Shibboleth Roadmap -- 2005.

Slides:

Advertisements

Similar presentations

Lousy Introduction into SWITCHaai

Advertisements

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

US E-authentication and the Culture of Compliance RL “Bob” Morgan University of Washington CAMP, June 2005.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

NOS Objectives, YR 4&5 Tony Rimovsky. 4.2 Expanding Secure TeraGrid Access A TeraGrid identity management infrastructure that interoperates with campus.

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.

The InCommon Federation The U.S. Access and Identity Management Federation

Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Navigating the Standards Landscape Andrew Owen SEARCH.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.

Shibboleth: An Introduction

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Intro to Shibboleth and Federation… Ken Klingenstein Director, Internet2 Middleware and Security.

Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Gridshib-tech-overview-dec051 GridShib A Technical Overview Tom Scavo NCSA.

The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.

Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

WS Protocol Workshop Process The Path to Real-world Interoperability Jorgen Thelin, Microsoft Corporation.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Shibboleth: Overview and Status The Shibboleth Architecture Team.

Interfederation RL “Bob” Morgan University of Washington and Internet2 Internet2 Member Meeting Chicago, Illinois December 2006.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

Project Moonshot Daniel Kouřil EGI Technical Forum

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.

Access Policy - Federation March 23, 2016

David Millman—Columbia January 2005

Introduction to Windows Azure AppFabric

OGSA-WG Basic Profile Session #1 Security

Federation Systems, ADFS, & Shibboleth 2.0

SAML New Features and Standardization Status

HMA Identity Management Status

Géant-TrustBroker Dynamic inter-federation identity management

John O’Keefe Director of Academic Technology & Network Services

e-Infrastructure Workshop 28th March 2006, University of Leeds

Identity Management Integration CAMP

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

OGF 21 Seattle Washington

OpenID Connect Working Group

Overview and Development Plans

Office 365 Identity Management

Office 365 Identity Management

UK Access Management Federation

UK Federation 101 Ian A. Young EDINA, University of Edinburgh (and the UK Federation) Internet2 Fall Member Meeting, 7 Dec Shibboleth Development.

A(nother) view on federation issues

Scott Thorne & Chuck Shubert

Shibboleth and Federations

Shibboleth 2.0 IdP Training: Introduction

Presentation transcript:

Shibboleth Roadmap -- 2005

Sequence Shibboleth v1.3 Restructuring of Federations E-Authentication Certification Restructuring of Federations The Transition to InCommon “Negative Trust” Federation International Federation Peering Shibboleth and Grids Futures WS* Interop Interim Release – Support for Some of SAML 2.0 Full SAML 2.0 Support

Shibboleth v1.3 Planned Availability -- June 1, 2005 Major New Functionality Full SAML v1.1 support -- BrowserArtifact Profile and AttributePush Support for SAML-2 metadata schema Improved Multi-Federation Support Support for the Federal Gov’t’s E-authn Profile Native Java SP Implementation Improved build process

E-Authn Certification V1.3 has already successfully navigated interoperability testing Scheduled for Certification Testing the week of June 20 Campuses could then Join the E-authn Federation Use the Shibboleth software to access e-authn enabled federal gov’t web sites More E-authn info available at http://www.cio.gov/eauthentication/

Restructuring of Federations The Transition to InCommon InCommon is now “Real” Campuses and Vendors are Transitioning… May soon see negative incentives for long term membership in InQueue “Negative Trust” Federation Available for software development, testing Self-service application to register Expect to see many relatives of Donald Duck as members International Federation Peering Moving forward… Vendors moving toward supporting multi-federation world

Shibboleth and Grids • Shib/SAML is currently web-browser centric so doesn't apply to more general protocols yet can easily apply to Grid portals SAML could carry certs/keys as attributes • Grid-Shib project NSF-funded focus on access to campus Attribute Authority to provide attributes for Grid service authz decisions

WS* Interop Web Services is a big deal • WS-Security much practice, much promise, much hype great potential for multi-vendor integration • WS-Security base spec is OASIS standard, but only first 5% many layered specs: WS-Policy, -Trust, Conversation, -Federation, -Resource, etc standard/IPR status not clear SAML can be carried as WS-Sec “token” Microsoft federation software uses SAML assertions but WS-Fed protocol

WS* Interop -- Status Agreements to build WS-Fed interoperability into Shib Contracts signed; work to begin After Shib v1.3 WS-Federation + Passive Requestor Profile + Passive Requestor Interoperability Profile Discussions broached, by Microsoft, in building Shib interoperabilty into WS-Fed; no further discussions Devils in the details Can WS-Fed-based SPs work in InCommon without having to muck up federation metadata with WS-Fed-specifics? All the stuff besides WS-Fed in the WS-* stack

WS* Interop -- High Level Goals Establish interoperability of the ADFS Identity Provider and Service Provider implementations (and any other WS-F/PRP/PRIP Provider conformant implementations), with the Internet2 Shibboleth System Identity Provider and Service Provider implementations. Establish ADFS as a supported option for use for Identity Provider and Service Provider deployments in the Internet2-operated InCommon Federation of US higher-education and partner sites. Build a strategic relationship with a fully deployed and leading edge federation (InCommon) and the higher ed academic community.

Shibboleth -- Interim Release Target Date -- within Calendar 2005 Include some SAML-2 Functionality Rely on feedback from user community to identify SAML-2 features which are HI priority Discussion started yesterday during WG meeting

SAML 2.0 Support SAML-2 approved March 2005 Target Date -- mid-year 2006 Expect to provide support for ALL REQUIRED SAML-2 functionality Who wants to help?