1 / 11

Intra-campus Web SSO Management Topics for Deployed Campuses

Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007 Intra-campus Web SSO Management Topics for Deployed Campuses Topics Background Governance Business Policies Business Practices Central SP Strategy Departmental SP Strategy Background

JasminFlorian
Download Presentation

Intra-campus Web SSO Management Topics for Deployed Campuses

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007 Intra-campus Web SSOManagement Topics for Deployed Campuses

  2. Topics • Background • Governance • Business Policies • Business Practices • Central SP Strategy • Departmental SP Strategy

  3. Background • Legacy intra-campus Web SSO service • Pubcookie 3.3.2d; two login flavors • Uses UW NetID, Kerberos, SecurID services • Over 1,000 registered legacy service providers • UW Shibboleth Identity Provider system • Production deployment in 2005 • Over 20 Central / Departmental Shibboleth service providers • Current InCommon member • InCommon SP sponsor (ProtectNetwork, Cdigix, Refworks)

  4. Yesterday’s Scores • Stage 1 Scores from Self-Assessment Checklist • Policy Steps, 1/7 (14%) • Business Practices 5/6 (83%)

  5. Web SSO Governance • Questions raised by self-assessment • Who governs the Web SSO service? • Who governs other authentication services? • Who governs application integration? • Who governs UW NetID credential? • And what specifically do they govern?

  6. Privacy and Security Terms of Use Obligations Liabilities Records Retention & Access What apps must use the service Capabilities (e.g. 2-factor, reauth, logout) Policies (e.g. 8hr SSO duration) Usability Application design Web SSO Governance

  7. UW Shib IdP Business Policies • CA trust policy: UW CA, InCommon CA • Default ARP for *.washington.edu • eduPersonAffiliation • eduPersonPrincipalName • eduPersonScopedAffiliation • UW DNS name contacts can register new SPs

  8. UW Shib IdP Business Practices • Self-service registration for UW DNS name contacts • Pre-approved status for Central system admins • But SP lifecycles currently unmanaged • Allow use on central web-hosting environments • e.g. faculty.washington.edu, staff.washington.edu,students.washington.edu? • “Quarter of interest” changes 1st Thursday before quarter start

  9. Central Service Provider Strategy • No strategy, just highly responsive tactics with partners • Central/Partner successes • DRAM, CreateHope, WebAssign, Cdigix, E-academy.com, Confluence, iTunesU (Fall ‘07) • Innovation and Discovery • UW NetID sign-up: Cascadia CC, SCCA • NSF Fastlane inter-federation interop work • Shib interop with Microsoft CardSpace • Google Apps (vs Microsoft Windows Live)

  10. Departmental Service Provider Strategy • Create a Web SSO service roadmap • Legacy vs Shibboleth vs Windows Authentication • Create local deploy, migrate guides • Extract knowledge from local Shib team • Set install bar: system admins should be able to install/activate SP in under 1.75 hours • Offer Install Fest(s) thru UW Computer Training • For Customer Support staff • For SP “frequent flyers” • For interested admins… seed a community. • And trust that Attribute Delivery is the carrot

  11. End(Klara … you’re up.)

More Related