1 / 11

Shibboleth 2.0 Update

Shibboleth 2.0 Update. Nate Klingenstein. Topics. SAML 2.0 -- new features Shibboleth 2.0 Features Shibboleth 2.1 Features Timelines. SAML 2.0 -- new features. Authn Request -- extended functionality Single Logout NameID Mapping and Management IdP’s can inform SP’s of name changes

robert-page
Download Presentation

Shibboleth 2.0 Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Shibboleth 2.0 Update Nate Klingenstein

  2. Topics • SAML 2.0 -- new features • Shibboleth 2.0 Features • Shibboleth 2.1 Features • Timelines

  3. SAML 2.0 -- new features • Authn Request -- extended functionality • Single Logout • NameID Mapping and Management • IdP’s can inform SP’s of name changes • Metadata (Already used by Shib 1.3) • Enhanced Client or Proxy (ECP) Profile • Encryption • Improved Attribute Push

  4. OpenSAML 2.0 Features • Nearly completely rewritten for cleaner interfaces • Supports SAML v1.0(eAuth), v1.1 and v2.0 • ~50% done

  5. Shibboleth 2.0 Features • Shibboleth 1.3 functionality built on a SAML 2.0 base • With a few urgent enhancements • Convergence with commercial Liberty Alliance- & SAML-based products • AuthenticationRequest • Shib will include some Authentication processing "in the box” • New interface to SSO systems needed to support new functionality in Authn Request

  6. Shibboleth 2.0 Features • Java SP • Improved SP Clustering • Backend ODBC timeout/attribute sharing • Shibboleth is Apache 2.2 compatible, but its clustering is out of scope • Production-ready WAYF providing both standalone and application-integrated functionality in at least Java

  7. Shibboleth 2.1 Features • Delegated Authentication • Support for All SAML 2.0 assertions except AuthnQuery and AuthzDecisionQuery • SAML NameID management requests account linking • Attribute aggregation(Steven of IEEE)? • At IdP? • At SP?

  8. Shibboleth 2.1 Features • Enhanced Client Support • PAOS -- WAYF Solution? • Global Logout • Improved targetedID implementation (SAML persistent identifier)

  9. Timelines • Coding underway on OpenSAML 2.0 • Beta in March timeframe • Shibboleth 2.0 still being fully scoped • Initial beta available May/June 2006 • Final release end of summer

  10. Other Cool New Stuff of Interest • SHARPE (Late Beta) • Signet (Probably 1.0 released) • Grouper (v0.9) • Nexus (Still Memphis-specific)

  11. Enterprise Infrastructure &VO/Grid Integration • Attributes & Authorization • User Data • Permissions • VO-Specific Information • Authentication & Principals • GridShib • X.509 • New Working Group? • ndk@internet2.edu

More Related