Shibboleth 2.0 Update Ken Klingenstein. 2 Topics Shib v1.3 Status SAML 2.0 -- new features Shibboleth 2.0 Features Shibboleth 2.x Features We Need Feedback.

Slides:

Advertisements

Similar presentations

Federated Identity for Grid Architects Tom Scavo NCSA

Advertisements

Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.

Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.

Shibboleth 2.0: 6 months later…

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.

2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.

WebFTS as a first WLCG/HEP FIM pilot

Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

Federated A(A(A))I Jens Jensen hepsysman, RAL,

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

GridShib Project Update Tom Barton 1, Tim Freeman 1, Kate Keahey 1, Raj Kettimuthu 1, Tom Scavo 2, Frank Siebenlist 1, Von Welch 2 1 University of Chicago.

SASL-SAML update Klaas Wierenga Kitten WG 9-Nov-2010.

SWITCHaai Team Introduction to Shibboleth.

Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.

Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

SAML Right Here, Right Now Hal Lockhart September 25, 2012.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

Chad La Joie Shibboleth’s Future.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.

GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

Shibboleth for Real Dave Kennedy

SAML 2.0: Federation Models, Use-Cases and Standards Roadmap

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

Connect. Communicate. Collaborate Place organisation and project logos in this area Usage of SAML in eduGAIN Stefan Winter, RESTENA Foundation TERENA Networking.

Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,

Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Shibboleth for Local Attribute Delivery 21 June 2007.

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Technical Break-out group What are the biggest issues form past projects – need for education about standards and technologies to get everyone on the same.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

US of A and A Activities Ken Klingenstein, Director Internet2 Middleware Initiative.

Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.

Web Services Tiered Internet Authorization (WSTIERIA) 21 June 2011 Fiona Culloch

Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.

Shibboleth at the U of M Christopher A. Bongaarts net-people March 10, 2011.

Gridshib-tech-overview-dec051 GridShib A Technical Overview Tom Scavo NCSA.

Cloud federation Are we there yet? Marek Denis CERN openlab Major Review Geneva, Switzerland › October

Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent.

IdP Selection WG A proposal to next steps (Draft) Version v0.2.

Shibboleth A Technical Overview

Fidelity Feedback on SAML 1.X and ID-FF 1.X Patrick Harding Enterprise Architecture Fidelity Investments.

PAPI 2 Distributed trust model and AA interoperability.

Brown University Leveraging Social Identities Steve Carmody CSG, May 15, 2013.

126/02/2016 META ACCESS MANAGEMENT SYSTEM A Ship on the Grid – Interoperability between Shibboleth and the Grid – Dr. Erik Vullings Programme Manager Macquarie.

Shibboleth, SRB, PGL & Plone Russell Sim. MyProxy client uses portal with Web SSO protected with an SP transformation of attributes to certs by MyProxy.

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA.

University of Murcia Gabriel López.  Network authentication in eduroam and SSO token distribution ◦ RADIUS hierarchy ◦ Token based on SAML  Network.

Security Assertion Markup Language, v2.0 Chad La Joie Georgetown University / Internet2.

Using Umbrella with other technologies at Diamond

Shibboleth Roadmap

Federation Systems, ADFS, & Shibboleth 2.0

INDUSTRY WORKSHOP STORK OVERVIEW 2nd Industry Group – 26 June, 2009

SAML New Features and Standardization Status

HMA Identity Management Status

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

OGF 21 Seattle Washington

Overview and Development Plans

Agenda Introductions Brief review of our project charge

NSF Middleware Initiative: GridShib

David Orrell, Adam Snook. REFEDS 40, Tallinn

Diameter ABFAB Application

Presentation transcript:

Shibboleth 2.0 Update Ken Klingenstein

2 Topics Shib v1.3 Status SAML new features Shibboleth 2.0 Features Shibboleth 2.x Features We Need Feedback on… Shibboleth Status, timeline

3 Shib v1.3 Status ODBC cache plugin for the SP Addons GridShib ADFS LionShare

4 SAML new features Authn Request -- extended functionality Single Logout NameID Mapping and Management Enhanced Client or Proxy (ECP) Profile Encryption

5 Shibboleth 2.0 Features What is the definition of Shibboleth 2.0? Is a new profile needed? Convergence with commercial Liberty and SAML products Support for the published Shibboleth profile (would not interoperate with Shibb v1.2…?) Support for SAML 2.0 AuthN, Logout, Attribute Artifact, and NameID management requests everything but AuthnQuery and AuthzDecisionQuery) how applications would influence the AuthnRequest process

6 Shibboleth 2.0 Features Good/real targeted ID implementation SP 2.0 ( implemented in C++ and Java Is it a problem if the C++ follows the java version? Authn Request some of the extended SAML functionality Shib will include some Authentication processing "in the box” interface to SSO systems to support new functionality in Authn Request IdP be easily clusterable and should be stateless to the greatest extent possible

7 Shibboleth 2.0 Features SP - clusterable other new functionality? Production ready WAYF providing both standalone and application-integrated functionality in at least Java ask for input on current problems? (use shib-dev list)

8 Shibboleth 2.x Delegated Authentication SAML NameID management requests account linking)

9 Need Feedback on aggregating attributes from multiple sources, something that's outside the bounds of the spec, but often discussed define a WAYF protocol for getting/setting the IdP choice and returning to the SP with it InfoCard support

10 Shibboleth Status, timeline coding currently underway on OpenSAML 2.0 will support both saml v1.1 and 2.0 about 50% done expect to have beta in March timeframe initial beta version of Shib 2.0 available May/June 2006

11 Questions?