Download presentation
Presentation is loading. Please wait.
Published byPosy Loren Park Modified over 9 years ago
1
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005
2
2 Topics Shibboleth v1.3 – Shibboleth Futures -- the Roadmap after 1.3 Shibboleth and e-Authn
3
3 Shibboleth v1.3 Planned Availability -- June, 2005 Currently in beta Major New Functionality Full SAML v1.1 support -- BrowserArtifact Profile and AttributePush Support for SAML-2 metadata schema Improved Multi-Federation Support Support for the Federal Gov’t’s E-authn Profile Native Java SP Implementation Improved build process
4
4 Restructuring of Federations The Transition to InCommon InCommon is now “Real” Campuses and Vendors are Transitioning… May soon see negative incentives for long term membership in InQueue “Negative Trust” Federation Available for software development, testing Self-service application to register Expect to see many relatives of Donald Duck as members International Federation Peering Moving forward… Vendors moving toward supporting multi-federation world
5
5 Shibboleth and Grids Shib/SAML is currently web-browser centric so doesn't apply to more general protocols yet can easily apply to Grid portals SAML could carry certs/keys as attributes Grid-Shib project NSF-funded focus on access to campus Attribute Authority to provide attributes for Grid service authz decisions
6
6 WS* Interop -- Status Agreements to build WS-Fed interoperability into Shib Contracts signed; work to begin AFTER Shib v1.3 WS-Federation + Passive Requestor Profile + Passive Requestor Interoperability Profile Discussions broached, by Microsoft, in building Shib interoperabilty into WS-Fed; no further discussions Devils in the details Can WS-Fed-based SPs work in InCommon without having to muck up federation metadata with WS-Fed-specifics? All the stuff besides WS-Fed in the WS-* stack
7
7 WS* Interop -- High Level Goals Establish interoperability of the ADFS Identity Provider and Service Provider implementations (and any other WS-F/PRP/PRIP Provider conformant implementations), with the Internet2 Shibboleth System Identity Provider and Service Provider implementations. Establish ADFS as a supported option for use for Identity Provider and Service Provider deployments in the Internet2-operated InCommon Federation of US higher-education and partner sites. Build a strategic relationship with a fully deployed and leading edge federation (InCommon) and the higher ed academic community.
8
8 Shibboleth -- Future Releases “Interim” Release Target Date -- within Calendar 2005 Include some SAML-2 Functionality Rely on feedback from user community to identify SAML-2 features which are HIGH priority Lots of potential partners interested in helping….
9
9 Shibboleth 2.0 SAML 2.0 specification approved March 2005 Shibboleth 2.0 Expect to provide support for ALL REQUIRED SAML-2 functionality Target Date -- mid-year 2006 Who wants to help?
10
10 Federal eAuthentication Key driver for e-government, operating under the auspices of GSA Leveraging key NIST guidelines Setting the standard for a variety of federated identity requirements Identity proofing SAML bindings Credential assessment Risk assessment Technical components driven through the InterOp Lab http://www.cio.gov/eAuthentication/
11
11 eAuthentication Key Concepts Approved technologies The Federal “e-Authentication Federation” Credential assessment framework Trusted Credential Service providers Agency Applications (outward facing…)
12
12 Shibboleth E-Authn Certification V1.3 has already successfully navigated interoperability testing Scheduled for Certification Testing the week of June 20 Campuses could then Join the E-authn Federation Use the Shibboleth software to access e-authn enabled federal gov’t web sites More E-authn info available at http://www.cio.gov/eauthentication/
13
13
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.