Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shibboleth for Middle Schools James Burger -

Published byCharlotte Coleen Evans Modified over 8 years ago

Similar presentations

Presentation on theme: "Shibboleth for Middle Schools James Burger -"— Presentation transcript:

1 Shibboleth for Middle Schools James Burger - jb701@columbia.edu

2 What do an ear of corn, a stream of water, and computer networks have in common? Shibboleth.

3 What is Shibboleth?  Shibboleth is software, more specifically referred to as middleware  Middleware is a layer of software that acts as a facilitator between a network and its applications, providing services such as identification, authentication, and authorization  Shibboleth was developed by Internet2/MACE. The current version is v1.2Internet2/MACE

4 2 communities  Users – In this case, middle school educators and learners  Service Providers – In this case, content providers who contribute the NSDL collections

5 Why Shibboleth in middle schools?  Shibboleth is a superior system for allowing users to login to secure resources, because it provides a high level of privacy by allowing communities to set their own Attribute Release Policies.  Attributes conveyed to resources can be used to customize levels of access for the user. For example, a resource might have two distinct areas, one for teachers and one for students. Logging in would bring the user directly to the appropriate area.

6 Don’t some middle schools already log into resources on the Internet?  Yes. Middle schools already benefit from such resources. There are several established ways to link communities in a collaborative manner.  But, each system suffers from significant inefficiencies. For example…

7 Users can login with individual usernames and passwords  Difficult to remember different usernames  Difficult to authenticate, limits customization  Easy to generate redundant accounts  User can’t control personal info

8 Service providers recognize Internet Protocol (IP) addresses of subscribing organizations  Access is limited to on-site use  Administrative burden on both sides

9 Users can log in through a secure portal or proxy server on their school’s site  Portals and proxy servers may not be as secure as Shibboelth enabled servers  Generic attributes = insufficient data (member@schoolname)  Administrative burden on both sides

10 Shibboleth was developed as a means to address each of these issues.

11  SOLVED: Access is limited to use on-site at the middle school  SOLVED: Difficult to remember different usernames  SOLVED: Easy to generate several accounts The school assigns each member of its community a unique identifier For example, jb701 = James Burger

12 When the user logs into the school’s network, a temporary, opaque “handle” is created. The handle disassociates the ID from identifying information. Instead, the user’s organization specifies attributes to send to the content provider through an Attribute Release Policy (ARP).  SOLVED: User can’t control personal info  SOLVED: Difficult to authenticate, limits customization

13 A user can have several Attribute Release Policies (ARP) ARP I Member of subscribing community ARP II Member of subscribing community Student ARP III Member of subscribing community Student Grade

14 Federations agree on Attribute Release Policies  SOLVED, again: Difficult to authenticate, limits customization  SOLVED, again: Generic attributes = insufficient data (member@schoolname)member@schoolname  SOLVED, again: User can’t control personal info

15 Shibboleth establishes a truly efficient system for content access  Enough detail to know user’s needs  Not enough detail to know user’s identity  Ability to access resources remotely  SOLVED: Generic attributes = insufficient data (member@schoolname)

16 Fewer attributes = greater privacy More attributes = greater granularity Shibboleth federations are striking a balance.

17 How much does it cost to implement Shibboleth?  The software itself costs nothing  Implementation costs depend on the existing technological infrastructure of the school and the technical capability of the staff

18 What is required to implement Shibboleth?  Web Server  Java Servlet Container  Login system (identity management)  Agreement with federation policies

19 What does Shibboleth look like?

20 Isn’t it more complex than that?

21 What does the user see?  The user may see two screens before reaching the requested content  Both should be intuitive and may be used in numerous other applications:  Where Are You From (WAYF)  Organization login screen

22 OK, so far you’ve described a new way to network computers. What does that have to do with an ear of corn or a stream of water?

23 Shibboleth derives its name from the Hebrew word for an ear of corn or a stream of water. The name’s significance lies in its use as a Biblical password devised by the Gileadites to ward off the Ephraimites. “…they would say to him, then say, ‘shibboleth;’ but he would say, ‘sibboleth,’ not being able to pronounce it correctly.” --Judges 12.6

24 Contact Information James Burger Manager, Subscriber Services National Science Digital Library (NSDL) Columbia University 417 Watson Hall 612 West 115th Street New York, NY 10027 212-854-1110 / jb701@columbia.edujb701@columbia.edu

Download ppt "Shibboleth for Middle Schools James Burger -"

Similar presentations

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.

Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.
E-books and E-journals Off-campus This presentation will show you how to log in and access Oxford Brookes Library e-books and e-journals when youre off.

E-books and E-journals Off-campus This presentation will show you how to log in and access Oxford Brookes Library e-books and e-journals when youre off.
Accessing electronic journals from off- campus This causes lots of headaches, but dont despair, heres how to do it! (Please note – this presentation is.

Accessing electronic journals from off- campus This causes lots of headaches, but dont despair, heres how to do it! (Please note – this presentation is.
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Getting Started in Blackboard. You will need… A web browser, preferably Internet Explorer, version 4.0 or higher An email account and the knowledge of.

Getting Started in Blackboard. You will need… A web browser, preferably Internet Explorer, version 4.0 or higher An account and the knowledge of.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Shibboleth: EBSCOhost implementation Lech Wojtowicz Director of Software Development EBSCO Publishing Access 2003 October 3, 2003.

Shibboleth: EBSCOhost implementation Lech Wojtowicz Director of Software Development EBSCO Publishing Access 2003 October 3, 2003.
SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.

SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.

June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Www.eduserv.org.uk/openathens Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.

Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.
Email Basics Dayton Metro Library Place photo here August 10, 2015.

Basics Dayton Metro Library Place photo here August 10, 2015.
InCommon Policy Conference April 2005. 2 Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

Similar presentations

Ads by Google