Shibboleth Update January, 2001 Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado at Boulder.

Slides:

Advertisements

Similar presentations

Conference xxx - August 2003 Fabrizio Gagliardi EDG Project Leader and EGEE designated Project Director Position paper Delivery of industrial-strength.

Advertisements

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Welcome to CAMP! Ken Klingenstein, Director, Internet2 Middleware Initiative.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

ICDL 2004, New Delhi1 Access Management for Digital Libraries in a well-connected World John Paschoud SECURe Project London School of Economics Library.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

Shibboleth Update a.k.a. “shibble-ware”

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

Shibboleth and InCommon: Making Secure Collaboration a Reality Scott Cantor Internet2/MACE and The.

Collaboration & InCommon EDUCAUSE Midwest Regional Conference March 21, 2005 Carrie E. Regenstein UW-Madison.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Project Shibboleth Update, Demonstration and Discussion Michael R Gettes Duke University (on behalf of the entire shib team!!!) June.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Middleware Activities Update Internet2 Membership, with coordination provided by Internet2 et al presentation by Renee Woodten Frost Internet2 and the.

3 September 2015 Federated R US. Agenda  Background on Internet2 Middleware and NSF Middleware Initiative  The body of work  Directories  Shibboleth.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.

Top Issues Facing Information Technology at UAB Sheila M. Sanders UAB Vice President Information Technology February 8, 2007.

Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.

David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

Shibboleth Update RL “Bob” Morgan, Washington Steven Carmody, Brown Scott Cantor, Ohio State Marlena Erdos, IBM/Tivoli Michael Gettes, Georgetown Keith.

Internet2 CAMP Shibboleth Scott Cantor (Hey, that’s my EPPN too.) Tom Dopirak Scott Cantor (Hey, that’s my.

Shibboleth Update Advanced CAMP 7/31/02 RL “Bob” Morgan, Washington Steven Carmody, Brown Scott Cantor, Ohio State Marlena Erdos, IBM/Tivoli Michael Gettes,

Shibboleth A word which was made the criterion by which to distinguish the Ephraimites from the Gileadites. The Ephraimites, not being able to pronounce.

Shibboleth at Columbia Update David Millman R&D July ’05

Shibboleth: An Introduction

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.

Outsourcing Student at USC Institute for Computer Policy and Law Cornell University, August 2008 Asbed Bedrossian Director of Enterprise Applications.

NMI End-to-End Diagnostic Advisory Group BoF Fall 2003 Internet2 Member Meeting.

US of A and A Activities Ken Klingenstein, Director Internet2 Middleware Initiative.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Shibboleth: Status and Pilots. The Golden Age of Plywood.

Project Shibboleth Update, Demonstration and Discussion Michael Gettes May 20, 2003 TERENA Conference, Zagreb, Croatia Michael Gettes.

The Golden Age of Plywood Ken Klingenstein Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado at Boulder.

1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.

Shibboleth A word which was made the criterion by which to distinguish the Ephraimites from the Gileadites. The Ephraimites, not being able to pronounce.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.

The UK Access Management Federation John Chapman Project Adviser – Becta.

05 October 2001 Directories: The Next Stage Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect University.

Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck

Shibboleth: Overview and Status The Shibboleth Architecture Team.

Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.

JISC Shibboleth Briefing, 12-Mar Everything I always wanted to know about Shibboleth John Paschoud SECURe Project, LSE Library …but was afraid to.

Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.

CAMP-Shib, Broomfield CO, 30-Jun-041 Exploring some Shibbolized portals models… John Paschoud PERSEUS Project, LSE Library.

InCommon® for Collaboration Institute for Computer Policy and Law May 2005 Renee Shuey Penn State Andrea Beesing Cornell David Wasley Internet 2.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

October 2, 2001 Middleware: Pieces and Processes RL "Bob" Morgan, University of Washington.

2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect.

May I introduce you to eduPerson? Keith Hazelton Sr. IT Architect, UW-Madison TNC 2001, Antalya, Turkey, 15-May-2001.

NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.

Welcome to CAMP Directory Workshop Ken Klingenstein, Internet2 and University of Colorado-Boulder.

Shibboleth for Middle Schools James Burger -

SEPARATE ACCOUNTS FOR PROSPECTS? WHAT A HEADACHE! Ann West Assistant Director, InCommon Assurance and Community Internet2 at Michigan Tech.

The Technology of Privacy Walter Hoehn

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

The FederID project The First Identity Management and Federation Free Software.

Shibboleth Project at GSU

Michael R Gettes, Duke University On behalf of the shib project team

Overview and Development Plans

Internet2 Middleware Activities Progress

Supporting Institutions Towards a Shibbolized Infrastructure

Shibboleth: Status and Pilots

4th Annual Conference on Technology and Standards Washington

The JISC Core Middleware Call

Presentation transcript:

Shibboleth Update January, 2001 Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado at Boulder

A word which was made the criterion by which to distinguish the Ephraimites from the Gileadites. The Ephraimites, not being able to pronounce sh, called the word sibboleth. See --Judges xii. Hence, the criterion, test, or watchword of a party; a party cry or pet phrase. - Webster's Revised Unabridged Dictionary (1913):Webster's Revised Unabridged Dictionary (1913)

Shibboleth an initiative to analyze and develop mechanisms(architectures, frameworks, protocols and implementations) for inter- institutional authentication and authorization facilitated by Mace (a committee of leading higher ed IT architects) and Internet2

Related Work Previous DLF work OASIS Technical Committee (vendor activity, kicked off this week) UK - Athens and Sparta projects Spain - rediris project

Discussion Outline Stage 1 Goals Model Expected Evolution Assumptions Campus and Resource Requirements Issues Project Status/Next Steps

Stage 1 - Addressing Three Scenario’s Member of campus community accessing licensed resource Anonymity required Member of a course accessing remotely controlled resource Anonymity required Member of a workgroup accessing controlled resources Controlled by attributes, perhaps including identity

Model Local Authentication Local Entity Willing to Make Assertions About the User Attribute/value pairs User has control over disclosure Identity optional “active member of community” “Associated with Course XYZ” Target responsible for Authorization Rules engine Matches contents of credentials against ruleset associated with target object

Evolution in Design Survey of deployed web access control implementations Mace-shibboleth discussions movement from a lightweight and casual approach to a more extensible view IBM participation

Assumptions “authenticate locally, act globally” the Shibboleth shibboleth Leverage vendor and standards activity wherever possible Disturb as little of the existing campus infrastructure as possible Encourage good campus behaviors Learn through doing Create a marketplace and reference implementations

Campus and Resource Requirements campus-wide identifier space campus-wide authentication service Implementation of Eduperson objectclass

Issues Personal Privacy (reasonable expectation, laws) Relation to local weblogin (Single Signon) Portals Use of Shibboleth framework by services beyond the web Grid resources and users

Project Status/Next Steps Requirements and Scenarios document nearly finished IBM and Mace-Shibboleth are refining architecture and evaluating issues IBM intends to develop an Apache web module Internet2 intends to develop supporting materials (documentation, installation, etc) and web tools (for htaccess construction, filter and access control, remote resource attribute discovery). Technical design complete - April, 2001 Coding... Pilot site start-up - Aug, 2001 Public demo- Internet2 Fall Member Meeting 2001

Questions?