Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.

Slides:



Advertisements
Similar presentations
The Basics of Federated Identity. Overview of Federated Identity and Grids Workshop Session 1 - for all Basics and GridShib Session 2 – more for developers.
Advertisements

The Rest of the World, in 75 minutes… Ken Klingenstein Director, Internet2 Middleware and Security.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
Dr Ken Klingenstein Shibboleth and InCommon: An Update and Next Steps.
CONFUSED? DON’T BE. IT’S ACTUALLY REALLY STRAIGHTFORWARD. RICK FREEMAN FEBRUARY 4, 2015 The HSPC Tier 1 & Tier 2 Technical Specification Explained.
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.
NSF Middleware Initiative: GridShib Tom Barton University of Chicago.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
Catalyst 2002 SAML InterOp July 15, 2002 Prateek Mishra San Francisco Netegrity.
Frameworks To get on the same page word wise To suggest some useful analytic approaches To identify opportunities for integration.
Mairéad Martin The University of Tennessee September 13, 2015 Federated Digital Rights Management.
Shibboleth Possible Features – Version 2 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
GridShib Grid-Shibboleth Integration Von Welch, Tom Barton, Kate Keahey, Frank Siebenlist GlobusWORLD 2005.
SAML Right Here, Right Now Hal Lockhart September 25, 2012.
Federated Identity and the International Research Community Dr Ken Klingenstein Director, Internet2 Middleware and Security.
Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
The New Problem Space: Issues for the Future Ken Klingenstein Director, Internet2 Middleware and Security.
Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.
Mellon Year 1 Review Michael J. Halm Alex Valentine.
David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.
SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Catalyst 2002 SAML InterOp July 15, 2002 San Francisco.
Internet2 CAMP Shibboleth Scott Cantor (Hey, that’s my EPPN too.) Tom Dopirak Scott Cantor (Hey, that’s my.
Shibboleth Update Advanced CAMP 7/31/02 RL “Bob” Morgan, Washington Steven Carmody, Brown Scott Cantor, Ohio State Marlena Erdos, IBM/Tivoli Michael Gettes,
Shibboleth A word which was made the criterion by which to distinguish the Ephraimites from the Gileadites. The Ephraimites, not being able to pronounce.
Considering Community and Open Source Lois Brooks Stanford Terry Ryan UCLA A Decision Framework for Selecting.
Shibboleth Authenticate Locally, Act Globally A Penn State Case Study Renee’ Shuey May 4, 2004 ITS – Emerging Technologies.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Shibboleth: An Introduction
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.
Supporting education and research Security and Authentication for the Grid Alan Robiette, JISC Development Group.
NMI End-to-End Diagnostic Advisory Group BoF Fall 2003 Internet2 Member Meeting.
US of A and A Activities Ken Klingenstein, Director Internet2 Middleware Initiative.
1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.
Web Services Tiered Internet Authorization (WSTIERIA) 21 June 2011 Fiona Culloch
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
Technical Update 2008 Sandy Payette, Executive Director Eddie Shin, Senior Developer April 3, 2008 Open Repositories 2008, Fedora User Group.
Shibboleth 2.0 Update Ken Klingenstein. 2 Topics Shib v1.3 Status SAML new features Shibboleth 2.0 Features Shibboleth 2.x Features We Need Feedback.
Shibboleth Middleware Project Tivoli - Update Mark Simpson - IBM/Tivoli October 4, 2001 Internet 2 Fall Member’s Meeting.
GridShib Grid-Shibboleth Integration An Overview Von Welch
Shibboleth Trust Model Shibboleth/SAML Communities (aka Federated Administrations) Club Shib Club Shib Application process Policy decision points at the.
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
What’s Happening at Internet2 Renee Woodten Frost Associate Director Middleware and Security 8 March 2005.
Shibboleth Update January, 2001 Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado at Boulder.
Security Architectures and Advanced Networks Ken Klingenstein Day Job: Middleware Night Job: Network Security.
Shibboleth 1.2 Technical Overview “So you thought 1.1 was complicated…” Scott Cantor The Ohio State University and Internet2 Scott Cantor.
Federated Security Services Ken Klingenstein Day Job: Middleware Night Job: Network Security.
August 3, 2004WSRP Technical Committee WSRP v2 leveraging WS-Security Discussion 1. WS-* Standards 2. WS-Securtiy Interop&Implementations 3. Customer demands.
Access Policy - Federation March 23, 2016
Shibboleth Project at GSU
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Topics The simple life The Simple Life GUI The full IdM life
Michael R Gettes, Duke University On behalf of the shib project team
Overview and Development Plans
Open Source Web Initial Sign-On Packages
Supporting Institutions Towards a Shibbolized Infrastructure
Introduction to SOA Part II: SOA in the enterprise
NSF Middleware Initiative: GridShib
Presentation transcript:

Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security

Topics  Core software development  Coupled systems The GUI’s down the road Other AA backend dataplugins Alternative WAYF  Shib-enriched apps  Diagnostics  Managing the processes  The federation consequences

Shibboleth Today  V1.2 on the streets, v1.3 in development  Software still is “simple” but getting increasingly complex. Software is still early.  Identified as the national R&E federation technology in the US, the UK, Australia, Switzerland, Finland, and perhaps others…  Increasingly “at” Burton, Catalyst, DigitalID Conferences  Interoperability discussions and commitments being made among federating software developers

Core software development  V1.0 April 2003, v 1.2 May 2004  V1.3 targeted for fall; priorities include portal support, perhaps artifact SAML profile  SAML 2.0, OpenSAML 2.0 and the meaning of Shibboleth  WS-Fed interoperability  Shib as WebISO  SOAP and SAML –interim and long-term  Shib-lite  Refactoring into core and module for long-term management  Integrated documentation and install guides

SAML 2.0  Historic relationship of SAML and Shib  Contributions from both Liberty and Shibboleth to spec.  TC under OASIS, with contributing editor S. Cantor, Individual  Largely done, perhaps final committee work by end of August, then approval by Nov or IBM…  Refactors a lot, in Shib and vendor products – how quickly will vendors adopt?  OpenSAML 2.0 will happen…

Coupled systems  The major GUI’s – SysAdmin, Autograph, PRM  Other AA backend plug-ins  Alternative WAYF approaches Interim Long-term  Diagnostics  Other trust fabrics

GUI’s to manage Shibboleth

SysPriv ARP GUI  A tool to help administrators (librarians, central IT sysadmins, etc) set attribute release policies enterprise- wide For access to licensed content For linking to outsourced service providers Has implications for end-user attribute release manager (Autograph)  GUI design now actively underway, lead by Stanford  Plumbing to follow shortly

End-user attribute release manager (Autograph)  Intended to allow end-users to manage release policies themselves and, perhaps, understand the consequences of their decisions  Needs to be designed for everyone even though only 3% will use it beyond the defaults.  To scale, must ultimately include extrapolation on settings, exportable formats, etc.

Privacy Management Systems

Personal Resource Manager

Shib-enriched apps  uPortal  OKI and Sakai  Lionshare  Fedora   Globus  Netauth  Virtual organization systems

Diagnostics  Fine grain transparent access controls are going to be difficult to diagnose.  Right now, at least four different failure points result in the same Shib error message The target host is down Network performance caused time out of the Shib protocols Firewall blocked the ARP communications Shib itself is misconfigured  And that error message sucks… (Shire not found)  Worst, fine grain access controls will be harder for coarse users…

Diagnostics: next steps  We have a possible large scale framework for the presentation of diagnostics  We have a possible common event record for systems to create logs in and possible ways of end-end access of logs  We have nothing in between Harvesters, threaders, automated diagnostic aids, etc…  Worse, we have nothing with the network performance and security problems that can masquerade as Shib problems.  Something needs to change, sigh…

Project management  Moving to a more distributed development environment  Setting priorities and coordinating international initiatives Technical architecture and code Coordinating investments IPR  Commercial implementations  Consulting opportunities, outsourcing, etc.  Affiliating with other similar open source projects: Apache, Mozilla, etc.

Federation drivers  As we begin to deploy federations, what operational experiences will drive modifications or enhancements of the code Authentication context field Multifederation support Diagnostic support Privacy enhancements, such as use of information fields, etc…

Down the road  Boredom  Dusty remembrances

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.