Shibboleth: OSU Early Adoption Scenarios Scott Cantor April 10, 2003 Scott Cantor April 10, 2003.

Slides:

Advertisements

Similar presentations

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Advertisements

FI-WARE Testbed Access Control temporary solution.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

1 Emulab Security. 2 Current Security Model Threat model: No malicious authenticated users, Bad Guys are all “outside” –Protect against accidents on the.

Case Study: Newcastle University

Filling the Gap Between Vendor & User Practice Denise Troll Covey Associate University Librarian, Carnegie Mellon DLF Forum, November 2002.

Shibboleth: EBSCOhost implementation Lech Wojtowicz Director of Software Development EBSCO Publishing Access 2003 October 3, 2003.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

CUWebAuth Technical Presentation Pete Bosanko Identity Management Team.

Enterprise Single Sign On Identity management for web applications.

Shibboleth 1.0: Federations, Metadata, and Trust Scott Cantor The Ohio State University and Internet2 © Scott Cantor This work.

S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.

Virtual techdays INDIA │ November 2010 Windows Virtual PC & Windows XP Mode Aviraj Ajgekar │ Regional Site Manager │ Microsoft Corporation Blog:

Shibboleth: Improving Access for Library Users InCommon Library/Shibboleth Project Holly Eggleston, UC San Diego.

Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Barracuda Load Balancer Server Availability and Scalability.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Promoting Open Source Software Through Cloud Deployment: Library à la Carte, Heroku, and OSU Michael B. Klein Digital Applications Librarian

Education roaming Secure Wireless Service for Research and Education.

Philadelphia Area SharePoint User Group Building Customer/Partner Extranets Designing a Secure Extranet with Sharepoint 2007 Russ Basiura RJB Technical.

Sakai/OSP Portfolio UvA Bas Toeter Universiteit van Amsterdam

Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.

SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

® Gradient Technologies, Inc. Inter-Cell Interworking Access Control Across the Boundary Open Group Members Meeting Sand Diego, CA USA April 1998 Brian.

Shibboleth: An Introduction

Shibboleth Access Management System Walter Hoehn & David Millman, Columbia University.

Holly Eggleston, UCSD Shibboleth and Library Resources InCommon Library/Shibboleth Project.

US of A and A Activities Ken Klingenstein, Director Internet2 Middleware Initiative.

Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.

Samba – Good Just Keeps Getting Better The new and not so new features available in Samba, and how they benefit your organization. Copyright 2002 © Dustin.

Shibboleth: Early Experience at OSU Scott Cantor October 28, 2002 Scott Cantor October 28, 2002.

Web Services Tiered Internet Authorization (WSTIERIA) 21 June 2011 Fiona Culloch

Asia Pacific SharePoint Conference 2007 May 15th to 16th, 2007 Hilton Hotel Sydney.

Holly Eggleston, UCSD Beyond the IP Address: Shibboleth and Electronic Resources InCommon Library/Shibboleth Project.

DNS DNS changes required to validate domains in Office 365 UPN – User Principal Name Every user must have a UPN UPN suffixes must match a validated.

Jakob Gadegaard Bendixen, Shibboleth protected proxy servers a case study from the Danish library sector.

Shibboleth 1.2 Technical Overview “So you thought 1.1 was complicated…” Scott Cantor The Ohio State University and Internet2 Scott Cantor.

Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

F5 APM & Security Assertion Markup Language ‘sam-el’

Vmware 2V0-621D Vmware Exam Questions & Answers VMware Certified Professional 6 Presents

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

Difference between External and Internal Server Monitoring.

Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

Using Your Own Authentication System with ArcGIS Online

LIGO Identity and Access Management

Shibboleth Project at GSU

Third Party Applications: EZproxy

Radius, LDAP, Radius used in Authenticating Users

Introduction to Networking

Scott Cantor April 10, 2003 Shibboleth and PKI Scott Cantor April 10, 2003.

Azure AD Application Proxy

EzProxy Config Manager an Open Source Application

APACHE WEB SERVER.

Presentation transcript:

Shibboleth: OSU Early Adoption Scenarios Scott Cantor April 10, 2003 Scott Cantor April 10, 2003

2 Things that Haven’t Changed Since the Fiesta Bowl Existing SSO infrastructure still reliable but problematic (funding, platforms, support) Still actively identifying opportunities that need Shibboleth or something like it Slowly building interest via customer pressure and external publicity Wide range of systems equating authentication with authorization (including ) limit our options

3 New Developments Data warehouse migration winding down Better understanding of flaws in library access control policies Concerns over non-ubiquity of staff with active Kerberos accounts Pressing need to handle guest accounts to support variety of demos and academic projects

4 Current Deployment Both origin releases now running in a semi- production state on the same Solaris server handling web logins, using Netscape Enterprise 3.x and Apache. New layout and configuration process of 0.8 release vastly improves manageability and upgrade path. Excited about flexibility of 1.0 feature set.

5 Current Deployment Planning an origin load test sometime this month to benchmark the system and frame near-term expectations. Only current target is an application testbed server hosting a learning objects research prototype. Waiting on Windows port for wider local testing.

6 Medium Term Projects Strongest business case is a reporting server currently using SSO system that OSU Hospital wants to access with NDS. Two Options: Run a new origin site inside firewall (“hospital.osu.edu”), convert server to act as target Second access path authenticating against NDS via LDAP, password goes from outside firewall back in over SSL

7 Medium Term Projects Strong need to enable one-off access to applications for external users that probably won’t have Shibboleth-enabled access. Considering Shibboleth as a front-end for a delegatable guest domain (“guest.osu.edu”) so applications can largely ignore the issue.

8 Medium Term Projects Library so far unable/unwilling to spend money, or request money for future pilots. Immediate need undermined by permissiveness of vendors. Obvious first candidates are J-STOR and EBSCO, though the persistent URL issue would have to be addressed.

9 Medium Term Projects Proposing use with EZProxy as a first step to restricting access to proxy, but load test is crucial. Also can’t support ongoing use without funding, so considering a short term test to get them addicted.

10 Long Term Projects Central IT unwillingness to address need for new account types (alumni, applicants) in timely fashion leaves a guerilla attack open. Shibboleth origins likely much cheaper than decoupling authentication and authorization in large central systems for next 1-2 years.

11 Issues Still a range of improvements needed to code in error handling and failure modes. More SSO features would be desirable, but probably not showstoppers until real high- volume apps come on-board. Immediately have to address federation and trust implications of multiple origin sites that won’t be in InCommon.