State of the Raven

936 views
836 views

Published on

The state of the Raven central web authentication service at the University of Cambridge in May 2009. Presented to the University Techlinks community.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
936
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • State of the Raven

    1. 1. The State of the Raven Jon WarbrickUniversity of Cambridge Computing Service jw35@cam.ac.uk
    2. 2. The State of the Raven Corvus coraxRaven photo used under the terms of the GNU Free Documentation License. Author Pcb21.
    3. 3. The State of the Raven Raven Web Authentication
    4. 4. The State of the Raven 2002 A little history December 2002: the CS’s Oct Nov Dec SMT approve a proposal for a “Central, password-based web authentication service”
    5. 5. The State of the Raven 2003 August 2003: “A central web authentication system” Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec First talk to Webmasters
    6. 6. The State of the Raven 2004 January 2004: September 2004: Initial implementation Raven service reported to be launched Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec “Raven Web “The Raven Web “info.raven. Authentication” Authentication current.status” talk to Webmasters Service” talk to talk to Techlinks Webmasters
    7. 7. The State of the Raven 2005 October 2005: CamSIS exam entries, and CamCORS adopt Raven authentication Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
    8. 8. The State of the Raven 2006 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
    9. 9. The State of the Raven 2007 October 2007: January 2007: Shibboleth IdP Plans for a Shibboleth service launched; no service announced new Athens Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec “Introducing Shibboleth” talk to Techlinks
    10. 10. The State of the Raven 2008 July 2008: October 2008: UK central funding for Raven defaults to Athens service stops authenticating without asking Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
    11. 11. The State of the Raven 2009 March 2009: Support for Shib SPs in the Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec YOU ARE HERE!! The future
    12. 12. The State of the Raven 30,000 20,000 10,000 0 Jan 05 Jan 06 Jan 07 Jan 08 Jan 09 Distinct Raven users per month
    13. 13. The State of the Raven 600 450 300 150 0 Jan 05 Jan 06 Jan 07 Jan 08 Jan 09 Distinct web servers per month
    14. 14. The State of the Raven 8,000.000 5,333.333 2,666.667 0 Jan 08 Jan 09 Distinct Shib users per month
    15. 15. The State of the Raven 60 40 20 0 Jan 08 Jan 09 Distinct Shib SPs per month
    16. 16. The State of the Raven So, Shibboleth, remind me... “The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.” http://shibboleth.internet2.edu/ (emphasis mine)
    17. 17. The State of the Raven So, Shibboleth, remind me... Standards based, open source software package For web single sign-on Across or within organizational boundaries Informed authorization decisions Individual access Protected online resources Privacy-preserving
    18. 18. The State of the Raven So, Shibboleth, remind me... Components Identity Providers (IdPs) Service Providers (SPs) Discovery Services (DSs)
    19. 19. The State of the Raven Some use cases The University InsideOutside
    20. 20. The State of the Raven E-journals
    21. 21. The State of the Raven E-journals
    22. 22. The State of the Raven E-journals
    23. 23. The State of the Raven Windows IIS 7
    24. 24. The State of the Raven Windows IIS 7
    25. 25. The State of the Raven Authorization decisions
    26. 26. The State of the Raven Authorization decisions lookup
    27. 27. The State of the Raven Authorization decisions lookup X
    28. 28. The State of the Raven Authorization decisions lookup X
    29. 29. The State of the Raven “Other people”
    30. 30. The State of the Raven “Other people”
    31. 31. The State of the Raven “Other people”
    32. 32. The State of the Raven “Other people”
    33. 33. The State of the Raven Your own IdP X
    34. 34. The State of the Raven Your own IdP X
    35. 35. The State of the Raven Existing software
    36. 36. The State of the Raven Existing software
    37. 37. The State of the Raven Existing software EZproxy
    38. 38. The State of the Raven So, how do I do it? Install the software Installer to Windows (for IIS or Apache) Ports-based install for MacOS Binary RPMs for SLES10 and CentOS (a.k.a. RHEL) Source RPMs and source files
    39. 39. The State of the Raven So, how do I do it? (2) Customize config files (shibboleth2.xml) Start Shib daemon, (re-)start Apache Test Gives you a simple SP protecting /secure/ by requiring a Raven login
    40. 40. The State of the Raven Now what? Register your SP? Configure access control Configure virtual hosts Setup SSL?
    41. 41. The State of the Raven What’s the catch? XML-based config files (even under Windows!) All that software SSL and certificates and stuff Need to actually understand virtual hosting An extra daemon/process Generally more complicated :-((
    42. 42. The State of the Raven So how do I cope? https://wiki.csx.cam.ac.uk/raven/ Shibboleth_documentation_and_HOWTOs raven-support@ucs.cam.ac.uk cs-raven-discuss@lists.cam.ac.uk shibboleth-users@internet2.edu
    43. 43. The State of the Raven So how do I cope?
    44. 44. The State of the Raven The future “Prediction is very hard, especially about the future.” Niels Bohr
    45. 45. The State of the Raven The future Shibboleth 2.0 More attributes Other protocols: OpenID, WS-*, Oauth Non-web The “Identity Management Working Group”
    46. 46. The State of the Raven Thank you for listening There may be questions... ...including perhaps ‘Why “Shibboleth?”’

    ×