Shibboleth at Columbia Update David Millman R&D July ’05

Slides:

Advertisements

Similar presentations

Lousy Introduction into SWITCHaai

Advertisements

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

Peter Deutsch Director, I&IT Systems July 12, 2005

Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.

Shibboleth Update a.k.a. “shibble-ware”

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Federated A(A(A))I Jens Jensen hepsysman, RAL,

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Rights / Business Models in the NSDL Columbia University David Millman April, 2001.

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

The InCommon Federation The U.S. Access and Identity Management Federation

PERSEU S : Portal-enabled Resources via Shibbolized End-user Security 3 May 05Spring 2005 Internet2 Member meeting 1 News from the ‘misty’ Albion: Shibboleth.

Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.

David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.

Shibboleth A Federated Approach to Authentication and Authorization Fed/Ed PKI Meeting June 16, 2004.

Shibboleth for Real Dave Kennedy

Shibboleth and CU Carol Kassel Digital Knowledge Ventures (DKV)

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

The National Science Digital Library & Shibboleth.

Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie.

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.

Shibboleth Access Management System Walter Hoehn & David Millman, Columbia University.

7 th FIM 4 R meeting April 2014 ESRIN Frascati.

1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.

University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

Mairéad Martin The University of Tennessee December 16, 2015 Federated Digital Rights Management.

Shibboleth: Molecules, Music, and Middleware. Outline ● Terms ● Problem statement ● Solution space – Shibboleth and Federations ● Description of Shibboleth.

CARSI: Federated Identity and Resource Sharing over CERNET Dr. PING CHEN Peking University( 北京大学 ) Jan, 24 th, 2008.

Millman—Nov 04—1 An Update on Digital Libraries David Millman Director of Research & Development Academic Information Systems Columbia University

The UK Access Management Federation John Chapman Project Adviser – Becta.

NSDL & Access Management David Millman Columbia University Jan ‘02.

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

InCommon® for Collaboration Institute for Computer Policy and Law May 2005 Renee Shuey Penn State Andrea Beesing Cornell David Wasley Internet 2.

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

Shibboleth for Middle Schools James Burger -

The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop.

Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

The FederID project The First Identity Management and Federation Free Software.

David Millman—Columbia January 2005

Federated Identity Management for Researchers (FIM4R)

e-Infrastructure Workshop 28th March 2006, University of Leeds

The French federation Eurocamp 2007 Helsinki

Shibboleth Deployment Overview

Appropriate Access InCommon Identity Assurance Profiles

Presentation transcript:

Shibboleth at Columbia Update David Millman R&D July ’05

Millman—July ’05—2 Shibboleth Motivation & history Architecture Examples Policy issues Future

Millman—July ’05—3 Shibboleth Language usage indicative of one's regional and/or social origins used to identify members of one's own or of another group. Borrowed from Biblical Hebrew; refers to the story in the Book of Judges 12:5-6 in which shibboleth was used by the Gileadites as a password to identify the Ephraimites by their dialectal pronunciation. Definition

Millman—July ’05—4 Motivation National Science Digital Library (nsdl.org, NSF grant to EPIC) ca. 200 separate awards—collections, services, targeted research, curating aggregators 3 “core integration” awards—UCAR (Univ Corp for Atmospheric Research, Boulder), Columbia, Cornell Columbia Role –relations with the publishing industry –distributed, flexible, private access management

Millman—July ’05—5 Origin within Standards Internet2 consortium (internet2.edu) –high-performance networking –middleware –video & computation Shib is an application of the Security Assertion Markup Language (SAML) from oasis-open.org web standards organization (cf. W3C, IETF) — same as used by the Liberty Alliance Original work at Columbia on 3rd-party access management (cf. DLib Magazine ’98) University, library privacy concerns

Millman—July ’05—6 Architecture Multiple, distributed Service Providers (SP) –applications –accept the agreed set of user attributes Multiple, distributed Identity Providers (IdP) –localized login –assert proof of identity (authentication) for members of their respective communities without disclosing individual identity –transmit standard, widely agreed user attributes (“directory” information) Shared service for users to choose their local identity provider (WAYF— “where are you from?”)

Millman—July ’05—7 Architecture Service User Browser Local Identity Infrastructure WAYF

Millman—July ’05—8 Architecture... from SWITCH—Swiss Education & Research Network

Millman—July ’05—9 Local Examples Database of Recorded American Music (DRAM) – –federation: Internet2 inQueue Columbia Educational Resources Online (CERO) – –federation: edu-fed.org (Columbia invention) Digital Anthropology Resources for Teaching (DART) – –federation: edu-fed National Science Digital Library (NSDL) – –federation: nsdl ARTstor –federation: Internet2 inQueue (more reliable demo page: )

Millman—July ’05—10 Issues Technical –wayf scalability –PKI adoption (digital certificates, etc) Policy –any bi-lateral doesn’t take advantage of the built-in scalability of the shibboleth architecture –Federation represents agreement on procedures—a legal framework encourages standards for directory information (eduPerson, course membership) controlling issuance of certificates to participants—gateway function –Examples edu-fed.org (LSE/CU) inQueue (Internet2 test) inCommon (Internet2 production)

Millman—July ’05—11 Federation Implications may clarify internal agreements about identity management & policy at local institution information offered to the federation is the same for all members—is that acceptable, without trusting each new member bilaterally? international questions

Millman—July ’05—12 Future—next steps other SAML-based frameworks (longer term) directory/attribute standards (stable in some cases—but still per-institution issues) application re-architecting (esp NSDL at the moment) federal/international certification authorities (medium term—pilots in progress)

Millman—July ’05—13 Questions?