SlideShare a Scribd company logo

Web Authenication with Shibboleth - a view from the Flat East

Download as KEY, PDF
Jon Warbrick
Jon Warbrick

This document provides an overview of web authentication with Shibboleth. It discusses how traditionally each website had its own user authentication, but organization-wide single sign-on systems like university portals provided a solution. However, these were not suitable for accessing resources outside the organization. Shibboleth was designed as an open standard web authentication system that supports multiple identity providers, inter-organization use, privacy, anonymity, and multiple attributes. The document outlines some common misconceptions about Shibboleth and provides examples of how it can be used for e-journals, standard web plugins, and authorization decisions.

TechnologyDesign
1 of 26
Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk
Once upon a time there was the web...
...and then sites started to want to identify their visitors <Location /basic> AuthType Basic AuthName "Who are you?" require valid-user </Location>
To each site its own users
To each site its own users
To each site its own users
Organization-wide SSOs • University of Cambridge Raven • Oxford WebAuth • Classic Athens (R.I.P.) • Google • etc, etc, ...
Great for the institution Inside Outside
Great for the institution Inside Outside Not so good for anything outside
Two elephants • Data protection • Trust
Enter the Griffin • AKA Shibboleth • A Web Auth system designed to support (though not to require) • multiple IdPs • inter-organization use • privacy and anonymity • multiple attributes
Myth and Legends • Shib is only for e- Journals • Only supports anonymity • Only supplied by Internet2 • Doesn’t do standards • Is really hard
So, what can we do with it?
E-Journals
Standard web server plugins
Authorization decisions Directory
Other people
Other people, take 2
Existing software EZproxy
VHS vs. Betamax Facebook Connect Google Friends Connect
Thanks for listening... • There may be questions... • ...including perhaps ‘Why “Shibboleth?”’
“On the Internet, nobody knows you are a dog...
“On the Internet, nobody knows you are a dog... ...but sites often want to know that you are the same dog as last time”
Credits • ‘In the Field’, Julian Wearne, http://www.flickr.com/photos/ikaink/ 4184787380 • Mosaic screen shot courtesy of NCSA/University of Illinois http:// www.ncsa.illinois.edu/News/Images/ • two elephants, Timo Heuer, http://www.flickr.com/photos/upim/ 293676365/ • Fire Breathing Mythical Dragon, Wili Hybird, http://www.flickr.com/ photos/walkadog/3484426248/ • “On the Internet”, by Peter Steiner, page 61 of July 5, 1993 issue of The New Yorker, (Vol.69 (LXIX) no. 20). Reproduced only for academic discussion, evaluation, and research. • “Same dog as before”: “Tofu, online trust, and spiritual wisdom” from the Pushing Strings” blog by Eve Maler.

Recommended

flAWS Walkthrough - AWS Chicago Meetup 8/8/2017
flAWS Walkthrough - AWS Chicago Meetup 8/8/2017flAWS Walkthrough - AWS Chicago Meetup 8/8/2017
flAWS Walkthrough - AWS Chicago Meetup 8/8/2017Steve Hoffman
 
Evolution of digital footprints
Evolution of digital footprintsEvolution of digital footprints
Evolution of digital footprintsKurtis Hewson
 
Evolution of Digital Footprints
Evolution of Digital FootprintsEvolution of Digital Footprints
Evolution of Digital FootprintsKurtis Hewson
 
Testing Javascript - Prasanna K, ThoughtWorks
Testing Javascript - Prasanna K, ThoughtWorksTesting Javascript - Prasanna K, ThoughtWorks
Testing Javascript - Prasanna K, ThoughtWorksThoughtworks
 
Pensamientos para que lo disfruten el fin de semana
Pensamientos para que lo disfruten el fin de semanaPensamientos para que lo disfruten el fin de semana
Pensamientos para que lo disfruten el fin de semanaRoberto Guerrero V.
 
Ильшад Хабибуллин — BlueBream
Ильшад Хабибуллин — BlueBreamИльшад Хабибуллин — BlueBream
Ильшад Хабибуллин — BlueBreamYury Yurevich
 
Krasjkurs i twitter. Forskningskommunikasjon i sosiale medier
Krasjkurs i twitter. Forskningskommunikasjon i sosiale medier Krasjkurs i twitter. Forskningskommunikasjon i sosiale medier
Krasjkurs i twitter. Forskningskommunikasjon i sosiale medier Audun Farbrot
 
ПУМБ 2015-2016
ПУМБ 2015-2016ПУМБ 2015-2016
ПУМБ 2015-2016Roomian.org
 

Recommended

flAWS Walkthrough - AWS Chicago Meetup 8/8/2017
flAWS Walkthrough - AWS Chicago Meetup 8/8/2017flAWS Walkthrough - AWS Chicago Meetup 8/8/2017
flAWS Walkthrough - AWS Chicago Meetup 8/8/2017Steve Hoffman
 
Evolution of digital footprints
Evolution of digital footprintsEvolution of digital footprints
Evolution of digital footprintsKurtis Hewson
 
Evolution of Digital Footprints
Evolution of Digital FootprintsEvolution of Digital Footprints
Evolution of Digital FootprintsKurtis Hewson
 
Testing Javascript - Prasanna K, ThoughtWorks
Testing Javascript - Prasanna K, ThoughtWorksTesting Javascript - Prasanna K, ThoughtWorks
Testing Javascript - Prasanna K, ThoughtWorksThoughtworks
 
Pensamientos para que lo disfruten el fin de semana
Pensamientos para que lo disfruten el fin de semanaPensamientos para que lo disfruten el fin de semana
Pensamientos para que lo disfruten el fin de semanaRoberto Guerrero V.
 
Ильшад Хабибуллин — BlueBream
Ильшад Хабибуллин — BlueBreamИльшад Хабибуллин — BlueBream
Ильшад Хабибуллин — BlueBreamYury Yurevich
 
Krasjkurs i twitter. Forskningskommunikasjon i sosiale medier
Krasjkurs i twitter. Forskningskommunikasjon i sosiale medier Krasjkurs i twitter. Forskningskommunikasjon i sosiale medier
Krasjkurs i twitter. Forskningskommunikasjon i sosiale medier Audun Farbrot
 
ПУМБ 2015-2016
ПУМБ 2015-2016ПУМБ 2015-2016
ПУМБ 2015-2016Roomian.org
 
Super zer alphabet_letter_a_2nd_edition
Super zer alphabet_letter_a_2nd_editionSuper zer alphabet_letter_a_2nd_edition
Super zer alphabet_letter_a_2nd_editionGo Tutor English
 
Warm Glow Candles
Warm Glow CandlesWarm Glow Candles
Warm Glow CandlesWarmGlowCandle
 
Concorrencia geral UFPE 2014
Concorrencia geral UFPE 2014Concorrencia geral UFPE 2014
Concorrencia geral UFPE 2014Portal NE10
 
[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam
[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam
[Mobile Day HCM] Lessons Learn from Top Mobile App in VietnamAppota Group
 
IPR
IPRIPR
IPRKishor Satpathy
 
PUEMBO DE COTOPAXI. Pablo Guaña
PUEMBO DE COTOPAXI. Pablo GuañaPUEMBO DE COTOPAXI. Pablo Guaña
PUEMBO DE COTOPAXI. Pablo GuañaPablo Guaña
 
2016/03/28付 オリジナルiTunes週間トップソングトピックス
2016/03/28付 オリジナルiTunes週間トップソングトピックス2016/03/28付 オリジナルiTunes週間トップソングトピックス
2016/03/28付 オリジナルiTunes週間トップソングトピックスThe Natsu Style
 
Web Content Creation
Web Content CreationWeb Content Creation
Web Content CreationDigimacademy
 
исследование качества телефонного обслуживания банки 2013
исследование качества телефонного обслуживания банки 2013исследование качества телефонного обслуживания банки 2013
исследование качества телефонного обслуживания банки 2013Михаил Мушкин
 
Ecologically Safe Monotheistic Solutions to Global Crisis Of The Finance System
Ecologically Safe Monotheistic Solutions to Global Crisis Of The Finance SystemEcologically Safe Monotheistic Solutions to Global Crisis Of The Finance System
Ecologically Safe Monotheistic Solutions to Global Crisis Of The Finance SystemCenter for Ecological Audit,Social Inclusion and Governance
 
Tez Son
Tez SonTez Son
Tez SonAtakan Sahin
 
HXR 2016: Improving Insurance Member Experiences -Dr. Vidya Raman-Tangella
HXR 2016: Improving Insurance Member Experiences -Dr. Vidya Raman-TangellaHXR 2016: Improving Insurance Member Experiences -Dr. Vidya Raman-Tangella
HXR 2016: Improving Insurance Member Experiences -Dr. Vidya Raman-TangellaHxRefactored
 
Tim's Resume (2015) updated
Tim's Resume (2015) updatedTim's Resume (2015) updated
Tim's Resume (2015) updatedTim Bomgardner
 
Presentació ge
Presentació gePresentació ge
Presentació gecrpsabadell
 
Bitten By Python
Bitten By PythonBitten By Python
Bitten By PythonVijay Kumar Bagavath Singh
 
Social Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsSocial Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsTom Eston
 
Internet and Social Media for Beginners
Internet and Social Media for BeginnersInternet and Social Media for Beginners
Internet and Social Media for Beginnersbecarreno
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentationJesse Ratcliffe, OSCP
 
(Ab)using Identifiers: Indiscernibility of Identity
(Ab)using Identifiers: Indiscernibility of Identity(Ab)using Identifiers: Indiscernibility of Identity
(Ab)using Identifiers: Indiscernibility of IdentityBayCHI
 
Bh mirror image-public
Bh mirror image-publicBh mirror image-public
Bh mirror image-publicNathan Broadbent
 
Small pieces loosely joined: getting louse research online.
Small pieces loosely joined: getting louse research online.Small pieces loosely joined: getting louse research online.
Small pieces loosely joined: getting louse research online.Vince Smith
 
The red matrix
The red matrixThe red matrix
The red matrixMike Macgirvin
 

More Related Content

Viewers also liked

Super zer alphabet_letter_a_2nd_edition
Super zer alphabet_letter_a_2nd_editionSuper zer alphabet_letter_a_2nd_edition
Super zer alphabet_letter_a_2nd_editionGo Tutor English
 
Concorrencia geral UFPE 2014
Concorrencia geral UFPE 2014Concorrencia geral UFPE 2014
Concorrencia geral UFPE 2014Portal NE10
 
[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam
[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam
[Mobile Day HCM] Lessons Learn from Top Mobile App in VietnamAppota Group
 
PUEMBO DE COTOPAXI. Pablo Guaña
PUEMBO DE COTOPAXI. Pablo GuañaPUEMBO DE COTOPAXI. Pablo Guaña
PUEMBO DE COTOPAXI. Pablo GuañaPablo Guaña
 
2016/03/28付 オリジナルiTunes週間トップソングトピックス
2016/03/28付 オリジナルiTunes週間トップソングトピックス2016/03/28付 オリジナルiTunes週間トップソングトピックス
2016/03/28付 オリジナルiTunes週間トップソングトピックスThe Natsu Style
 
Web Content Creation
Web Content CreationWeb Content Creation
Web Content CreationDigimacademy
 
исследование качества телефонного обслуживания банки 2013
исследование качества телефонного обслуживания банки 2013исследование качества телефонного обслуживания банки 2013
исследование качества телефонного обслуживания банки 2013Михаил Мушкин
 
HXR 2016: Improving Insurance Member Experiences -Dr. Vidya Raman-Tangella
HXR 2016: Improving Insurance Member Experiences -Dr. Vidya Raman-TangellaHXR 2016: Improving Insurance Member Experiences -Dr. Vidya Raman-Tangella
HXR 2016: Improving Insurance Member Experiences -Dr. Vidya Raman-TangellaHxRefactored
 
Tim's Resume (2015) updated
Tim's Resume (2015) updatedTim's Resume (2015) updated
Tim's Resume (2015) updatedTim Bomgardner
 

Viewers also liked (15)

Super zer alphabet_letter_a_2nd_edition
Super zer alphabet_letter_a_2nd_editionSuper zer alphabet_letter_a_2nd_edition
Super zer alphabet_letter_a_2nd_edition
 
Warm Glow Candles
Warm Glow CandlesWarm Glow Candles
Warm Glow Candles
 
Concorrencia geral UFPE 2014
Concorrencia geral UFPE 2014Concorrencia geral UFPE 2014
Concorrencia geral UFPE 2014
 
[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam
[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam
[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam
 
IPR
IPRIPR
IPR
 
PUEMBO DE COTOPAXI. Pablo Guaña
PUEMBO DE COTOPAXI. Pablo GuañaPUEMBO DE COTOPAXI. Pablo Guaña
PUEMBO DE COTOPAXI. Pablo Guaña
 
2016/03/28付 オリジナルiTunes週間トップソングトピックス
2016/03/28付 オリジナルiTunes週間トップソングトピックス2016/03/28付 オリジナルiTunes週間トップソングトピックス
2016/03/28付 オリジナルiTunes週間トップソングトピックス
 
Web Content Creation
Web Content CreationWeb Content Creation
Web Content Creation
 
исследование качества телефонного обслуживания банки 2013
исследование качества телефонного обслуживания банки 2013исследование качества телефонного обслуживания банки 2013
исследование качества телефонного обслуживания банки 2013
 
Ecologically Safe Monotheistic Solutions to Global Crisis Of The Finance System
Ecologically Safe Monotheistic Solutions to Global Crisis Of The Finance SystemEcologically Safe Monotheistic Solutions to Global Crisis Of The Finance System
Ecologically Safe Monotheistic Solutions to Global Crisis Of The Finance System
 
Tez Son
Tez SonTez Son
Tez Son
 
HXR 2016: Improving Insurance Member Experiences -Dr. Vidya Raman-Tangella
HXR 2016: Improving Insurance Member Experiences -Dr. Vidya Raman-TangellaHXR 2016: Improving Insurance Member Experiences -Dr. Vidya Raman-Tangella
HXR 2016: Improving Insurance Member Experiences -Dr. Vidya Raman-Tangella
 
Tim's Resume (2015) updated
Tim's Resume (2015) updatedTim's Resume (2015) updated
Tim's Resume (2015) updated
 
Presentació ge
Presentació gePresentació ge
Presentació ge
 
Bitten By Python
Bitten By PythonBitten By Python
Bitten By Python
 

Similar to Web Authenication with Shibboleth - a view from the Flat East

Social Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsSocial Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsTom Eston
 
Internet and Social Media for Beginners
Internet and Social Media for BeginnersInternet and Social Media for Beginners
Internet and Social Media for Beginnersbecarreno
 
(Ab)using Identifiers: Indiscernibility of Identity
(Ab)using Identifiers: Indiscernibility of Identity(Ab)using Identifiers: Indiscernibility of Identity
(Ab)using Identifiers: Indiscernibility of IdentityBayCHI
 
Small pieces loosely joined: getting louse research online.
Small pieces loosely joined: getting louse research online.Small pieces loosely joined: getting louse research online.
Small pieces loosely joined: getting louse research online.Vince Smith
 
Going beyond google 2 philadelphia loss conference
Going beyond google 2 philadelphia loss conferenceGoing beyond google 2 philadelphia loss conference
Going beyond google 2 philadelphia loss conferencemikep007
 
Twitter For Librarians
Twitter For LibrariansTwitter For Librarians
Twitter For LibrariansWilliam Helman
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and PrivacyBrian Pichman
 
Pichman privacy, the dark web, &amp; hacker devices i school (1)
Pichman privacy, the dark web, &amp; hacker devices i school (1)Pichman privacy, the dark web, &amp; hacker devices i school (1)
Pichman privacy, the dark web, &amp; hacker devices i school (1)Stephen Abram
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Writing The Research Paper A Handbook (7th ed) - Ch 5 computers and the resea...
Writing The Research Paper A Handbook (7th ed) - Ch 5 computers and the resea...Writing The Research Paper A Handbook (7th ed) - Ch 5 computers and the resea...
Writing The Research Paper A Handbook (7th ed) - Ch 5 computers and the resea...tedster777
 
Privacy and libraries
Privacy and librariesPrivacy and libraries
Privacy and librariesDorothea Salo
 
Why We Need a Dark(er) Web
Why We Need a Dark(er) WebWhy We Need a Dark(er) Web
Why We Need a Dark(er) WebJeroen Baert
 
The Web as a Tool
The Web as a ToolThe Web as a Tool
The Web as a Tooljschleuss
 

Similar to Web Authenication with Shibboleth - a view from the Flat East (20)

Social Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsSocial Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More Brains
 
Internet and Social Media for Beginners
Internet and Social Media for BeginnersInternet and Social Media for Beginners
Internet and Social Media for Beginners
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
(Ab)using Identifiers: Indiscernibility of Identity
(Ab)using Identifiers: Indiscernibility of Identity(Ab)using Identifiers: Indiscernibility of Identity
(Ab)using Identifiers: Indiscernibility of Identity
 
Bh mirror image-public
Bh mirror image-publicBh mirror image-public
Bh mirror image-public
 
Small pieces loosely joined: getting louse research online.
Small pieces loosely joined: getting louse research online.Small pieces loosely joined: getting louse research online.
Small pieces loosely joined: getting louse research online.
 
The red matrix
The red matrixThe red matrix
The red matrix
 
Going beyond google 2 philadelphia loss conference
Going beyond google 2 philadelphia loss conferenceGoing beyond google 2 philadelphia loss conference
Going beyond google 2 philadelphia loss conference
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
Twitter For Librarians
Twitter For LibrariansTwitter For Librarians
Twitter For Librarians
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and Privacy
 
Do it Best Corp. Techapalooza 2014 Presentation
Do it Best Corp. Techapalooza 2014 PresentationDo it Best Corp. Techapalooza 2014 Presentation
Do it Best Corp. Techapalooza 2014 Presentation
 
Butler - Security Lessons Learned from an Ezproxy Admin
Butler - Security Lessons Learned from an Ezproxy AdminButler - Security Lessons Learned from an Ezproxy Admin
Butler - Security Lessons Learned from an Ezproxy Admin
 
Pichman privacy, the dark web, &amp; hacker devices i school (1)
Pichman privacy, the dark web, &amp; hacker devices i school (1)Pichman privacy, the dark web, &amp; hacker devices i school (1)
Pichman privacy, the dark web, &amp; hacker devices i school (1)
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
 
Writing The Research Paper A Handbook (7th ed) - Ch 5 computers and the resea...
Writing The Research Paper A Handbook (7th ed) - Ch 5 computers and the resea...Writing The Research Paper A Handbook (7th ed) - Ch 5 computers and the resea...
Writing The Research Paper A Handbook (7th ed) - Ch 5 computers and the resea...
 
Privacy and libraries
Privacy and librariesPrivacy and libraries
Privacy and libraries
 
Why We Need a Dark(er) Web
Why We Need a Dark(er) WebWhy We Need a Dark(er) Web
Why We Need a Dark(er) Web
 
Osint
OsintOsint
Osint
 
The Web as a Tool
The Web as a ToolThe Web as a Tool
The Web as a Tool
 

More from Jon Warbrick

Dunbar's Number, and what it means to the UIS
Dunbar's Number, and what it means to the UISDunbar's Number, and what it means to the UIS
Dunbar's Number, and what it means to the UISJon Warbrick
 
The 'New [University of Cambridge] Map
The 'New [University of Cambridge] MapThe 'New [University of Cambridge] Map
The 'New [University of Cambridge] MapJon Warbrick
 
Syndicated content on your web pages
Syndicated content on your web pagesSyndicated content on your web pages
Syndicated content on your web pagesJon Warbrick
 
Lessons fro IPv6 day, 2011
Lessons fro IPv6 day, 2011Lessons fro IPv6 day, 2011
Lessons fro IPv6 day, 2011Jon Warbrick
 
An introduction to Version Control Systems
An introduction to Version Control SystemsAn introduction to Version Control Systems
An introduction to Version Control SystemsJon Warbrick
 
Lessons from IPv6 Day
Lessons from IPv6 DayLessons from IPv6 Day
Lessons from IPv6 DayJon Warbrick
 
Google Apps @ Cambridge - What we did
Google Apps @ Cambridge - What we didGoogle Apps @ Cambridge - What we did
Google Apps @ Cambridge - What we didJon Warbrick
 
(Why) Passwords don't work
(Why) Passwords don't work(Why) Passwords don't work
(Why) Passwords don't workJon Warbrick
 
State of the Raven
State of the RavenState of the Raven
State of the RavenJon Warbrick
 
Google Apps - SSO and Identity Management at the University of Cambridge
Google Apps - SSO and Identity Management at the University of CambridgeGoogle Apps - SSO and Identity Management at the University of Cambridge
Google Apps - SSO and Identity Management at the University of CambridgeJon Warbrick
 

More from Jon Warbrick (10)

Dunbar's Number, and what it means to the UIS
Dunbar's Number, and what it means to the UISDunbar's Number, and what it means to the UIS
Dunbar's Number, and what it means to the UIS
 
The 'New [University of Cambridge] Map
The 'New [University of Cambridge] MapThe 'New [University of Cambridge] Map
The 'New [University of Cambridge] Map
 
Syndicated content on your web pages
Syndicated content on your web pagesSyndicated content on your web pages
Syndicated content on your web pages
 
Lessons fro IPv6 day, 2011
Lessons fro IPv6 day, 2011Lessons fro IPv6 day, 2011
Lessons fro IPv6 day, 2011
 
An introduction to Version Control Systems
An introduction to Version Control SystemsAn introduction to Version Control Systems
An introduction to Version Control Systems
 
Lessons from IPv6 Day
Lessons from IPv6 DayLessons from IPv6 Day
Lessons from IPv6 Day
 
Google Apps @ Cambridge - What we did
Google Apps @ Cambridge - What we didGoogle Apps @ Cambridge - What we did
Google Apps @ Cambridge - What we did
 
(Why) Passwords don't work
(Why) Passwords don't work(Why) Passwords don't work
(Why) Passwords don't work
 
State of the Raven
State of the RavenState of the Raven
State of the Raven
 
Google Apps - SSO and Identity Management at the University of Cambridge
Google Apps - SSO and Identity Management at the University of CambridgeGoogle Apps - SSO and Identity Management at the University of Cambridge
Google Apps - SSO and Identity Management at the University of Cambridge
 

Recently uploaded

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Recently uploaded (20)

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

Web Authenication with Shibboleth - a view from the Flat East

  • 1. Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk
  • 2. Once upon a time there was the web...
  • 3. ...and then sites started to want to identify their visitors <Location /basic> AuthType Basic AuthName "Who are you?" require valid-user </Location>
  • 4. To each site its own users
  • 5. To each site its own users
  • 6. To each site its own users
  • 7. Organization-wide SSOs • University of Cambridge Raven • Oxford WebAuth • Classic Athens (R.I.P.) • Google • etc, etc, ...
  • 8. Great for the institution Inside Outside
  • 9. Great for the institution Inside Outside Not so good for anything outside
  • 10. Two elephants • Data protection • Trust
  • 11. Enter the Griffin • AKA Shibboleth • A Web Auth system designed to support (though not to require) • multiple IdPs • inter-organization use • privacy and anonymity • multiple attributes
  • 12. Myth and Legends • Shib is only for e- Journals • Only supports anonymity • Only supplied by Internet2 • Doesn’t do standards • Is really hard
  • 13. So, what can we do with it?
  • 19. Existing software EZproxy
  • 20. VHS vs. Betamax Facebook Connect Google Friends Connect
  • 21. Thanks for listening... • There may be questions... • ...including perhaps ‘Why “Shibboleth?”’
  • 22.
  • 23. “On the Internet, nobody knows you are a dog...
  • 24. “On the Internet, nobody knows you are a dog... ...but sites often want to know that you are the same dog as last time”
  • 25.
  • 26. Credits • ‘In the Field’, Julian Wearne, http://www.flickr.com/photos/ikaink/ 4184787380 • Mosaic screen shot courtesy of NCSA/University of Illinois http:// www.ncsa.illinois.edu/News/Images/ • two elephants, Timo Heuer, http://www.flickr.com/photos/upim/ 293676365/ • Fire Breathing Mythical Dragon, Wili Hybird, http://www.flickr.com/ photos/walkadog/3484426248/ • “On the Internet”, by Peter Steiner, page 61 of July 5, 1993 issue of The New Yorker, (Vol.69 (LXIX) no. 20). Reproduced only for academic discussion, evaluation, and research. • “Same dog as before”: “Tofu, online trust, and spiritual wisdom” from the Pushing Strings” blog by Eve Maler.

Editor's Notes

  1. &amp;#x201C;Shibboleth, as a way to authenticate people to web sites, has been around in the UK for several years and yet many people don&apos;t know what it really does and some people still haven&apos;t heard of it. This session will take a quick look at the web authentication landscape, briefly consider what Shibboleth is and how it fits into this landscape, and take a look at what it has, is, and perhaps one day might be used for within the University of Cambridge.&amp;#x201D;\n
  2. Once upon a time there was the web...and it was free and open and everyone was happy (and probably wore sandals and had beards).\n
  3. Obviously there are lots of good reasons for doing this:\nMaking money\nKeeping things secret\nProviding personalisaion\nThe joys of HTTP basic auth.\n
  4. But you are heading for a n-squared problem - password hell for users and administrators.\n
  5. But you are heading for a n-squared problem - password hell for users and administrators.\n
  6. But you are heading for a n-squared problem - password hell for users and administrators.\n
  7. But you are heading for a n-squared problem - password hell for users and administrators.\n
  8. But you are heading for a n-squared problem - password hell for users and administrators.\n
  9. So to address that, organizations all move to some sort of central authentication, probably doing some sort of SSO while you are at it. \n\nNote that most of these leverage HTTP redirects so that passwords are only ever given to one recognizable service. This is at least a reasonable way to use passwords, despite the fact that PASSWORDS DON&amp;#x2019;T WORK, but that&amp;#x2019;s another story.\n
  10. In this and subsequent slides, the orange line represents your institution&amp;#x2019;s &amp;#x2018;organizational&amp;#x2019; boundary\n\nAll this works quite well for people and servers within the organization, but isn&amp;#x2019;t so good for people outside, nor for external servers. And note that people on the inside may not really notice this...\n\nNote the assumption about one IdP.\n
  11. Once you start dealing with things outside the institution border you rapidly run into two big problems.\n\nEU data protection legislation, and so our DPA, makes transferring &amp;#x2018;personal&amp;#x2019; data somewhere between hard and impossible. Interesting in an education context the US have it if anything worse then we do (even though in all other contexts privacy may be non-existent).\n\nThe other problem is one of establishing trust. How can an external site know to trust you (and remember they will be dealing with us too)? If they promise to use your data &amp;#x2018;fairly&amp;#x2019;, how do you know you can trust them?\n\nThere &amp;#x2018;s an n-squared problem lurking here too.\n
  12. A possible solution is Shib. Not quite clear what Shib is - potentially a protocol (though less so now with the move to SAML2), a reference implementation written by Internet2, or an architecture and policy framework.\n\nEmerging chicken-and-egg situation - is Shib based on SAML, or SAML based on Shib?\n
  13. E-Journals an early use case, and the one widely deployed in the UK\nThe e-journals case tends to take advantage of the anonymity features, but you don&amp;#x2019;t have to\nThe reference implementation is by Internet2, but other implementations are springing up. The move to SAML2 in Shib2 opens up increased posibilities for interworkong with generic SAML S/W\nShib 1 invented some new protocols and flows to support SP-first authentication. Everything that Shib needs is now part of SAML2\nIt&amp;#x2019;s not that hard. Really.\n
  14. \n
  15. \n
  16. e.g. UofC have discontinued our Ucam WebAuth IIS plugin\n
  17. \n
  18. No man institution is an island\n
  19. Anyone can run their own idP\n
  20. This slide is almost with out doubt out of date\n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n