Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shibboleth and CU Carol Kassel Digital Knowledge Ventures (DKV)

Similar presentations


Presentation on theme: "Shibboleth and CU Carol Kassel Digital Knowledge Ventures (DKV)"— Presentation transcript:

1 Shibboleth and CU Carol Kassel Digital Knowledge Ventures (DKV)
James Burger National Science Digital Library (NSDL)

2 Table of contents What is Shibboleth? How is it being used at CU?
What’s Carol’s involvement? Jim’s involvement? How could Shibboleth be used? What are the advantages to using it (SP)? What are the advantages to using it (IdP)?

3 What is Shibboleth? “Shibboleth, a project of Internet2/MACE, is developing architectures, policy structures, practical technologies, and an open source implementation to support inter-institutional sharing of web resources subject to access controls. In addition, Shibboleth will develop a policy framework that will allow inter-operation within the higher education community.” In English: Shibboleth allows users from different institutions or groups to obtain access to protected content anywhere on the Web. Users log in locally and their privacy is maintained. Shibboleth is “middleware,” software that facilitates communication between or among servers.

4 “Shibboleth” (Judges 12)

5 How is it being used at CU?
National Science Digital Library (NSDL) – an interinstitutional project being developed in part by EPIC DART (Digital Anthropology Resources for Teaching) – in development jointly by LSE and CU (including EPIC) Artstor – some CU involvement CERO – developed by DKV; Shib-enabling by EPIC That’s it…for now!

6 Shibboleth pieces “Service provider” (SP, or “target”) – the site that users want to access “Identity provider” (IdP, or “origin”) – the place where users need to log in; the holder of user data “Where are you from?” page (WAYF) – the place where users identify themselves so that they can log in appropriately Attributes – info about the user that gets released from the IdP to the SP, according to policies on both ends

7 columbia.edu/~jb701/shib

8 What’s Carol’s involvement?
Columbia Educational Resources Online (CERO) needed to serve three audiences: CU affiliates with valid UNI/password Non-CU users with valid username/password Users at subscribing institutions with valid IP address “CU affiliates” included not just on-campus users but off-campus users, too, esp. alumni New site to be built for alumni: with links to CERO

9 Why we used Shibboleth Problem 1: How could we allow access to seminars via UNI login and still handle existing audiences? Problem 2: How could we maintain security of UNI system in all transactions? Problem 3: How could we make login process smooth and seamless? Problem 4: How could we require login once and keep users logged in for duration of browser session? Answer: Shibboleth!

10 Shibboleth setup for CERO

11 Shib-enabled login process

12 Details of general relevance
CU IdP existed for NSDL, but needed customization for CERO New IdP created for alternate reg system; can be used for other purposes (hence DKV/CU Press co-branding) CERO now running on alternate web server – no load balancing, no systems support IP address auth still supported (outside Shib)

13 Key players on CERO project
Walter Hoehn (EPIC, now University of Memphis): expertise in Shibboleth Noah Levitt (EPIC): creator of alternate reg system, no previous Shibboleth experience Andrew Johnston, Steve McGrath (AcIS): WIND developers, managers of Tomcat, no previous Shibboleth experience Carol Kassel (DKV): project manager, no previous Shibboleth experience

14 Success! Deployed November 2003
Very little downtime; very few technical problems Promotion to alumni in Feb 2004: excellent response rate, no major issues

15 JB’s NSDL Mission Introduce the Middle School Community to the NSDL in hopes that they make use of the resources currently available at NSDL.org Implement Shibboleth Origin sites in pilot middle schools (or at least “sell” the idea)

16 How could Shibboleth be used?
Move away from IP address auth to Shib for subscribing institutions who have that capability – i.e., set up CIAO, Earthscape, Gutenberg<e>, CAHO as Service Providers Involves deploying Shibboleth on main web servers, esp. for CIAO Use Shib to provide more resources for CU alumni while supporting existing audiences Shib-enable new web resources when they are developed

17 Potential Obstacles Lack of Shibbolized Targets: Without a selection of targets for the Shibbolized Origins to connect with, there is little incentive for middle schools to participate (the good ol’ Catch-22 scenario with essence of Chicken & Egg for flavor). Variety of existing infrastructure and expertise: Assumption - because the middle schools vary so greatly in technical capabilities, guiding them through the process will be anything but formulaic, so there will be a large amount of on-on one consultation. Origins are more difficult to set up than Targets (trying to figure out why, but a few people have told me this).

18 What are the advantages (SP)?
Much more secure than IP address auth Allows off-campus users to access without additional user/pw creation CU committed to Shib development; CU usage of Shib sets a good example As more institutions set up IdPs, they will begin demanding this technology

19 The Shib Advantage (for origins) 1/3
Privacy: Users release to the targets only the information that they (or a guardian) authorizes. Remote Access: Users can login to resources in campus or remotely, via the WAYF. Streamlined Access: Users assign their attributes to the ARP rather than submitting them to each individual resource (saves time and ensures accuracy/consistency). Additionally, users do not have to maintain a record of several different logins/passwords for several different resources.

20 The Shib Advantage (for origins) 2/3
Simplified administration: Origins sites use their existing identity directories. Direct Access to the most relevant information: because of the ARP assumptions can be made about the relevancy of specific materials and user needs.

21 The Shib Advantage (for origins) 3/3
Providing market data is not just altruistic: Because publishers will receive more detailed data from their users, instead of relying on generic access attributes, they will be able to perform better market research, which, in turn helps the educators by providing better, more tailored projects.

22 Onward!


Download ppt "Shibboleth and CU Carol Kassel Digital Knowledge Ventures (DKV)"

Similar presentations


Ads by Google