1 / 10

UCLA’s Shibboleth Plan

UCLA’s Shibboleth Plan. Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with ISIS, UCLA’s Web SSO Replace existing attribute query interface in ISIS with Shibboleth Improve User Experience Revamp Administration Model.

stormy
Download Presentation

UCLA’s Shibboleth Plan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UCLA’s Shibboleth Plan • Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project • Integrate with ISIS, UCLA’s Web SSO • Replace existing attribute query interface in ISIS with Shibboleth • Improve User Experience • Revamp Administration Model

  2. Shibboleth in EDIMI • Shibboleth is the standard web attribute query API in the EDIMI project. • UCLA’s Shibboleth will query the enterprise directory for data. • Currently developing Enterprise Directory: Phase I release in Fall 2005 • ED schema is designed with Shibboleth in mind: eduPerson and eduPerson style entitlement attributes.

  3. Shibboleth in EDIMI • As we add more data in to the ED, Shibboleth becomes richer. • Phase I: basic identity and contact data • Phase II: eduPerson and employee data related role and entitlement attributes • Phase III: student related role and entitlement attributes • Other: Through out the project, we will seek opportunity to include miscellaneous attributes of interest: e.g., departmentalNetworkAdministrator; computerSupportCoordinator;

  4. Integrating Shibboleth with ISIS • Shibboleth offers richer set of attributes with user-controlled privacy release policy. • Shibboleth is not just for cross-institution authentication. • All UCLA Web applications will eventually be Shib-enabled. • Migration will take time – With nearly 100 applications, this will be a multi-year process.

  5. UCLA Shibboleth Status • Server Status: • Currently in test • Integrated with test ISIS • Federation Status: • UCLA is a member of InQueue • Will join InCommon as soon as our IdM scheme complies with requirements • Rollout: • Need to identify suitable early adopters

  6. Evangelizing Shibboleth Shibboleth in Outsourced Administrative Apps: UCLA HR is looking to outsource its employment and position management system to PeopleAdmin, a vendor hosted HR application vendor. PeopleAdmin’s primary client-base is Higher-Ed and the public sector. Convince PeopleAdmin to develop support for Shibboleth in its software.

  7. Evangelizing Shibboleth Shibboleth in Affiliated Service Organizations: Apple and ASUCLA wants to post restricted promotional material on ASUCLA’s web site. Push ASUCLA to use Shibboleth. … and reaching out to an OS vendor… Conversation with Apple engineer: possible Shibboleth support from within Mac OS, iTune and iChat?

  8. Evangelizing Shibboleth Shibboleth in grass-root implementations: A group of computer science students have developed a Jabber chat client and are looking for authentication solutions. Working with the group to develop Shibboleth connector to Jabber/XMPP

  9. Evangelizing Shibboleth Ongoing projects at Internet2/nation-wide level: Content Management Software: WebCT, Blackboard, Sakai, Moodle Online journal vendors: JSTOR Grid computing and Shibboleth Integration US Federal Government E-Authentication initiative

  10. Evangelizing Shibboleth Other possibilities: Penn State implemented Shibboleth with Napster. UC just signed a similar music download service. Shib? Bruinwalk.com, a student run web site at UCLA, has been using UCLA’s BOL ID/password to log user in via shady techniques. Shib is a good way to enable student run organizations to legitimately support users without compromising security.

More Related