1 / 17

Updates on Shib, a bit of InCommon and International Federations

This update covers Shibboleth 2.0, InCommon aspects, and international peering, highlighting topics such as federated software, shared attributes, and membership growth. It discusses key aspects of InCommon, Shibboleth features, federated applications, and membership stats.

nicholasduncan
Download Presentation

Updates on Shib, a bit of InCommon and International Federations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Updates on Shib, a bit of InCommon and International Federations

  2. Topics • Shib 2.0 and Autograph • Non-federal aspects of InCommon • International peering • Others will do InCommon and the US Gov, Usher, etc…

  3. State University Federations • State university federations - Texas, California, CSU, etc • Leverage existing infrastructure in both policies and shared applications • Some, such as the California Digital Marketplace, reach very broad populations

  4. InCommon • US R&E Federation • www.incommon.org • Members join a 501(c)3 • Addresses legal, LOA, shared attributes, business proposition, etc issues • Approximately 55 members and growing • A low percentage of national Shib use…

  5. Case Western Reserve University Clemson University Cornell University Dartmouth Duke University Florida State University Georgetown University Indiana University Miami University New York University Ohio University Penn State Stanford University Stony Brook University SUNY Buffalo Texas A&M The Ohio State University The Johns Hopkins University The University of Chicago University of Alabama at Birmingham University of California, Davis University of California, Irvine University of California, Los Angeles University of California, Merced University of California, Office of the President University of California, Riverside University of California, San Diego University of Maryland University of Maryland Baltimore County University of Maryland, Baltimore University of Rochester University of Southern California University of Virginia University of Washington University of Wisconsin - Madison Cdigix EBSCO Publishing Elsevier ScienceDirect Houston Academy of Medicine - Texas Medical Center Library Internet2 JSTOR Napster, LLC OCLC OhioLink - The Ohio Library & Information Network ProtectNetwork Symplicity Corporation Thomson Learning, Inc. Turnitin WebAssign InCommon Members 5/1/07

  6. Key aspects of InCommon • Federating software • Shib 1.2+ (other possibilities in the future) • Shared attributes and schema • eduPerson right now • Levels of authentication • POP (participant operational practices) for LOA-today • InCommon Bronze and Silver will map to LOA 1 & 2 • Management • Steering committee of members IT executives • Operations staffed by Internet2

  7. InCommon Management/Governance • Steering Committee of campus/vendor CIO’s and policy people – sets policies for membership, business model, etc. • Technical advisory committee - Sets common member standards for attributes (eduPerson 2.0) , identity management good practices, etc.

  8. Shibboleth • Shib 1.3 widely deployed; 1.2 still common • Along the way, other capabilities added: • ADFS compatibility for WS-Fed, (MS $) • Eauthentication certification (with waiver form:)) • Shib 2.0 completes the SAML+Shib integration • More compatible with COTS SAML 2.0 products than they are with each other • A Shib/SAML to TCP/IP analogy isn’t bad; Shib adds multi-party federation support through metadata, ARPS, etc. • Also eases support for n-tier, non-web and other capabilities • Alpha for Unix and Windows now being released

  9. The Shibboleth 2.0 Sidebar • Support for the attribute ecosystem • attribute handling, including policy, in both SP and IdP • designed to be reusable for other protocols (eg CardSpace) • sets stage for further work on multiple attribute sources, reputation management, etc. • All Java SP (in addition to current Java/Apache), easing integration for some applications • Trust management • PKI still seems too hard, even at the simpler enterprise level • Supports a broad set of trust choices – CA’s, certs, plain keys, managing site metadata (naming, acquisition, validating) • A product of years of painful experience 

  10. Federated Applications • Mostly access controls to content • The first shibbed collaborative apps are appearing… • Several wikis • Digital repositories such as DSpace and Fedora • Learning Management Systems such as WebCT • IM, p2p fileshare (Lionshare), CVS • Grid-Shib integration in several ways • SIP based tools (videoconferencing, audioconferencing) within reach • Bootstrapping from duct tape sometimes a problem

  11. Membership in InCommon • 53 members, perhaps 25 million students covered, growing slowly but steadily • Some interesting discussions • Apple, Google, Microsoft all as SP’s • The assertion of student-ness • National Energy Labs, as IdP’s and SP’s • And off in testshib… • The Navy, Google, …

  12. International Federations • Many nations now have federations; OECD and the UN are looking at ways to address the other • Status ranges from fully developed (Finland, Switzerland, Norway, Netherlands) to rapidly growing (France, UK) to struggling but moving forward (Denmark, Belgium) to just starting (Germany, Italy) • Several uses cases are already emerging for interfederation arrangements • Wikis, grids…

  13. Afternoon of International Peering • Attributes Validity requirements Eppn policy Privacy requirements Special identifiers User specified? RP specified? Transient? • LOA Credentials? Attributes? Both?? POP management and/or requirements Standard levels: Can we agree...?? Audit: requred? who does it? who sees it? Federation practices in support of LOA Standard practises between federations

  14. Late afternoon international peering • Legal and Financial Liability issues Financial Considerations (dues, transactions, etc) Dispute Resolution Can the federation commit its members? Working with commercial federations? Non NREN academic federations? • Kinda technical issues WAYF Trust anchors (use of commercial CA’s) Help desk and problem resolution • Wrap-ups and Next Steps OECD? UN? OASIS? etc. Where to continue and how Who's got the ball? • Nice dinner if we’ve earned it…

  15. Collaboration tools • Expanding enterprise and federated versions of popular tools • Adding identity, group and privilege management • Providing security and privacy • Adding the middleware extensions for virtual organizations • Integrating the VO life with the campus life in portals, videoconferencing, etc.

  16. VOs plumbed to federations

More Related