David Millman—Columbia January 2005

Slides:



Advertisements
Similar presentations
Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.
Advertisements

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
Inter-Institutional Registration UNC Cause December 4, 2007.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.
InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.
SWITCHaai Team Federated Identity Management.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
Shibboleth IdP Training: Productionalization January, 2009.
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
TNC 2008 JANET(UK) Shibboleth on Windows Trial TNC May 2008 Louis Searchwell Please note that the Shibboleth installer for Windows described in this presentation.
I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.
2004 © SWITCH 1 Shibboleth in Switzerland Internet2 Spring Meeting 2004 Thomas Lenggenhager Overview SWITCH & SWITCHaai Project.
Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.
Michael Ghens Information Systems Specialist Santa Barbara City College.
David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Internet2 CAMP Shibboleth Scott Cantor (Hey, that’s my EPPN too.) Tom Dopirak Scott Cantor (Hey, that’s my.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Shibboleth Update Advanced CAMP 7/31/02 RL “Bob” Morgan, Washington Steven Carmody, Brown Scott Cantor, Ohio State Marlena Erdos, IBM/Tivoli Michael Gettes,
Using Levels of Assurance Well, at least thinking about it…. MAX (just MAX)
Federated Identity and Shibboleth Concepts Rick Summerhill Chief Technology Officer Internet2 GEC3 October 29, 2008 Slides by Nate Klingenstein
Shibboleth at Columbia Update David Millman R&D July ’05
Shibboleth: An Introduction
Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie.
Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.
Shibboleth Access Management System Walter Hoehn & David Millman, Columbia University.
1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Intra- to Inter-institutional Use of Shibboleth Bruce Vincent, Stanford University June 28, 2006.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
The UK Access Management Federation John Chapman Project Adviser – Becta.
Shibboleth Trust Model Shibboleth/SAML Communities (aka Federated Administrations) Club Shib Club Shib Application process Policy decision points at the.
Campuses New to Shibboleth: WebSSO Barry Johnson
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop.
Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Using Your Own Authentication System with ArcGIS Online
Shibboleth Architecture
Federated Identity Management at Virginia Tech
Shibboleth Roadmap
Federation Systems, ADFS, & Shibboleth 2.0
Géant-TrustBroker Dynamic inter-federation identity management
John O’Keefe Director of Academic Technology & Network Services
e-Infrastructure Workshop 28th March 2006, University of Leeds
Identity Federations - Installation and operation
05 | AD to Windows Azure AD IT Professionals
The French federation Eurocamp 2007 Helsinki
Supporting Institutions Towards a Shibbolized Infrastructure
Shibboleth Deployment Overview
Shibboleth in Switzerland
Shibboleth 2.0 IdP Training: Introduction
Shibboleth Service Providers: Technical Requirements and Considerations or How I Spent My Winter/Spring/Summer Vacation Scott Cantor Copyright.
User Provisioning Project
Presentation transcript:

David Millman—Columbia January 2005 Access Management David Millman—Columbia January 2005

process between LSE and Columbia so far planning for scalability – federation-based identity management

The Current Pilot designate host to serve shibbolized content obtain x.509 certificate for host (commercial) install web server with shibboleth Service Provider (SP) library (apache, IIS) create pilot federation (“edu-fed.org”) register DNS obtain certificates (self-signed) install shibboleth Identity Provider (IdP), connected to local authentication system and directory (tomcat servlet)

The Current Pilot (cont.) configure IdP to release only the eduPersonScopedAffiliation attribute, e.g., “member@columbia.edu” configure SP placement of content within server set access restrictions (require ...ScopedAffiliation) both institutions exchange certificates build “where are you from” service, just for the two institutions

demo

Scaling—Federations Bi-lateral doesn’t take advantage of the built-in scalability of the shibboleth architecture Federation represents agreement on procedures—legal framework encourages standards for directory information (eduPerson, course membership) issues certificates to participants—gateway function Examples edu-fed.org (LSE/CU) inQueue (Internet2 test federation) inCommon (Internet2 production federation)

Federation Implications may clarify internal agreements about identity management & policy at local institution information offered to the federation is the same for all members—is that acceptable, without trusting each new member bilaterally? international questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.