Presentation is loading. Please wait.

Presentation is loading. Please wait.

Project Shibboleth Update, Demonstration and Discussion Michael R Gettes Duke University (on behalf of the entire shib team!!!) June.

Published byGarry Peters Modified over 8 years ago

Similar presentations

Presentation on theme: "Project Shibboleth Update, Demonstration and Discussion Michael R Gettes Duke University (on behalf of the entire shib team!!!) June."— Presentation transcript:

1 Project Shibboleth Update, Demonstration and Discussion Michael R Gettes Duke University (gettes@Duke.EDU) (on behalf of the entire shib team!!!) June 5, 2003 @ CAMP Michael R Gettes Duke University (gettes@Duke.EDU) (on behalf of the entire shib team!!!) June 5, 2003 @ CAMP

2 2 Shibboleth A word which was made the criterion by which to distinguish the Ephraimites from the Gileadites. The Ephraimites, not being able to pronounce sh, called the word sibboleth. See -- Judges xii. Hence, the criterion, test, or watchword of a party; a party cry or pet phrase. - Webster's Revised Unabridged Dictionary (1913):Webster's Revised Unabridged Dictionary (1913)

3 3 Stage 1 - Addressing Three Scenario’s Member of campus community accessing licensed resource Anonymity required Member of a course accessing remotely controlled resource Anonymity required Member of a workgroup accessing controlled resources Controlled by unique identifiers (e.g. name) Taken individually, each of these situations can be solved in a variety of straightforward ways. Taken together, they present the challenge of meeting the user's reasonable expectations for protection of their personal privacy.

4 4 Establishing a User Context

5 5 Getting Attributes and Determining Access

6 2003 © SWITCH 6 Shibboleth AA Process Resource WAYF Users Home OrgResource Owner 1 SHIRE I don’t know you. Not even which home org you are from. I redirect your request to the WAYF 3 2 Please tell me where you come from HS 5 6 I don’t know you. Please authenticate yourself 7 User DB Credentials OK, I know you now. I redirect your request to the target, together with a handle 4 OK, I redirect your request now to the Handle Service of your home org. SHAR Handle 8 I don’t know the attributes of this user. Let’s ask the Attribute Authority Handle 9 AA Let’s pass over the attributes the user has allowed me to release Attributes 10 Resource Manager Attributes OK, based on the attributes, I grant access to the resource

7 7 Shibboleth Architecture

8 8 Target Web Server Origin Site Target Site Browser Shibboleth Architecture -- Managing Trust TRUST Attribute Server Shib engine

9 9 Milestones Project formation - Feb 2000 Stone Soup Process - began late summer 2000 with bi-weekly calls to develop scenario, requirements and architecture. Linkages to SAML established Dec 2000 Architecture and protocol completion - Aug 2001 Design - Oct 2001 Coding began - Nov 2001 Alpha-1 release – April 24, 2002 OpenSAML release – July 15, 2002 v0.7 Shibboleth released Nov 25, 2002 v0.8 March 1, 2003 v1.0 May 2003 (end of month) v1.1 conversations ruminating; v1.2 may be the plateau

10 10 Code status v0.8 released March 2003 (coding teams – MIT, Columbia, Ohio State, CMU); v1.0 due out April 10 v0.7 much easier to install than alpha’s. C/C++ only on origin. Java still on target. Relatively safe to deploy and experiment Release issues – platform dependencies, fragile Apache components, binaries vs source, etc… v0.7 to v0.8 new features – ARP’s redone, added robustness timeframes – march 1, 2003 general release V0.8 to 1.0 – SAML 1.1 support, bug fixes and re-packaging V1.0 -- REAL SOON NOW!!!

11 11 Course Management Early Adopters WebCT Webassign Blackboard (Demonstrated April, 2003) OKI

12 12 The Library Pilots Explore and Evaluate the utility of the Shibboleth model (attributes) for controlling access to licensed resources Identify problems and issues with this approach How well do existing licenses map to attributes? Library “walk-in” customers Identify and address Shib deploy issues for campuses AND for vendors Explore new possibilities, including role-based access controls

13 13 Campus Participants Carnegie Mellon Columbia Dartmouth Georgetown London School of Economics New York Unv. Ohio State Others coming on Penn State U. Colorado U. Michigan U. Washington U. Wisconsin - Madison UCOP (U. California System) U.Texas Health Science Center at Houston

14 14 Vendor Participants EBSCO ~ Elsevier OCLC Sfx (Ex libris) JSTOR McGraw Hill eBooks Innovative (III) Consortial efforts: WRLC, Athens, …

15 15 Shibboleth Deployment Issues Access Issues Kiosks and walk-ins logins for on-campus use Licensing issues reconciling license structures with directory structures system and consortial issues mitigating disintermediation Functional issues handling Shibbed and non-Shibbed resources roll-out strategies entitlements vs attributes what attributes to pass how to structure the attribute name space

16 16 A Quick Demonstration A Shib Demo

17 17 Next steps Convergence with other efforts (PAPI, Permis, A-Select, etc) Shibboleth used as a WebISO solution, the N-Tier problem What is a Federation? How do we define it? Sub-Fed, Fed Clusters, Super Federations Shibboleth the architecture vs Shibboleth the web service Shibboleth the technology vs Club Shib the trust model Federated Digital Rights Management Federated P2P Privacy Management Systems – see http://www.ischool.washington.edu/shibbui/index.html Personal Information Managers – see http://www.brown.edu/cgi- bin/httool.eplhttp://www.brown.edu/cgi- bin/httool.epl

18 18 Personal Resource Manager

19 19 Privacy Management Systems

20 20 eduPersonEntitlement A Small Directory Issue eduPersonEntitlement Values of eduPersonEntitlement can be URLs or URNs –http://www.w3.org/Addressing/ –RFC2396 Uniform Resource Identifiers –RFC2141 Uniform Resource Names URNs to allow federation of name creation without name clashes. –urn:mace:brown.edu:foo mace-submit@internet2.edu for information on URN registration

21 21 Overall Trust Fabric

Download ppt "Project Shibboleth Update, Demonstration and Discussion Michael R Gettes Duke University (on behalf of the entire shib team!!!) June."

Similar presentations

Internet2 Shibboleth Project TERENA Networking Conference 2002, Limerick, Ireland RL “Bob” Morgan, Washington Steven Carmody, Brown Scott Cantor, Ohio.

Internet2 Shibboleth Project TERENA Networking Conference 2002, Limerick, Ireland RL “Bob” Morgan, Washington Steven Carmody, Brown Scott Cantor, Ohio.
Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.

Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
What Lies Ahead: Grids, Shibboleth, PKI Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein 2003. This work is the intellectual.

What Lies Ahead: Grids, Shibboleth, PKI Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This work is the intellectual.
Dr Ken Klingenstein Shibboleth and InCommon: An Update and Next Steps.

Dr Ken Klingenstein Shibboleth and InCommon: An Update and Next Steps.
Shibboleth: How It Relates to SAML Marlena Erdos Aug 27, 2001.

Shibboleth: How It Relates to SAML Marlena Erdos Aug 27, 2001.
ICDL 2004, New Delhi1 Access Management for Digital Libraries in a well-connected World John Paschoud SECURe Project London School of Economics Library.

ICDL 2004, New Delhi1 Access Management for Digital Libraries in a well-connected World John Paschoud SECURe Project London School of Economics Library.
June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.

June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.
Shibboleth Update a.k.a. “shibble-ware”

Shibboleth Update a.k.a. “shibble-ware”
InCommon Policy Conference April 2005. 2 Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March 3. 2008.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.
Mairéad Martin The University of Tennessee September 13, 2015 Federated Digital Rights Management.

Mairéad Martin The University of Tennessee September 13, 2015 Federated Digital Rights Management.
1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.

1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.
Shibboleth Possible Features – Version 2 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Shibboleth Possible Features – Version 2 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
7 October 2015 Shibboleth. Agenda  Shibboleth Background and Status  Why is Shibboleth Important (to Higher Ed)?  Current Pilots Course Management.

7 October 2015 Shibboleth. Agenda  Shibboleth Background and Status  Why is Shibboleth Important (to Higher Ed)?  Current Pilots Course Management.
Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.

Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.
Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.

Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.
David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.

David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

Similar presentations

Ads by Google