Management

Shibboleth Roadmap

Shibboleth Project at GSU

University of Texas System

Data and Applications Security Developments and Directions

John O’Keefe Director of Academic Technology & Network Services

e-Infrastructure Workshop 28th March 2006, University of Leeds

Your Key to Privacy, Security, and Access to Services

Enterprise Single Sign-On

ESA Single Sign On (SSO) and Federated Identity Management

Overview and Development Plans

ISIS to Shibboleth Migration

Today Introducing IAMUCLA ISIS to Shibboleth Migration

Supporting Institutions Towards a Shibbolized Infrastructure

Presentation transcript:

UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with ISIS, UCLA’s Web SSO –Replace existing attribute query interface in ISIS with Shibboleth –Improve User Experience –Revamp Administration Model

Shibboleth in EDIMI Shibboleth is the standard web attribute query API in the EDIMI project. UCLA’s Shibboleth will query the enterprise directory for data. Currently developing Enterprise Directory: Phase I release in Fall 2005 ED schema is designed with Shibboleth in mind: eduPerson and eduPerson style entitlement attributes.

Shibboleth in EDIMI As we add more data in to the ED, Shibboleth becomes richer. –Phase I: basic identity and contact data –Phase II: eduPerson and employee data related role and entitlement attributes –Phase III: student related role and entitlement attributes –Other: Through out the project, we will seek opportunity to include miscellaneous attributes of interest: e.g., departmentalNetworkAdministrator; computerSupportCoordinator;

Integrating Shibboleth with ISIS Shibboleth offers richer set of attributes with user-controlled privacy release policy. Shibboleth is not just for cross-institution authentication. All UCLA Web applications will eventually be Shib-enabled. Migration will take time – With nearly 100 applications, this will be a multi-year process.

UCLA Shibboleth Status Server Status: –Currently in test –Integrated with test ISIS Federation Status: –UCLA is a member of InQueue –Will join InCommon as soon as our IdM scheme complies with requirements Rollout: –Need to identify suitable early adopters

Evangelizing Shibboleth Shibboleth in Outsourced Administrative Apps: UCLA HR is looking to outsource its employment and position management system to PeopleAdmin, a vendor hosted HR application vendor. PeopleAdmin’s primary client-base is Higher- Ed and the public sector. Convince PeopleAdmin to develop support for Shibboleth in its software.

Evangelizing Shibboleth Shibboleth in Affiliated Service Organizations: Apple and ASUCLA wants to post restricted promotional material on ASUCLA’s web site. Push ASUCLA to use Shibboleth. … and reaching out to an OS vendor… Conversation with Apple engineer: possible Shibboleth support from within Mac OS, iTune and iChat?

Evangelizing Shibboleth Shibboleth in grass-root implementations: A group of computer science students have developed a Jabber chat client and are looking for authentication solutions. Working with the group to develop Shibboleth connector to Jabber/XMPP

Evangelizing Shibboleth Ongoing projects at Internet2/nation-wide level: Content Management Software: WebCT, Blackboard, Sakai, Moodle Online journal vendors: JSTOR Grid computing and Shibboleth Integration US Federal Government E-Authentication initiative

Evangelizing Shibboleth Other possibilities: Penn State implemented Shibboleth with Napster. UC just signed a similar music download service. Shib? Bruinwalk.com, a student run web site at UCLA, has been using UCLA’s BOL ID/password to log user in via shady techniques. Shib is a good way to enable student run organizations to legitimately support users without compromising security.