Download presentation
Presentation is loading. Please wait.
1
Shibboleth Project at GSU
Art Vandenberg Director, Advanced Campus Services Information Systems & Technology Georgia State University A.Vandenberg March 14, 2003
2
Overview “Shibboleth” – the word Shibboleth – the project
Internet2/IBM Middleware collaboration Beginnings in Fall 2000 Component of NSF Middleware Initiative (NMI) Integration Testbed Program Inter-institutional sharing of web resources A.Vandenberg March 14, 2003
3
Key Concepts Federated administration
Access control based on attributes Active management of privacy – Origin site & user control release of data Standards based – OpenSAML (security access markup language) Framework for scaleable Trust & Policy (Clubs) Standard (extensible) AttributeValue Vocabulary – eduPerson LDAP objectClass A.Vandenberg March 14, 2003
4
Problem Space Access to digital library resources from off campus
Using distance education courseware Accessing research web site Accessing co-taught class web site at another university A.Vandenberg March 14, 2003
5
Current solutions – issues
IP-based access – spoofable, limiting Proxy servers – how many do you need…? Shared or group accounts & passwords – no accountability, poor auditability, low level assurance Additional accounts – management hassles, synchronization complexity, too many accounts for user A.Vandenberg March 14, 2003
6
Shibboleth Solution Access without proxy Leverage local authentication
Access based on role attributes Enables access from anywhere on web User can dynamically review/limit release of identifying information (privacy) Reduced logins A.Vandenberg March 14, 2003
7
Architecture Sun Solaris or Red Hat Linux Apache, Tomcat, J2SE
Enterprise single signon (SSO) or WebISO (initial signon) Enterprise directory service (LDAP, mySQL) Target vs. Origin sites A.Vandenberg March 14, 2003
8
From: Shibboleth Architecture v5 Scott Cantor and Marlena Erdos, 13 May 2002
9
Current Status Shibboleth architecture doc v05 - May 2002
Test deployments - v 0.7, v 0.8 WebCT, EBSCO, OCLC, Elsevier… Georgia State implementation A.Vandenberg March 14, 2003
10
Access Web Resource
11
Redirect to WAYF
12
Handle Service: Login
13
Local Authentication
14
Access to Web Resource
15
Access without re-login
16
Shibboleth – GSU goals Implement v 0.8 origin
Authenticate using CampusID Attributes via eduPerson LDAP Pilot with vendors or applications: “affiliation=member” access to EBSCO, Elsevier, OCLC, WebCT, IS&T intranet…? …Implement Attribute Release Policies Be technical resource for Shibboleth A.Vandenberg March 14, 2003
17
Shibboleth – next steps. Q&A Art Vandenberg avandenberg@gsu
Shibboleth – next steps? Q&A Art Vandenberg Victor Bolet A.Vandenberg March 14, 2003
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.