1 / 13

Shibboleth Update

Shibboleth Update. Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005. Topics. Shibboleth v1.3 – Shibboleth Futures -- the Roadmap after 1.3 Shibboleth and e-Authn. Shibboleth v1.3. Planned Availability -- June, 2005 Currently in beta

kay
Download Presentation

Shibboleth Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005

  2. Topics • Shibboleth v1.3 – • Shibboleth Futures -- the Roadmap after 1.3 • Shibboleth and e-Authn

  3. Shibboleth v1.3 • Planned Availability -- June, 2005 • Currently in beta • Major New Functionality • Full SAML v1.1 support -- BrowserArtifact Profile and AttributePush • Support for SAML-2 metadata schema • Improved Multi-Federation Support • Support for the Federal Gov’t’s E-authn Profile • Native Java SP Implementation • Improved build process

  4. Restructuring of Federations • The Transition to InCommon • InCommon is now “Real” • Campuses and Vendors are Transitioning… • May soon see negative incentives for long term membership in InQueue • “Negative Trust” Federation • Available for software development, testing • Self-service application to register • Expect to see many relatives of Donald Duck as members • International Federation Peering • Moving forward… • Vendors moving toward supporting multi-federation world

  5. Shibboleth and Grids • • Shib/SAML is currently web-browser centric • so doesn't apply to more general protocols • yet can easily apply to Grid portals • SAML could carry certs/keys as attributes • • Grid-Shib project • NSF-funded • focus on access to campus Attribute Authority to provide attributes for Grid service authz decisions

  6. WS* Interop -- Status • Agreements to build WS-Fed interoperability into Shib • Contracts signed; work to begin AFTER Shib v1.3 • WS-Federation + Passive Requestor Profile + Passive Requestor Interoperability Profile • Discussions broached, by Microsoft, in building Shib interoperabilty into WS-Fed; no further discussions • Devils in the details • Can WS-Fed-based SPs work in InCommon without having to muck up federation metadata with WS-Fed-specifics? • All the stuff besides WS-Fed in the WS-* stack

  7. WS* Interop -- High Level Goals • Establish interoperability of the ADFS Identity Provider and Service Provider implementations (and any other WS-F/PRP/PRIP Provider conformant implementations), with the Internet2 Shibboleth System Identity Provider and Service Provider implementations. • Establish ADFS as a supported option for use for Identity Provider and Service Provider deployments in the Internet2-operated InCommon Federation of US higher-education and partner sites. • Build a strategic relationship with a fully deployed and leading edge federation (InCommon) and the higher ed academic community.

  8. Shibboleth -- Future Releases • “Interim” Release • Target Date -- within Calendar 2005 • Include some SAML-2 Functionality • Rely on feedback from user community to identify SAML-2 features which are HIGH priority • Lots of potential partners interested in helping….

  9. Shibboleth 2.0 • SAML 2.0 specification approved March 2005 • Shibboleth 2.0 • Expect to provide support for ALL REQUIRED SAML-2 functionality • Target Date -- mid-year 2006 • Who wants to help?

  10. Federal eAuthentication • Key driver for e-government, operating under the auspices of GSA • Leveraging key NIST guidelines • Setting the standard for a variety of federated identity requirements • Identity proofing • SAML bindings • Credential assessment • Risk assessment • Technical components driven through the InterOp Lab • http://www.cio.gov/eAuthentication/

  11. eAuthentication Key Concepts • Approved technologies • The Federal “e-Authentication Federation” • Credential assessment framework • Trusted Credential Service providers • Agency Applications (outward facing…)

  12. Shibboleth E-Authn Certification • V1.3 has already successfully navigated interoperability testing • Scheduled for Certification Testing the week of June 20 • Campuses could then • Join the E-authn Federation • Use the Shibboleth software to access e-authn enabled federal gov’t web sites • More E-authn info available at http://www.cio.gov/eauthentication/

More Related