Shibboleth for Middle Schools James Burger -

Slides:

Advertisements

Similar presentations

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

Advertisements

Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.

E-books and E-journals Off-campus This presentation will show you how to log in and access Oxford Brookes Library e-books and e-journals when youre off.

Accessing electronic journals from off- campus This causes lots of headaches, but dont despair, heres how to do it! (Please note – this presentation is.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

Getting Started in Blackboard. You will need… A web browser, preferably Internet Explorer, version 4.0 or higher An account and the knowledge of.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Shibboleth: EBSCOhost implementation Lech Wojtowicz Director of Software Development EBSCO Publishing Access 2003 October 3, 2003.

SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.

Basics Dayton Metro Library Place photo here August 10, 2015.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Middleware challenges to service providers, the Nordic view TERENA, Ingrid Melve, UNINETT.

Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Computer Emergency Notification System (CENS)

David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.

Shibboleth and CU Carol Kassel Digital Knowledge Ventures (DKV)

Shibboleth On-line Authentication System Jon Browne Senior Consultant Drew Heald BSc (Hons), MPhil, MCP Systems Developer IBIS Business Consultants Ltd.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

The National Science Digital Library & Shibboleth.

LGfL Update Stewart Duncan LGfL Technical Manager Ian Lehmann LGfL Operations Manager.

Shibboleth at Columbia Update David Millman R&D July ’05

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.

Shibboleth Access Management System Walter Hoehn & David Millman, Columbia University.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.

State of e-Authentication in Higher Education August 20, 2004.

Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.

1 herbert van de sompel CS 502 Computing Methods for Digital Libraries Cornell University – Computer Science Herbert Van de Sompel

MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.

Administrators on Springerlink Petra Schuster, Global Manager Customer Service eProducts.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Copyright © 2006, Infinite Campus, Inc. All rights reserved. User Security Administration.

Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Configuring and Deploying Web Applications Lesson 7.

E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Exploring Access to External Content Providers with Digital Certificates University of Chicago Team Charles Blair James Mouw.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

Maryknoll Wireless Network Access Steps for Windows 7 As of Aug 20, 2012.

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

B2access.eudat.eu B2ACCESS User Training How to register with B2ACCESS Version 1 February 2016 This work is licensed under the Creative Commons.

Blackboard Learning System r6 and Shibboleth Barry Ribbeck U.Texas Health Science Center at Houston Christopher Etesse Blackboard Inc.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Federation Systems, ADFS, & Shibboleth 2.0

ESA Single Sign On (SSO) and Federated Identity Management

An Introduction to Cloud Computing

Shibboleth Deployment Overview

Presentation transcript:

Shibboleth for Middle Schools James Burger -

What do an ear of corn, a stream of water, and computer networks have in common? Shibboleth.

What is Shibboleth?  Shibboleth is software, more specifically referred to as middleware  Middleware is a layer of software that acts as a facilitator between a network and its applications, providing services such as identification, authentication, and authorization  Shibboleth was developed by Internet2/MACE. The current version is v1.2Internet2/MACE

2 communities  Users – In this case, middle school educators and learners  Service Providers – In this case, content providers who contribute the NSDL collections

Why Shibboleth in middle schools?  Shibboleth is a superior system for allowing users to login to secure resources, because it provides a high level of privacy by allowing communities to set their own Attribute Release Policies.  Attributes conveyed to resources can be used to customize levels of access for the user. For example, a resource might have two distinct areas, one for teachers and one for students. Logging in would bring the user directly to the appropriate area.

Don’t some middle schools already log into resources on the Internet?  Yes. Middle schools already benefit from such resources. There are several established ways to link communities in a collaborative manner.  But, each system suffers from significant inefficiencies. For example…

Users can login with individual usernames and passwords  Difficult to remember different usernames  Difficult to authenticate, limits customization  Easy to generate redundant accounts  User can’t control personal info

Service providers recognize Internet Protocol (IP) addresses of subscribing organizations  Access is limited to on-site use  Administrative burden on both sides

Users can log in through a secure portal or proxy server on their school’s site  Portals and proxy servers may not be as secure as Shibboelth enabled servers  Generic attributes = insufficient data  Administrative burden on both sides

Shibboleth was developed as a means to address each of these issues.

 SOLVED: Access is limited to use on-site at the middle school  SOLVED: Difficult to remember different usernames  SOLVED: Easy to generate several accounts The school assigns each member of its community a unique identifier For example, jb701 = James Burger

When the user logs into the school’s network, a temporary, opaque “handle” is created. The handle disassociates the ID from identifying information. Instead, the user’s organization specifies attributes to send to the content provider through an Attribute Release Policy (ARP).  SOLVED: User can’t control personal info  SOLVED: Difficult to authenticate, limits customization

A user can have several Attribute Release Policies (ARP) ARP I Member of subscribing community ARP II Member of subscribing community Student ARP III Member of subscribing community Student Grade

Federations agree on Attribute Release Policies  SOLVED, again: Difficult to authenticate, limits customization  SOLVED, again: Generic attributes = insufficient data  SOLVED, again: User can’t control personal info

Shibboleth establishes a truly efficient system for content access  Enough detail to know user’s needs  Not enough detail to know user’s identity  Ability to access resources remotely  SOLVED: Generic attributes = insufficient data

Fewer attributes = greater privacy More attributes = greater granularity Shibboleth federations are striking a balance.

How much does it cost to implement Shibboleth?  The software itself costs nothing  Implementation costs depend on the existing technological infrastructure of the school and the technical capability of the staff

What is required to implement Shibboleth?  Web Server  Java Servlet Container  Login system (identity management)  Agreement with federation policies

What does Shibboleth look like?

Isn’t it more complex than that?

What does the user see?  The user may see two screens before reaching the requested content  Both should be intuitive and may be used in numerous other applications:  Where Are You From (WAYF)  Organization login screen

OK, so far you’ve described a new way to network computers. What does that have to do with an ear of corn or a stream of water?

Shibboleth derives its name from the Hebrew word for an ear of corn or a stream of water. The name’s significance lies in its use as a Biblical password devised by the Gileadites to ward off the Ephraimites. “…they would say to him, then say, ‘shibboleth;’ but he would say, ‘sibboleth,’ not being able to pronounce it correctly.” --Judges 12.6

Contact Information James Burger Manager, Subscriber Services National Science Digital Library (NSDL) Columbia University 417 Watson Hall 612 West 115th Street New York, NY /