1 / 19

Shibboleth and SAML: Overview and Status

Learn about Shibboleth, an initiative for secure web resource sharing, and its relationship with SAML. Explore its architecture, example scenarios, and future extensions. Understand why Shibboleth offers better solutions for collaboration, privacy, and federated administration. Get an overview of SAML, its importance as a security assertion markup language, and its alignment with Shibboleth. Stay updated with the current status and availability of Shibboleth.

andersong
Download Presentation

Shibboleth and SAML: Overview and Status

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Shibboleth and SAML:Overview and Status Scott Cantor, Marlena Erdos, and the Shibboleth Design Team

  2. Outline • What is Shibboleth? • Why Shibboleth? • What is SAML and how does it relate? • High Level Architecture • Current Status

  3. What is Shibboleth? • An initiative to develop an architecture, policy framework, and practical technologies to support inter-organizational sharing of secured web resources and services • An Internet2/MACE project with intellectual and financial support from IBM/Tivoli

  4. Example Scenarios • A member of the campus community accessing a licensed library resource • Students enrolled in a course across multiple universities accessing class materials and Learning Mgmt Systems • Research workgroups sharing controlled resources (the original web) • Future extension to H.323 and beyond?

  5. What is Shibboleth? • A system... • with an emphasis on privacy • users control release of their attributes • based on open standards (SAML) and available in open source form • using “federated administration”

  6. Outline • What is Shibboleth? • Why Shibboleth? • What is SAML and how does it relate? • High Level Architecture • Current Status

  7. Why Shibboleth? • Growing interest in collaboration and resource sharing among institutions • Better security tools will make collaboration more “painless” and more secure • Current "solutions" are primitive; we can do better today and without local overhaul

  8. Why Shibboleth?Current Solutions • Access control by IP address • Each user given distinct name/password by resource site • overburdens resource administrator • A single name/password for all users • lack of security and accountability

  9. Why Shibboleth?Federated Administration • Federated Administration Features: • Users registered only at their “home” or “origin” institution • Authorization information sent, instead of authentication information • when possible, use groups instead of people on ACLs • identity information still available for auditing

  10. Why Shibboleth?Privacy • Higher Ed has privacy obligations • In US, “FERPA” requires permission for release of most personal identification information • General interest and concern for privacy is growing • Shibboleth has privacy provisions “built in”

  11. Outline • What is Shibboleth? • Why Shibboleth? • What is SAML and how does it relate? • High Level Architecture • Current Status

  12. SAML is (or will be)… • … Security Assertion Markup Language • ... an OASIS XML framework for exchanging authentication and authorization information • … an industry standard supported by most major web security vendors

  13. SAML • Standard due for completion late 2001 • More details available at OASIS SSTC site • http://www.oasis-open.org/committees/security/index.shtml • Initial version of Shibboleth will be “as SAML-compliant as possible” • Follow-on work will fully align (or extend in a more proper manner)

  14. Outline • What is Shibboleth? • Why Shibboleth? • What is SAML and how does it relate? • High Level Architecture • Current Status

  15. Non-Technical Overview(Technical Details Thursday PM) • Destination and origin site collaborate to provide a privacy-preserving “context” for Shibboleth users • Origin site authenticates user • Destination site requests attributes about user directly from origin site • Users (and organizations) can control what attributes are released

  16. “Club Shibboleth” • To make inter-organizational sharing effective and secure, agreements about policies, procedures, and attributes must be defined. • The architecture leaves lots of room; the “tough questions” are answered out-of-band in an umbrella we call Club Shib.

  17. Outline • What is Shibboleth? • Why Shibboleth? • What is SAML and how does it relate? • High Level Architecture • Current Status

  18. Current Status • Architecture and policy discussions almost complete, documents being drafted • Programming divided among IBM/Tivoli, Carnegie Mellon, and Ohio State • Code availability to pilot sites (US, UK, including content providers) due in early 2002

  19. THE END • Whew! • Acknowledgements: • Design Team: David Wasley U of C; RL Bob Morgan U of Washington; Keith Hazelton U of Wisconsin (Madison);Marlena Erdos IBM/Tivoli; Steven Carmody Brown; Scott Cantor Ohio State • Important Contributions from: Ken Klingenstein (I2); Michael Gettes Georgeton, Scott Fullerton (Madison)

More Related