1 / 22

Shibboleth and CU

Shibboleth and CU. Carol Kassel Digital Knowledge Ventures (DKV) James Burger National Science Digital Library (NSDL). Table of contents. What is Shibboleth? How is it being used at CU? What’s Carol’s involvement? Jim’s involvement? How could Shibboleth be used?

linh
Download Presentation

Shibboleth and CU

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Shibboleth and CU Carol Kassel Digital Knowledge Ventures (DKV) James Burger National Science Digital Library (NSDL)

  2. Table of contents • What is Shibboleth? • How is it being used at CU? • What’s Carol’s involvement? Jim’s involvement? • How could Shibboleth be used? • What are the advantages to using it (SP)? • What are the advantages to using it (IdP)?

  3. What is Shibboleth? • “Shibboleth, a project of Internet2/MACE, is developing architectures, policy structures, practical technologies, and an open source implementation to support inter-institutional sharing of web resources subject to access controls. In addition, Shibboleth will develop a policy framework that will allow inter-operation within the higher education community.” • In English: Shibboleth allows users from different institutions or groups to obtain access to protected content anywhere on the Web. Users log in locally and their privacy is maintained. • Shibboleth is “middleware,” software that facilitates communication between or among servers.

  4. “Shibboleth” (Judges 12)

  5. How is it being used at CU? • National Science Digital Library (NSDL) – an interinstitutional project being developed in part by EPIC • DART (Digital Anthropology Resources for Teaching) – in development jointly by LSE and CU (including EPIC) • Artstor – some CU involvement • CERO – developed by DKV; Shib-enabling by EPIC • That’s it…for now!

  6. Shibboleth pieces • “Service provider” (SP, or “target”) – the site that users want to access • “Identity provider” (IdP, or “origin”) – the place where users need to log in; the holder of user data • “Where are you from?” page (WAYF) – the place where users identify themselves so that they can log in appropriately • Attributes – info about the user that gets released from the IdP to the SP, according to policies on both ends

  7. columbia.edu/~jb701/shib

  8. What’s Carol’s involvement? • Columbia Educational Resources Online (CERO) needed to serve three audiences: • CU affiliates with valid UNI/password • Non-CU users with valid username/password • Users at subscribing institutions with valid IP address • “CU affiliates” included not just on-campus users but off-campus users, too, esp. alumni • New site to be built for alumni: Learning@Columbia, with links to CERO

  9. Why we used Shibboleth • Problem 1: How could we allow access to seminars via UNI login and still handle existing audiences? • Problem 2: How could we maintain security of UNI system in all transactions? • Problem 3: How could we make login process smooth and seamless? • Problem 4: How could we require login once and keep users logged in for duration of browser session? • Answer: Shibboleth!

  10. Shibboleth setup for CERO

  11. Shib-enabled login process

  12. Details of general relevance • CU IdP existed for NSDL, but needed customization for CERO • New IdP created for alternate reg system; can be used for other purposes (hence DKV/CU Press co-branding) • CERO now running on alternate web server – no load balancing, no systems support • IP address auth still supported (outside Shib)

  13. Key players on CERO project • Walter Hoehn (EPIC, now University of Memphis): expertise in Shibboleth • Noah Levitt (EPIC): creator of alternate reg system, no previous Shibboleth experience • Andrew Johnston, Steve McGrath (AcIS): WIND developers, managers of Tomcat, no previous Shibboleth experience • Carol Kassel (DKV): project manager, no previous Shibboleth experience

  14. Success! • Deployed November 2003 • Very little downtime; very few technical problems • Promotion to alumni in Feb 2004: excellent response rate, no major issues

  15. JB’s NSDL Mission • Introduce the Middle School Community to the NSDL in hopes that they make use of the resources currently available at NSDL.org • Implement Shibboleth Origin sites in pilot middle schools (or at least “sell” the idea)

  16. How could Shibboleth be used? • Move away from IP address auth to Shib for subscribing institutions who have that capability – i.e., set up CIAO, Earthscape, Gutenberg<e>, CAHO as Service Providers • Involves deploying Shibboleth on main web servers, esp. for CIAO • Use Shib to provide more resources for CU alumni while supporting existing audiences • Shib-enable new web resources when they are developed

  17. Potential Obstacles • Lack of Shibbolized Targets: Without a selection of targets for the Shibbolized Origins to connect with, there is little incentive for middle schools to participate (the good ol’ Catch-22 scenario with essence of Chicken & Egg for flavor). • Variety of existing infrastructure and expertise: Assumption - because the middle schools vary so greatly in technical capabilities, guiding them through the process will be anything but formulaic, so there will be a large amount of on-on one consultation. • Origins are more difficult to set up than Targets (trying to figure out why, but a few people have told me this).

  18. What are the advantages (SP)? • Much more secure than IP address auth • Allows off-campus users to access without additional user/pw creation • CU committed to Shib development; CU usage of Shib sets a good example • As more institutions set up IdPs, they will begin demanding this technology

  19. The Shib Advantage (for origins)1/3 • Privacy: Users release to the targets only the information that they (or a guardian) authorizes. • Remote Access: Users can login to resources in campus or remotely, via the WAYF. • Streamlined Access: Users assign their attributes to the ARP rather than submitting them to each individual resource (saves time and ensures accuracy/consistency). Additionally, users do not have to maintain a record of several different logins/passwords for several different resources.

  20. The Shib Advantage (for origins) 2/3 • Simplified administration: Origins sites use their existing identity directories. • Direct Access to the most relevant information: because of the ARP assumptions can be made about the relevancy of specific materials and user needs.

  21. The Shib Advantage (for origins) 3/3 • Providing market data is not just altruistic: Because publishers will receive more detailed data from their users, instead of relying on generic access attributes, they will be able to perform better market research, which, in turn helps the educators by providing better, more tailored projects.

  22. Onward!

More Related