Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shibboleth and CU Carol Kassel Digital Knowledge Ventures (DKV)

Published byGwenda Perry Modified over 9 years ago

Similar presentations

Presentation on theme: "Shibboleth and CU Carol Kassel Digital Knowledge Ventures (DKV)"— Presentation transcript:

1 Shibboleth and CU Carol Kassel Digital Knowledge Ventures (DKV)
James Burger National Science Digital Library (NSDL)

2 Table of contents What is Shibboleth? How is it being used at CU?
What’s Carol’s involvement? Jim’s involvement? How could Shibboleth be used? What are the advantages to using it (SP)? What are the advantages to using it (IdP)?

3 What is Shibboleth? “Shibboleth, a project of Internet2/MACE, is developing architectures, policy structures, practical technologies, and an open source implementation to support inter-institutional sharing of web resources subject to access controls. In addition, Shibboleth will develop a policy framework that will allow inter-operation within the higher education community.” In English: Shibboleth allows users from different institutions or groups to obtain access to protected content anywhere on the Web. Users log in locally and their privacy is maintained. Shibboleth is “middleware,” software that facilitates communication between or among servers.

4 “Shibboleth” (Judges 12)

5 How is it being used at CU?
National Science Digital Library (NSDL) – an interinstitutional project being developed in part by EPIC DART (Digital Anthropology Resources for Teaching) – in development jointly by LSE and CU (including EPIC) Artstor – some CU involvement CERO – developed by DKV; Shib-enabling by EPIC That’s it…for now!

6 Shibboleth pieces “Service provider” (SP, or “target”) – the site that users want to access “Identity provider” (IdP, or “origin”) – the place where users need to log in; the holder of user data “Where are you from?” page (WAYF) – the place where users identify themselves so that they can log in appropriately Attributes – info about the user that gets released from the IdP to the SP, according to policies on both ends

7 columbia.edu/~jb701/shib

8 What’s Carol’s involvement?
Columbia Educational Resources Online (CERO) needed to serve three audiences: CU affiliates with valid UNI/password Non-CU users with valid username/password Users at subscribing institutions with valid IP address “CU affiliates” included not just on-campus users but off-campus users, too, esp. alumni New site to be built for alumni: with links to CERO

9 Why we used Shibboleth Problem 1: How could we allow access to seminars via UNI login and still handle existing audiences? Problem 2: How could we maintain security of UNI system in all transactions? Problem 3: How could we make login process smooth and seamless? Problem 4: How could we require login once and keep users logged in for duration of browser session? Answer: Shibboleth!

10 Shibboleth setup for CERO

11 Shib-enabled login process

12 Details of general relevance
CU IdP existed for NSDL, but needed customization for CERO New IdP created for alternate reg system; can be used for other purposes (hence DKV/CU Press co-branding) CERO now running on alternate web server – no load balancing, no systems support IP address auth still supported (outside Shib)

13 Key players on CERO project
Walter Hoehn (EPIC, now University of Memphis): expertise in Shibboleth Noah Levitt (EPIC): creator of alternate reg system, no previous Shibboleth experience Andrew Johnston, Steve McGrath (AcIS): WIND developers, managers of Tomcat, no previous Shibboleth experience Carol Kassel (DKV): project manager, no previous Shibboleth experience

14 Success! Deployed November 2003
Very little downtime; very few technical problems Promotion to alumni in Feb 2004: excellent response rate, no major issues

15 JB’s NSDL Mission Introduce the Middle School Community to the NSDL in hopes that they make use of the resources currently available at NSDL.org Implement Shibboleth Origin sites in pilot middle schools (or at least “sell” the idea)

16 How could Shibboleth be used?
Move away from IP address auth to Shib for subscribing institutions who have that capability – i.e., set up CIAO, Earthscape, Gutenberg<e>, CAHO as Service Providers Involves deploying Shibboleth on main web servers, esp. for CIAO Use Shib to provide more resources for CU alumni while supporting existing audiences Shib-enable new web resources when they are developed

17 Potential Obstacles Lack of Shibbolized Targets: Without a selection of targets for the Shibbolized Origins to connect with, there is little incentive for middle schools to participate (the good ol’ Catch-22 scenario with essence of Chicken & Egg for flavor). Variety of existing infrastructure and expertise: Assumption - because the middle schools vary so greatly in technical capabilities, guiding them through the process will be anything but formulaic, so there will be a large amount of on-on one consultation. Origins are more difficult to set up than Targets (trying to figure out why, but a few people have told me this).

18 What are the advantages (SP)?
Much more secure than IP address auth Allows off-campus users to access without additional user/pw creation CU committed to Shib development; CU usage of Shib sets a good example As more institutions set up IdPs, they will begin demanding this technology

19 The Shib Advantage (for origins) 1/3
Privacy: Users release to the targets only the information that they (or a guardian) authorizes. Remote Access: Users can login to resources in campus or remotely, via the WAYF. Streamlined Access: Users assign their attributes to the ARP rather than submitting them to each individual resource (saves time and ensures accuracy/consistency). Additionally, users do not have to maintain a record of several different logins/passwords for several different resources.

20 The Shib Advantage (for origins) 2/3
Simplified administration: Origins sites use their existing identity directories. Direct Access to the most relevant information: because of the ARP assumptions can be made about the relevancy of specific materials and user needs.

21 The Shib Advantage (for origins) 3/3
Providing market data is not just altruistic: Because publishers will receive more detailed data from their users, instead of relying on generic access attributes, they will be able to perform better market research, which, in turn helps the educators by providing better, more tailored projects.

22 Onward!

Download ppt "Shibboleth and CU Carol Kassel Digital Knowledge Ventures (DKV)"

Similar presentations

PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.

PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Duke Enterprise CMS CGS Meeting 5/7/2004 Cheryl Crupi Senior Manager, Duke OIT Office of Web Services.

Duke Enterprise CMS CGS Meeting 5/7/2004 Cheryl Crupi Senior Manager, Duke OIT Office of Web Services.
WHY CMS? WHY NOW? CONTENT MANAGEMENT SYSTEM. CMS OVERVIEW Why CMS? What is it? What are the benefits and how can it help me? Centralia College web content.

WHY CMS? WHY NOW? CONTENT MANAGEMENT SYSTEM. CMS OVERVIEW Why CMS? What is it? What are the benefits and how can it help me? Centralia College web content.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Toolbox Mirror -Overview Effective Distributed Learning.

Toolbox Mirror -Overview Effective Distributed Learning.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Electronic Commerce Semester 1 Term 1 Lecture 2. Forces Fuelling E-Commerce Interest in e-commerce is being fuelled by: –Economic forces –Customer interaction.

Electronic Commerce Semester 1 Term 1 Lecture 2. Forces Fuelling E-Commerce Interest in e-commerce is being fuelled by: –Economic forces –Customer interaction.
June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.

June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.
Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel.

Columbia Educational Resources Online: A Shib-Enabling Case Study Carol Kassel Columbia University Digital Knowledge Ventures (DKV) Copyright Carol Kassel.
Educause 2006, Dallas TX What does a University need from Access Management? John Paschoud InfoSystems Engineer, LSE Library London School of Economics.

Educause 2006, Dallas TX What does a University need from Access Management? John Paschoud InfoSystems Engineer, LSE Library London School of Economics.
Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
AAI with simpleSAMLphp

AAI with simpleSAMLphp
Resolving Unique and Persistent Identifiers for Digital Objects Why Worry About Identifiers? Individuals and organizations, including governments and businesses,

Resolving Unique and Persistent Identifiers for Digital Objects Why Worry About Identifiers? Individuals and organizations, including governments and businesses,
Get Started With Marketing!. Marketing on Your Mind?  This presentation will include: Info for New and Experienced Users Ideas for marketing to Students.

Get Started With Marketing!. Marketing on Your Mind?  This presentation will include: Info for New and Experienced Users Ideas for marketing to Students.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

Similar presentations

Ads by Google