nathan dors technology manager university of washington camp shibboleth june 25 27 2007 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Intra-campus Web SSO Management Topics for Deployed Campuses PowerPoint Presentation
Download Presentation
Intra-campus Web SSO Management Topics for Deployed Campuses

Loading in 2 Seconds...

play fullscreen
1 / 11

Intra-campus Web SSO Management Topics for Deployed Campuses - PowerPoint PPT Presentation


  • 355 Views
  • Uploaded on

Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007 Intra-campus Web SSO Management Topics for Deployed Campuses Topics Background Governance Business Policies Business Practices Central SP Strategy Departmental SP Strategy Background

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Intra-campus Web SSO Management Topics for Deployed Campuses' - JasminFlorian


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
topics
Topics
  • Background
  • Governance
  • Business Policies
  • Business Practices
  • Central SP Strategy
  • Departmental SP Strategy
background
Background
  • Legacy intra-campus Web SSO service
    • Pubcookie 3.3.2d; two login flavors
    • Uses UW NetID, Kerberos, SecurID services
    • Over 1,000 registered legacy service providers
  • UW Shibboleth Identity Provider system
    • Production deployment in 2005
    • Over 20 Central / Departmental Shibboleth service providers
    • Current InCommon member
    • InCommon SP sponsor (ProtectNetwork, Cdigix, Refworks)
yesterday s scores
Yesterday’s Scores
  • Stage 1 Scores from Self-Assessment Checklist
    • Policy Steps, 1/7 (14%)
    • Business Practices 5/6 (83%)
web sso governance
Web SSO Governance
  • Questions raised by self-assessment
    • Who governs the Web SSO service?
    • Who governs other authentication services?
    • Who governs application integration?
    • Who governs UW NetID credential?
    • And what specifically do they govern?
web sso governance6
Privacy and Security

Terms of Use

Obligations

Liabilities

Records Retention & Access

What apps must use the service

Capabilities (e.g. 2-factor, reauth, logout)

Policies (e.g. 8hr SSO duration)

Usability

Application design

Web SSO Governance
uw shib idp business policies
UW Shib IdP Business Policies
  • CA trust policy: UW CA, InCommon CA
  • Default ARP for *.washington.edu
    • eduPersonAffiliation
    • eduPersonPrincipalName
    • eduPersonScopedAffiliation
  • UW DNS name contacts can register new SPs
uw shib idp business practices
UW Shib IdP Business Practices
  • Self-service registration for UW DNS name contacts
    • Pre-approved status for Central system admins
    • But SP lifecycles currently unmanaged
  • Allow use on central web-hosting environments
    • e.g. faculty.washington.edu, staff.washington.edu,students.washington.edu?
  • “Quarter of interest” changes 1st Thursday before quarter start
central service provider strategy
Central Service Provider Strategy
  • No strategy, just highly responsive tactics with partners
  • Central/Partner successes
    • DRAM, CreateHope, WebAssign, Cdigix, E-academy.com, Confluence, iTunesU (Fall ‘07)
  • Innovation and Discovery
    • UW NetID sign-up: Cascadia CC, SCCA
    • NSF Fastlane inter-federation interop work
    • Shib interop with Microsoft CardSpace
    • Google Apps (vs Microsoft Windows Live)
departmental service provider strategy
Departmental Service Provider Strategy
  • Create a Web SSO service roadmap
    • Legacy vs Shibboleth vs Windows Authentication
  • Create local deploy, migrate guides
    • Extract knowledge from local Shib team
    • Set install bar: system admins should be able to install/activate SP in under 1.75 hours
  • Offer Install Fest(s) thru UW Computer Training
    • For Customer Support staff
    • For SP “frequent flyers”
    • For interested admins… seed a community.
  • And trust that Attribute Delivery is the carrot