Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Shibboleth Attribute Delivery for Campuses New to Shibboleth Paul Caskey The University of Texas System.

Published byClaude Walsh Modified over 8 years ago

Similar presentations

Presentation on theme: "Introduction to Shibboleth Attribute Delivery for Campuses New to Shibboleth Paul Caskey The University of Texas System."— Presentation transcript:

1 Introduction to Shibboleth Attribute Delivery for Campuses New to Shibboleth Paul Caskey The University of Texas System

2 Agenda Intro/Background The lure of attributes How are we using attributes in the U.T. System? What are some of the challenges? Questions?

3 Intro / Background U.T. System consists of 15 campuses and System Administration We are pursuing federated IdM in a closed “federation” among these institutions (much like a large decentralized campus) Pilot ops 2004-2006, production as of 9/2006 Policies specify campus IdM practices, established governance structure Current: All institutions on-board, 10 federated apps, new apps emerging (and they want attributes!)

4 The lure of attributes Authorization Get information directly from the authoritative source Can make very granular decisions about access Security No app-based service accounts for accessing directory info Receive timely, accurate information at run-time Eliminate “islands” of potentially stale identity info User convenience More reliable than self-assertion, eliminate typos Users like this feature!

5 How is the U.T. System using attributes? Current: eduPersonPrincipalName primarily used, with app databases still containing lots of directory info A few apps are consuming e-mail address One or two apps consuming eduPersonAffiliation 2 local apps consuming eduPersonEntitlement Emerging: Now, apps are wanting many other atributes: cn, givenName, sn, eduPersonAffiliation, eduPersonEntitlement (multiple values), group membership, and even some as-yet-undefined attributes!

6 What are some of the challenges? Rolling your own – what happens when standard object classes fall short? Who defines these “local” attributes? What restrictions are placed on their vocabulary? How are changes to the above managed over time? Provisioning Converting institutional knowledge into attributes Requires accurate, reliable source data, strong provisioning technology, and a programmer or two… Where does the provisioning function live organizationally?

7 What are some of the challenges? (cont) Attribute Release You want what?? You’re going to do what with it?? Governance: How does an SP request attributes from IdPs? Who approves this? Policy: Ensuring SPs treat attributes “with proper respect” (regulatory issues?) Technology: Per-attribute, per-SP release – managing this level of flexibility can be quite a challenge! Attribute Acceptance Scoped values The Attribute “Authority” What do you do when there are multiple sources for an attribute with varying trust levels (a.k.a. attribute LoA)? How do you handle the situation where the set of all possible values for an attribute come from multiple sources (VOs)?

8 Questions? Thank you!

Download ppt "Introduction to Shibboleth Attribute Delivery for Campuses New to Shibboleth Paul Caskey The University of Texas System."

Similar presentations

Paul Caskey Technology Architect June 21, 2007 The University of Texas System Federated Identity Management Initiative https://idm.utsystem.edu/downloads/APAN-UTsys-June07.ppt.

Paul Caskey Technology Architect June 21, 2007 The University of Texas System Federated Identity Management Initiative
Brown University Shibboleth at Brown University James Cramton April 2, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.

Brown University Shibboleth at Brown University James Cramton April 2, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.
Starting Your Roadmap: Concepts and Terms Paul Caskey, The University of Texas System Copyright Paul Caskey 2007. This work is the intellectual property.

Starting Your Roadmap: Concepts and Terms Paul Caskey, The University of Texas System Copyright Paul Caskey This work is the intellectual property.
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Data Management Awareness January 23, 2008 1 University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Brown University Shibboleth at Brown University James Cramton March 5, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.

Brown University Shibboleth at Brown University James Cramton March 5, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.
1 Governance in Identity Management Federations Clair Goldsmith, Ph.D. The University of Texas System Administration.

1 Governance in Identity Management Federations Clair Goldsmith, Ph.D. The University of Texas System Administration.
Enabling Cloud Services & Federated Authentication UPN & Email Infrastructure Changes Chris Pruess ITS AIS Directory & Authentication Services.

Enabling Cloud Services & Federated Authentication UPN & Infrastructure Changes Chris Pruess ITS AIS Directory & Authentication Services.
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.

Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s.

A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s.
The InCommon Federation The U.S. Access and Identity Management Federation www.incommon.org.

The InCommon Federation The U.S. Access and Identity Management Federation
EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.

EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.
Maturation & Convergence in Authentication & Authorization Services in US Higher Education: Keith Hazelton, Sr. IT Architect, University.

Maturation & Convergence in Authentication & Authorization Services in US Higher Education: Keith Hazelton, Sr. IT Architect, University.

Similar presentations

Ads by Google