Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shibboleth at Columbia Update David Millman R&D July ’05

Published byTheodora Charles Modified over 8 years ago

Similar presentations

Presentation on theme: "Shibboleth at Columbia Update David Millman R&D July ’05"— Presentation transcript:

1 Shibboleth at Columbia Update David Millman R&D July ’05 dsm@columbia.edu

2 Millman—July ’05—2 Shibboleth Motivation & history Architecture Examples Policy issues Future

3 Millman—July ’05—3 Shibboleth Language usage indicative of one's regional and/or social origins used to identify members of one's own or of another group. Borrowed from Biblical Hebrew; refers to the story in the Book of Judges 12:5-6 in which shibboleth was used by the Gileadites as a password to identify the Ephraimites by their dialectal pronunciation. www.csa.com/hottopics/ebonics/gloss.php Definition

4 Millman—July ’05—4 Motivation National Science Digital Library (nsdl.org, NSF grant to EPIC) ca. 200 separate awards—collections, services, targeted research, curating aggregators 3 “core integration” awards—UCAR (Univ Corp for Atmospheric Research, Boulder), Columbia, Cornell Columbia Role –relations with the publishing industry –distributed, flexible, private access management

5 Millman—July ’05—5 Origin within Standards Internet2 consortium (internet2.edu) –high-performance networking –middleware –video & computation Shib is an application of the Security Assertion Markup Language (SAML) from oasis-open.org web standards organization (cf. W3C, IETF) — same as used by the Liberty Alliance Original work at Columbia on 3rd-party access management (cf. DLib Magazine ’98) University, library privacy concerns

6 Millman—July ’05—6 Architecture Multiple, distributed Service Providers (SP) –applications –accept the agreed set of user attributes Multiple, distributed Identity Providers (IdP) –localized login –assert proof of identity (authentication) for members of their respective communities without disclosing individual identity –transmit standard, widely agreed user attributes (“directory” information) Shared service for users to choose their local identity provider (WAYF— “where are you from?”)

7 Millman—July ’05—7 Architecture Service User Browser Local Identity Infrastructure WAYF 1 2 3 4 5 6 9 7 8

8 Millman—July ’05—8 Architecture... from SWITCH—Swiss Education & Research Network

9 Millman—July ’05—9 Local Examples Database of Recorded American Music (DRAM) –http://www.columbia.edu/cgi-bin/cul/resolve?clio5020426http://www.columbia.edu/cgi-bin/cul/resolve?clio5020426 –federation: Internet2 inQueue Columbia Educational Resources Online (CERO) –http://cero.columbia.edu/0711/web/sect_1/0711_s1_fr.htmlhttp://cero.columbia.edu/0711/web/sect_1/0711_s1_fr.html –federation: edu-fed.org (Columbia invention) Digital Anthropology Resources for Teaching (DART) –https://dart.columbia.edu/secure/gandhi-timeline/sect_5/timeline.htmlhttps://dart.columbia.edu/secure/gandhi-timeline/sect_5/timeline.html –federation: edu-fed National Science Digital Library (NSDL) –https://nsdl.org/Authenticationhttps://nsdl.org/Authentication –federation: nsdl ARTstor –federation: Internet2 inQueue (more reliable demo page: http://www.columbia.edu/~dsm/200507shib/ )http://www.columbia.edu/~dsm/200507shib/

10 Millman—July ’05—10 Issues Technical –wayf scalability –PKI adoption (digital certificates, etc) Policy –any bi-lateral doesn’t take advantage of the built-in scalability of the shibboleth architecture –Federation represents agreement on procedures—a legal framework encourages standards for directory information (eduPerson, course membership) controlling issuance of certificates to participants—gateway function –Examples edu-fed.org (LSE/CU) inQueue (Internet2 test) inCommon (Internet2 production)

11 Millman—July ’05—11 Federation Implications may clarify internal agreements about identity management & policy at local institution information offered to the federation is the same for all members—is that acceptable, without trusting each new member bilaterally? international questions

12 Millman—July ’05—12 Future—next steps other SAML-based frameworks (longer term) directory/attribute standards (stable in some cases—but still per-institution issues) application re-architecting (esp NSDL at the moment) federal/international certification authorities (medium term—pilots in progress)

13 Millman—July ’05—13 Questions?

Download ppt "Shibboleth at Columbia Update David Millman R&D July ’05"

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,

Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.

Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.
Shibboleth Update a.k.a. “shibble-ware”

Shibboleth Update a.k.a. “shibble-ware”
InCommon Policy Conference April 2005. 2 Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Federated A(A(A))I Jens Jensen hepsysman, RAL, 20110701.

Federated A(A(A))I Jens Jensen hepsysman, RAL,
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
Rights / Business Models in the NSDL Columbia University David Millman April, 2001.

Rights / Business Models in the NSDL Columbia University David Millman April, 2001.
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

Similar presentations

Ads by Google