120 likes | 288 Views
Shibboleth Roadmap -- 2005. Sequence. Shibboleth v1.3 E-Authentication Certification Restructuring of Federations The Transition to InCommon “Negative Trust” Federation International Federation Peering Shibboleth and Grids Futures WS* Interop
E N D
Sequence • Shibboleth v1.3 • E-Authentication Certification • Restructuring of Federations • The Transition to InCommon • “Negative Trust” Federation • International Federation Peering • Shibboleth and Grids • Futures • WS* Interop • Interim Release – Support for Some of SAML 2.0 • Full SAML 2.0 Support
Shibboleth v1.3 • Planned Availability -- June 1, 2005 • Major New Functionality • Full SAML v1.1 support -- BrowserArtifact Profile and AttributePush • Support for SAML-2 metadata schema • Improved Multi-Federation Support • Support for the Federal Gov’t’s E-authn Profile • Native Java SP Implementation • Improved build process
E-Authn Certification • V1.3 has already successfully navigated interoperability testing • Scheduled for Certification Testing the week of June 20 • Campuses could then • Join the E-authn Federation • Use the Shibboleth software to access e-authn enabled federal gov’t web sites • More E-authn info available at http://www.cio.gov/eauthentication/
Restructuring of Federations • The Transition to InCommon • InCommon is now “Real” • Campuses and Vendors are Transitioning… • May soon see negative incentives for long term membership in InQueue • “Negative Trust” Federation • Available for software development, testing • Self-service application to register • Expect to see many relatives of Donald Duck as members • International Federation Peering • Moving forward… • Vendors moving toward supporting multi-federation world
Shibboleth and Grids • • Shib/SAML is currently web-browser centric • so doesn't apply to more general protocols • yet can easily apply to Grid portals • SAML could carry certs/keys as attributes • • Grid-Shib project • NSF-funded • focus on access to campus Attribute Authority to provide attributes for Grid service authz decisions
WS* Interop • Web Services is a big deal • much practice, much promise, much hype • great potential for multi-vendor integration • • WS-Security • base spec is OASIS standard, but only first 5% • many layered specs: WS-Policy, -Trust, Conversation, -Federation, -Resource, etc • standard/IPR status not clear • SAML can be carried as WS-Sec “token” • Microsoft federation software uses SAML assertions but WS-Fed protocol
WS* Interop -- Status • Agreements to build WS-Fed interoperability into Shib • Contracts signed; work to begin After Shib v1.3 • WS-Federation + Passive Requestor Profile + Passive Requestor Interoperability Profile • Discussions broached, by Microsoft, in building Shib interoperabilty into WS-Fed; no further discussions • Devils in the details • Can WS-Fed-based SPs work in InCommon without having to muck up federation metadata with WS-Fed-specifics? • All the stuff besides WS-Fed in the WS-* stack
WS* Interop -- High Level Goals • Establish interoperability of the ADFS Identity Provider and Service Provider implementations (and any other WS-F/PRP/PRIP Provider conformant implementations), with the Internet2 Shibboleth System Identity Provider and Service Provider implementations. • Establish ADFS as a supported option for use for Identity Provider and Service Provider deployments in the Internet2-operated InCommon Federation of US higher-education and partner sites. • Build a strategic relationship with a fully deployed and leading edge federation (InCommon) and the higher ed academic community.
Shibboleth -- Interim Release • Target Date -- within Calendar 2005 • Include some SAML-2 Functionality • Rely on feedback from user community to identify SAML-2 features which are HI priority • Discussion started yesterday during WG meeting
SAML 2.0 Support • SAML-2 approved March 2005 • Target Date -- mid-year 2006 • Expect to provide support for ALL REQUIRED SAML-2 functionality • Who wants to help?