Download presentation
Presentation is loading. Please wait.
Published byLorin Bryan Modified over 9 years ago
1
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
2
Copyright Barry Ribbeck 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
3
Learning Management Systems Define courses to be offered and with whom. Work with provider access group(s) to define requirements for: 1.Administrative and legal issues 2.Policy 3.Security 4.Monetary reimbursement considerations 5.Document retention 6.Technical implementation and user support 7.Document any implementation issues and readdress with access group(s)
4
Things are moving Fast Burton Group Quote from Vantage Security Magazine Spring 2004 “The Burton Group estimates that about 100 federation projects have been launched throughout the corporate world, with thousands of other actively investigating it for their firms.”
5
Learning Management Systems Current Processes for Identity Provider Join a Federation common to the Resource Provider! Work out any bi-lateral agreements as needed. ASSUMES 1-6 in previous slide is done! Test support mechanisms. Supply a list of EPPNs to Resource Provider for Population into BB course (can be done in bulk) or activate auto provisioning. Agree on assertion exchange for authZ and provision in local directory. COURSE BEGINS Agree on de-provisioning method and data management after the course is completed.
6
Learning Management Systems Current Process for Resource Provider Join a Federation common to Authentication Provider. Work out any bi-lateral agreements as needed. ASSUMES 1-6 in previous slide is done! Test support mechanisms Define the AAP for Identity Provider access using agreed upon attribute assertion(s). Provision the Bb database COURSE BEGINS Provide Identity Provider with post course data as required Complete records retention as defined
7
Blackboard Learning Management System Requirements Shib 1.0 or greater* Blackboard 6.0.11 or higher Support Shibboleth will be fully supported as a custom authentication option in Bb (currently in a limited Alpha release) Disclaimer Limited support, tested only on Red Hat Linux and Sun Solaris implementations
8
Connection Details UTHSC Implementation User connecting to {shib(Bb)} is redirected to Wayf as expected Resource requires eppn and eduPersonEntitlement If AA assertions are accepted, Bb remote user is populated with eppn BbShibbolethAuthModule gets the remote user and creates the user object in BbLS –Can be extended via “Bb Advanced Data and Authentication Manual” –See next slide Bb can create user account in DB on login (User Account Generation on Gateway: Enable ) or it can be created a priori Currently, course admin must add user to respective courses manually or in batch process * * This assumes a particular database management model
9
Yet to be done? Updated Standardization on value to populate remote user DONE! EPPN A way to mix local and shib users by redirection at portal by user choice or failover to Shib DONE! http://bb.uth.tmc.edu
10
Ongoing Work Standardized Course attributes in LDAP (see Mace Course ID work) Shibboleth protected Portals (EZ Proxy coming soon) Non-Web based shibboleth protected resources (Pen State LionShare, Napster, ShibIM). RBAC (see Mace Dir Grouper). Just-in-time provisioning using asserted courseid attributes from identity provider and edupersonEntitlement discussions.
11
Shibboleth and Blackboard Home University Attribute Authority Authentication System (ISO/SSO/Cert) Handle Service Service Provider ACS AR Attribute Acceptance Policy Sites.xml Resource Manager Browser Federation WAYF SERVICE (IN COMMON) 1. I would like access? 3. Where are you from? 4. I am from HU, logged in? Identity Provider Resource Provider 5. Authenticate me to HU 2. Can you authenticate via my Wayf ? 7. Need eppn & eduPersonEntitlemnt for X? 6. AuthN ok send handle X to Resource Provider 8. Link Handle X to user and Lookup attributes RBAC Authorization System - LDAP (eduperson) 9. Attributes found and Released 10. If ARP allows, attributes are sent to Resource. If attributes are sufficient, access is granted by Resource Manager on Resource Provider Bb remoteuser=eppn auto acct generation = on 11 Logged onto Bb Shib Software =
12
The Ever Risky Live Demo http://bb.uth.tmc.edu
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.