Shibboleth Update Fall 2012. Ch-ch-changes Chad moving on to new job opportunity, requires realigning product responsibilities and reviewing roadmap Tom.

Slides:

Advertisements

Similar presentations

Federated Identity for Grid Architects Tom Scavo NCSA

Advertisements

1 ALICE Grid Status David Evans The University of Birmingham GridPP 14 th Collaboration Meeting Birmingham 6-7 Sept 2005.

Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.

Recall The Team Skills 1. Analyzing the Problem (with 5 steps) 2. Understanding User and Stakeholder Needs 3. Defining the System 4. Managing Scope 1.

ABFAB for Internet-of-Things Rhys Smith, Janet Sam Hartman & Margaret Wasserman, Painless Security.

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.

MyProxy: A Multi-Purpose Grid Authentication Service

Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.

Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.

Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.

Project Moonshot update TF-EMC2 & TF-MNM 14 & 16 February 2011.

® Practical Approaches to Web Services Authentication 72nd OGC Technical Committee Frascati, Italy Fiona Culloch March 9, 2010 Sponsored and hosted by.

Dspace – Digital Repository Dawn Petherick, University Web Services Team Manager Information Services, University of Birmingham MIDESS Dissemination.

Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases Copyright Wonderlane Studios.

Enabling Cloud Services & Federated Authentication UPN & Infrastructure Changes Chris Pruess ITS AIS Directory & Authentication Services.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

SASL-SAML update Klaas Wierenga Kitten WG 9-Nov-2010.

SWITCHaai Team Introduction to Shibboleth.

Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.

An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1.

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

Single Sign-on with Kerberos 1 Chris Eberle Ryan Thomas RC Johnson Kim-Lan Tran CS-591 Fall 2008.

XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.

Shibboleth for Real Dave Kennedy

Introduction Moonshot workshop

Project Moonshot update ABFAB, IETF 80. About Moonshot Moonshot is implementing ABFAB Developer meeting, 24 March 2011 Testing event, 25 March 2011 A.

Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)

Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.

The Application and the Ecosystem. Acknowledgments Home and Scott Cantorhttps://spaces.internet2.edu/display/fedapp/

Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.

Federating non-web services with LDAP-Façade

Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011.

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

Image © Viatour Luc ( Project Moonshot TNC 2010 Vilnius, 1 June 2010 Josh Howlett, JANET(UK)

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

AUSTRALIAN ACCESS FEDERATION. Who we are Shared service for R&E Provide the trusted authentication framework for:  Universities  Education  Research.

Jasig CAS Roadmap Scott Battaglia Rutgers, the State University of New Jersey.

Introduction & use-cases FedAuth IETF78 Maastricht, July 27, 2010

Shibboleth Working Group, Fall 2010 Scott Cantor, OSU Chad LaJoie, Itumi, LLC.

Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA.

Workshop on Security for Web Services. Amsterdam, April 2010 Applying SAML to Identity Data Exchange.

Project Moonshot Daniel Kouřil EGI Technical Forum

Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Utrecht.

Non Web-based Identity Federations - Moonshot Daniel Kouril, Michal Prochazka, Marcel Poul ISGC 2015.

Authentication and Authorisation for Research and Collaboration Marcus Hardt AARC AHM, Milan Current Status of Non Web (via LDAP.

CLASSe PROJECT: IMPROVING SSO IN THE CLOUD Alejandro Pérez Rafael Marín Gabriel López

Federated Access to Storage EGI CF 2012 Luke Howard, Daniel Kouril, Michal Prochazka.

Security Assertion Markup Language, v2.0 Chad La Joie Georgetown University / Internet2.

WSO2 Identity Server. Small company (called company A) had few services deployed on one app server.

SASL GSS-API Bridge: GS2

Moonshot, in a nutshell SAML IdP Client Server AAA EAP RADIUS.

Access Policy - Federation March 23, 2016

Using Your Own Authentication System with ArcGIS Online

Federation made simple

Federation Systems, ADFS, & Shibboleth 2.0

HMA Identity Management Status

Jean-François Perrin (ILL) - Umbrella Annual Meeting 2015

European AFS & Kerberos Conference 2010

SP Roadmap Identifies “current”, “next”, and possibly “future” releases along with links.

Identity Federations - Installation and operation

ESA Single Sign On (SSO) and Federated Identity Management

Simplified Development Toolkit

Team 21: Project Design Team Members: Nathan Staley Steven Murray

Presentation transcript:

Shibboleth Update Fall 2012

Ch-ch-changes Chad moving on to new job opportunity, requires realigning product responsibilities and reviewing roadmap Tom Zeller coming on board as IdP lead Ian Young assuming responsibility for Metadata Aggregator Other roles largely the same 2

IdPv3 Scope and schedule inevitably impacted Priority for project team is delivering a dev plan to the new Consortium Board this month Identify resource gaps, then adjust plan or find resources 3

Service Provider release smooth apart from traditional packaging foibles Pending outcome of an issue under investigation, End of Life for V2.4.3 will be Nov 30 th patch update under development to address Apache 2.4 support, other bugs as time permits 4

SAML ECP + GSS-API/SASL + ISOC + NCSA = SSH IMAP LDAP XMPP NFS AFS … 5

SAML ECP in GSS-API Authentication of TLS client/server session via SAML IdP Backward-compatible profile adding channel binding, holder of key security, session key establishment GSS-API mechanism allowing use of IdP with ECP Expose SAML identity via GSS-API Naming Extensions SASL support via GS2 bridge mechanism

Takeaways Proof of concept stage, specs still evolving No browser for authentication, no implicit web- based flows alongside the real ones Strong complementary overlap with Project Moonshot: client UI and IdP provisioning GSS client and server changes use of SAML-based identities, GSS naming extensions likely to share code 7