1 / 7

Shibboleth Update Fall 2012

Shibboleth Update Fall 2012. Ch - ch -changes. Chad moving on to new job opportunity, requires realigning product responsibilities and reviewing roadmap Tom Zeller coming on board as IdP lead Ian Young assuming responsibility for Metadata Aggregator Other roles largely the same. IdPv3.

carlyn
Download Presentation

Shibboleth Update Fall 2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Shibboleth UpdateFall 2012

  2. Ch-ch-changes • Chad moving on to new job opportunity, requires realigning product responsibilities and reviewing roadmap • Tom Zeller coming on board as IdP lead • Ian Young assuming responsibility for Metadata Aggregator • Other roles largely the same

  3. IdPv3 • Scope and schedule inevitably impacted • Priority for project team is delivering a dev plan to the new Consortium Board this month • Identify resource gaps, then adjust plan or find resources

  4. Service Provider • 2.5.0 release smooth apart from traditional packaging foibles • Pending outcome of an issue under investigation, End of Life for V2.4.3 will be Nov 30th • 2.5.1 patch update under development to address Apache 2.4 support, other bugs as time permits

  5. SAML ECP + GSS-API/SASL + ISOC + NCSA =SSHIMAPLDAPXMPPNFSAFS…

  6. SAML ECP in GSS-API • https://wiki.oasis-open.org/security/SAML2ChannelBindingExt • Authentication of TLS client/server session via SAML IdP • https://wiki.oasis-open.org/security/SAML2EnhancedClientProfile • Backward-compatible profile adding channel binding, holder of key security, session key establishment • http://tools.ietf.org/html/draft-ietf-kitten-sasl-saml-ec • GSS-API mechanism allowing use of IdP with ECP • Expose SAML identity via GSS-API Naming Extensions • SASL support via GS2 bridge mechanism

  7. Takeaways • Proof of concept stage, specs still evolving • No browser for authentication, no implicit web-based flows alongside the real ones • Strong complementary overlap with Project Moonshot: • client UI and IdP provisioning • GSS client and server changes • use of SAML-based identities, GSS naming extensions • likely to share code

More Related