1 / 12

Shibboleth v1.3 Roadmap and E-Authentication Updates

Explore the evolution of Shibboleth v1.3, E-Authentication Certification, and the transition to InCommon with improved functionality. Learn how Shibboleth intersects with Grids, WS* Interoperability, and International Federation Peering for a comprehensive understanding of future developments. Discover the latest insights on transitioning to InCommon, negative trust federations, and the integration of SAML-2 functionalities.

boyster
Download Presentation

Shibboleth v1.3 Roadmap and E-Authentication Updates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Shibboleth Roadmap -- 2005

  2. Sequence • Shibboleth v1.3 • E-Authentication Certification • Restructuring of Federations • The Transition to InCommon • “Negative Trust” Federation • International Federation Peering • Shibboleth and Grids • Futures • WS* Interop • Interim Release – Support for Some of SAML 2.0 • Full SAML 2.0 Support

  3. Shibboleth v1.3 • Planned Availability -- June 1, 2005 • Major New Functionality • Full SAML v1.1 support -- BrowserArtifact Profile and AttributePush • Support for SAML-2 metadata schema • Improved Multi-Federation Support • Support for the Federal Gov’t’s E-authn Profile • Native Java SP Implementation • Improved build process

  4. E-Authn Certification • V1.3 has already successfully navigated interoperability testing • Scheduled for Certification Testing the week of June 20 • Campuses could then • Join the E-authn Federation • Use the Shibboleth software to access e-authn enabled federal gov’t web sites • More E-authn info available at http://www.cio.gov/eauthentication/

  5. Restructuring of Federations • The Transition to InCommon • InCommon is now “Real” • Campuses and Vendors are Transitioning… • May soon see negative incentives for long term membership in InQueue • “Negative Trust” Federation • Available for software development, testing • Self-service application to register • Expect to see many relatives of Donald Duck as members • International Federation Peering • Moving forward… • Vendors moving toward supporting multi-federation world

  6. Shibboleth and Grids • • Shib/SAML is currently web-browser centric • so doesn't apply to more general protocols • yet can easily apply to Grid portals • SAML could carry certs/keys as attributes • • Grid-Shib project • NSF-funded • focus on access to campus Attribute Authority to provide attributes for Grid service authz decisions

  7. WS* Interop • Web Services is a big deal • much practice, much promise, much hype • great potential for multi-vendor integration • • WS-Security • base spec is OASIS standard, but only first 5% • many layered specs: WS-Policy, -Trust, Conversation, -Federation, -Resource, etc • standard/IPR status not clear • SAML can be carried as WS-Sec “token” • Microsoft federation software uses SAML assertions but WS-Fed protocol

  8. WS* Interop -- Status • Agreements to build WS-Fed interoperability into Shib • Contracts signed; work to begin After Shib v1.3 • WS-Federation + Passive Requestor Profile + Passive Requestor Interoperability Profile • Discussions broached, by Microsoft, in building Shib interoperabilty into WS-Fed; no further discussions • Devils in the details • Can WS-Fed-based SPs work in InCommon without having to muck up federation metadata with WS-Fed-specifics? • All the stuff besides WS-Fed in the WS-* stack

  9. WS* Interop -- High Level Goals • Establish interoperability of the ADFS Identity Provider and Service Provider implementations (and any other WS-F/PRP/PRIP Provider conformant implementations), with the Internet2 Shibboleth System Identity Provider and Service Provider implementations. • Establish ADFS as a supported option for use for Identity Provider and Service Provider deployments in the Internet2-operated InCommon Federation of US higher-education and partner sites. • Build a strategic relationship with a fully deployed and leading edge federation (InCommon) and the higher ed academic community.

  10. Shibboleth -- Interim Release • Target Date -- within Calendar 2005 • Include some SAML-2 Functionality • Rely on feedback from user community to identify SAML-2 features which are HI priority • Discussion started yesterday during WG meeting

  11. SAML 2.0 Support • SAML-2 approved March 2005 • Target Date -- mid-year 2006 • Expect to provide support for ALL REQUIRED SAML-2 functionality • Who wants to help?

More Related