A technical perspective John Potter e-learning adviser (learning technology) JISC RSC-Southeast

What is Shibboleth “ Shibboleth provides a standards-based link between existing campus authentication systems and resource providers of all kinds that makes it easier for users to gain, and resouce providers to control, access to protected Web resources.” Seperates delivery from authentication

“ Shibboleth provides a standards-based link between existing campus authentication systems and resource providers of all kinds that makes it easier for users to gain, and resouce providers to control, access to protected Web resources.”

Seperates delivery from authentication

How it works

What’s good about it? 3 step attribute based system Service Provider site requests user attributes from Identity Provider Identity Provider site authenticates user and supplies Attributes Service Provider site makes an Access Control Decision

3 step attribute based system

Service Provider site requests user attributes from Identity Provider

Identity Provider site authenticates user and supplies Attributes

Service Provider site makes an Access Control Decision

Getting the attributes The 3 step attribute transaction

Attributes Where do they come from? What attibutes are passed? Is there a standard for attributes?

Where do they come from?

What attibutes are passed?

Is there a standard for attributes?

Attributes Where do they come from? Organisations directory services + attribute store What attibutes are passed? Can be anything Is there a standard for attributes? Yes, EduPerson and UkEduPerson

Where do they come from?

Organisations directory services + attribute store

What attibutes are passed?

Can be anything

Is there a standard for attributes?

Yes, EduPerson and UkEduPerson

Idp Software components Java - Sun J2SE JDK A webserver with SSL Apache, IIS A Java servlet engine or application server Tomcat, IBM Websphere, BEA Weblogic A user information store Directory, Database, flat file A Web SSO system Pubcookie Shibboleth Identity Provider Bundle

Java - Sun J2SE JDK

A webserver with SSL

Apache, IIS

A Java servlet engine or application server

Tomcat, IBM Websphere, BEA Weblogic

A user information store

Directory, Database, flat file

A Web SSO system

Pubcookie

Shibboleth Identity Provider Bundle

Implementation skills assuming an Open source approach: Familiarity with unix/linux Experience in installing and using Apache/SSL Familiarilty with Java and experience using a servlet engine Some familiarity with Directories and Schema

assuming an Open source approach:

Familiarity with unix/linux

Experience in installing and using Apache/SSL

Familiarilty with Java and experience using a servlet engine

Some familiarity with Directories and Schema

Help! The UK federation development team is working on streamlining the installation of the Idp software by creating a Windows installer package. This will be available to the community at no cost. Organisations, who are interested in testing the installer package should contact Josh Howlett (josh.howlett at ja.net) for further information.

The UK federation development team is working on streamlining the installation of the Idp software by creating a Windows installer package. This will be available to the community at no cost.

Organisations, who are interested in testing the installer package should contact Josh Howlett (josh.howlett at ja.net) for further information.

More help! UK HE and FE institutions can apply for support from the JISC Institutional Access Management SupportProject (JIAMSP). Two support programmes :- January to April 2008 May to August 2008.

UK HE and FE institutions can apply for support from the JISC Institutional Access Management SupportProject (JIAMSP).

Two support programmes :-

January to April 2008

May to August 2008.

Yet More help! JISC and Nestskils are providing free places on a three day training event covering the key skills required to implement the IdP. 15-17th January 2008 Shoreditch, London.

JISC and Nestskils are providing free places on a three day training event covering the key skills required to implement the IdP.

15-17th January 2008

Shoreditch, London.