Web Authenication with Shibboleth - a view from the Flat East

•Download as KEY, PDF•

0 likes•688 views

This document provides an overview of web authentication with Shibboleth. It discusses how traditionally each website had its own user authentication, but organization-wide single sign-on systems like university portals provided a solution. However, these were not suitable for accessing resources outside the organization. Shibboleth was designed as an open standard web authentication system that supports multiple identity providers, inter-organization use, privacy, anonymity, and multiple attributes. The document outlines some common misconceptions about Shibboleth and provides examples of how it can be used for e-journals, standard web plugins, and authorization decisions.

Technology Design

Web
Authentication
with Shibboleth
A view from the Flat East

Jon Warbrick
Computing Service
University of Cambridge
jw35@cam.ac.uk

...and then sites started to want to
identify their visitors

<Location /basic>
AuthType Basic
AuthName "Who are you?"
require valid-user
</Location>

Organization-wide SSOs

• University of Cambridge
Raven

• Oxford WebAuth

• Classic Athens (R.I.P.)

• Google

• etc, etc, ...

Great for the institution

Inside

Outside

Great for the institution

Inside

Outside
Not so good for
anything outside

Two elephants

• Data protection

• Trust

Enter the Grifﬁn
• AKA Shibboleth
• A Web Auth system
designed to support
(though not to require)
• multiple IdPs
• inter-organization use
• privacy and anonymity
• multiple attributes

Myth and Legends
• Shib is only for e-
Journals

• Only supports anonymity

• Only supplied by
Internet2

• Doesn’t do standards

• Is really hard

VHS vs. Betamax

Facebook Connect

Google Friends Connect

Thanks for listening...

• There may be questions...

• ...including perhaps ‘Why “Shibboleth?”’

“On the Internet, nobody
knows you are a dog...

“On the Internet, nobody
knows you are a dog...

...but sites often want to know that you
are the same dog as last time”

Credits
• ‘In the Field’, Julian Wearne, http://www.ﬂickr.com/photos/ikaink/
4184787380
• Mosaic screen shot courtesy of NCSA/University of Illinois http://
www.ncsa.illinois.edu/News/Images/
• two elephants, Timo Heuer, http://www.ﬂickr.com/photos/upim/
293676365/
• Fire Breathing Mythical Dragon, Wili Hybird, http://www.ﬂickr.com/
photos/walkadog/3484426248/
• “On the Internet”, by Peter Steiner, page 61 of July 5, 1993 issue of
The New Yorker, (Vol.69 (LXIX) no. 20). Reproduced only for
academic discussion, evaluation, and research.
• “Same dog as before”: “Tofu, online trust, and spiritual wisdom”
from the Pushing Strings” blog by Eve Maler.

Viewers also liked

Super zer alphabet_letter_a_2nd_edition

Go Tutor English

Warm Glow Candles

WarmGlowCandle

Concorrencia geral UFPE 2014

Portal NE10

[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam

Appota Group

IPR

Kishor Satpathy

PUEMBO DE COTOPAXI. Pablo Guaña

Pablo Guaña

The Natsu Styleが発表する独自の新しい音楽配信ランキング「オリジナルiTunes週間トップソング」3/28付の注目トピックスです。「オリジナルiTunes週間トップソング」ではiTunesのランキング推移などから独自の指数を算出し、音楽配信の売れ行きを分かりやすくお伝えします。 The Natsu Style: http://www.tnsori.com オリジナルiTunes週間トップソング: http://www.tnsori.com/category/itunes-weekly (iTunes、iTunes Store、Apple Musicは、Apple.incの登録商標です。)

2016/03/28付オリジナルiTunes週間トップソングトピックス

The Natsu Style

Web Content Creation

Digimacademy

исследование качества телефонного обслуживания банки 2013

Михаил Мушкин

Ecologically Safe Monotheistic Solutions to Global Crisis Of The Finance System

Center for Ecological Audit,Social Inclusion and Governance

Tez Son

Atakan Sahin

This section of the agenda will feature leaders in innovation, customer experience, and design within the health insurance space. Each panelist will present the current state of experience at their organization, what successes they have seen, what situations they have learned from, and what their challenges and obstacles are, and where they would like to see things head in the future. Then Amy Cueva will guide the group in a discussion around strategy, measurement, culture change, and other important topics relevant to delivering phenomenal experiences.

HXR 2016: Improving Insurance Member Experiences -Dr. Vidya Raman-Tangella

HxRefactored

Tim's Resume (2015) updated

Tim Bomgardner

Presentació ge

crpsabadell

Bitten By Python

Vijay Kumar Bagavath Singh

Viewers also liked (15)

Super zer alphabet_letter_a_2nd_edition

Warm Glow Candles

Concorrencia geral UFPE 2014

[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam

IPR

PUEMBO DE COTOPAXI. Pablo Guaña

2016/03/28付オリジナルiTunes週間トップソングトピックス

Web Content Creation

исследование качества телефонного обслуживания банки 2013

Ecologically Safe Monotheistic Solutions to Global Crisis Of The Finance System

Tez Son

HXR 2016: Improving Insurance Member Experiences -Dr. Vidya Raman-Tangella

Tim's Resume (2015) updated

Presentació ge

Bitten By Python

Similar to Web Authenication with Shibboleth - a view from the Flat East

In Social Zombies II: Your Friends Need More Brains, Tom Eston, Kevin Johnson and Robin Wood continue the Zombie invasion from "Social Zombies: Your Friends want to eat Your Brains" presented at DEFCON 17. This presentation will further examine the risks of social networks and then present new techniques and tools that can be used to exploit these issues. This presentation begins by discussing new twists on existing privacy concerns that are caused by the trust mass that is social networks. We use this privacy confusion to exploit members and their companies during our penetration tests. The presentation then discusses social network botnets and bot programs. Both the delivery of malware through social networks and the use of these social networks as command and control channels will be examined. Tom, Kevin and Robin next explore the use of browser-based bots and their delivery through custom social network applications and show new ways social network applications can be used for malware delivery. Finally, the information available through the social network APIs is explored using third-party applications designed for penetration testing. This allows for complete coverage of the targets and their information. This was presented at Shmoocon 2010 on February 6, 2010.

Social Zombies II: Your Friends Need More Brains

Tom Eston

Internet and Social Media for Beginners

becarreno

From OSINT to Phishing presentation

Jesse Ratcliffe, OSCP

(Ab)using Identifiers: Indiscernibility of Identity

BayCHI

Bh mirror image-public

Nathan Broadbent

Small pieces loosely joined: getting louse research online.

Vince Smith

The red matrix

Mike Macgirvin

Some attorneys have argued that scouring social networking sites in search of a reason not to hire someone, or evidence of insurance fraud, is an invasion of privacy. But insurance companies and their attorneys argue that internet searches for public social networking profiles are similar to the informal video surveillance investigations of property-casualty claimants that are common in the industry.

Going beyond google 2 philadelphia loss conference

mikep007

Presented at Diana Initiative, Queercon 16, and DEFCON 27 Recon Village 8/9-10, 2019. When we think of the process for attacking an organization, OSINT comes to the front and center of our minds. This presentation takes a presenter with experience in applying OSINT to effective penetration testing and social engineering and reverse engineers the process to determine what steps can be taken to further complicate their efforts. This is a presentation that talks about online deception, decoy accounts, canary data, encryption, maintaining one’s social media in a secure manner, and protecting one’s identity as much as possible. While nothing is absolute, this is a presentation that will leave attendees more aware of techniques to make it harder for attackers to collect accurate OSINT, either by removal or deception.

DECEPTICONv2

👀 Joe Gray

Twitter For Librarians

William Helman

Dark Web and Privacy

Brian Pichman

Do it Best Corp. Techapalooza 2014 Presentation

Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP

Butler - Security Lessons Learned from an Ezproxy Admin

National Information Standards Organization (NISO)

Pichman privacy, the dark web, & hacker devices i school (1)

Stephen Abram

Advanced Research Investigations for SIU Investigators

Sloan Carne

Writing The Research Paper A Handbook (7th ed) - Ch 5 computers and the resea...

tedster777

Privacy and libraries

Dorothea Salo

Why We Need a Dark(er) Web

Jeroen Baert

Osint

Kamal Rathaur

The Web as a Tool

jschleuss

Similar to Web Authenication with Shibboleth - a view from the Flat East (20)

Social Zombies II: Your Friends Need More Brains

Internet and Social Media for Beginners

From OSINT to Phishing presentation

(Ab)using Identifiers: Indiscernibility of Identity

Bh mirror image-public

Small pieces loosely joined: getting louse research online.

The red matrix

Going beyond google 2 philadelphia loss conference

DECEPTICONv2

Twitter For Librarians

Dark Web and Privacy

Do it Best Corp. Techapalooza 2014 Presentation

Butler - Security Lessons Learned from an Ezproxy Admin

Pichman privacy, the dark web, & hacker devices i school (1)

Advanced Research Investigations for SIU Investigators

Writing The Research Paper A Handbook (7th ed) - Ch 5 computers and the resea...

Privacy and libraries

Why We Need a Dark(er) Web

Osint

The Web as a Tool

Recently uploaded

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

DBX First Quarter 2024 Investor Presentation

Dropbox

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

Recently uploaded (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Corporate and higher education May webinar.pptx

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Why Teams call analytics are critical to your entire business

Six Myths about Ontologies: The Basics of Formal Ontology

Apidays New York 2024 - The value of a flexible API Management solution for O...

DBX First Quarter 2024 Investor Presentation

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

MS Copilot expands with MS Graph connectors

CNIC Information System with Pakdata Cf In Pakistan

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

How to Troubleshoot Apps for the Modern Connected Worker

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

presentation ICT roal in 21st century education

Platformless Horizons for Digital Adaptability

Web Authenication with Shibboleth - a view from the Flat East

1. Web Authentication with Shibboleth A view from the Flat East Jon Warbrick Computing Service University of Cambridge jw35@cam.ac.uk

2. Once upon a time there was the web...

3. ...and then sites started to want to identify their visitors <Location /basic> AuthType Basic AuthName "Who are you?" require valid-user </Location>

4. To each site its own users

5. To each site its own users

6. To each site its own users

7. Organization-wide SSOs • University of Cambridge Raven • Oxford WebAuth • Classic Athens (R.I.P.) • Google • etc, etc, ...

8. Great for the institution Inside Outside

9. Great for the institution Inside Outside Not so good for anything outside

10. Two elephants • Data protection • Trust

11. Enter the Grifﬁn • AKA Shibboleth • A Web Auth system designed to support (though not to require) • multiple IdPs • inter-organization use • privacy and anonymity • multiple attributes

12. Myth and Legends • Shib is only for e- Journals • Only supports anonymity • Only supplied by Internet2 • Doesn’t do standards • Is really hard

13. So, what can we do with it?

14. E-Journals

15. Standard web server plugins

16. Authorization decisions Directory

17. Other people

18. Other people, take 2

19. Existing software EZproxy

20. VHS vs. Betamax Facebook Connect Google Friends Connect

21. Thanks for listening... • There may be questions... • ...including perhaps ‘Why “Shibboleth?”’

22.

23. “On the Internet, nobody knows you are a dog...

24. “On the Internet, nobody knows you are a dog... ...but sites often want to know that you are the same dog as last time”

25.

26. Credits • ‘In the Field’, Julian Wearne, http://www.flickr.com/photos/ikaink/ 4184787380 • Mosaic screen shot courtesy of NCSA/University of Illinois http:// www.ncsa.illinois.edu/News/Images/ • two elephants, Timo Heuer, http://www.flickr.com/photos/upim/ 293676365/ • Fire Breathing Mythical Dragon, Wili Hybird, http://www.flickr.com/ photos/walkadog/3484426248/ • “On the Internet”, by Peter Steiner, page 61 of July 5, 1993 issue of The New Yorker, (Vol.69 (LXIX) no. 20). Reproduced only for academic discussion, evaluation, and research. • “Same dog as before”: “Tofu, online trust, and spiritual wisdom” from the Pushing Strings” blog by Eve Maler.

Editor's Notes

&#x201C;Shibboleth, as a way to authenticate people to web sites, has been around in the UK for several years and yet many people don't know what it really does and some people still haven't heard of it. This session will take a quick look at the web authentication landscape, briefly consider what Shibboleth is and how it fits into this landscape, and take a look at what it has, is, and perhaps one day might be used for within the University of Cambridge.&#x201D;\n
Once upon a time there was the web...and it was free and open and everyone was happy (and probably wore sandals and had beards).\n
Obviously there are lots of good reasons for doing this:\nMaking money\nKeeping things secret\nProviding personalisaion\nThe joys of HTTP basic auth.\n
But you are heading for a n-squared problem - password hell for users and administrators.\n
But you are heading for a n-squared problem - password hell for users and administrators.\n
But you are heading for a n-squared problem - password hell for users and administrators.\n
But you are heading for a n-squared problem - password hell for users and administrators.\n
But you are heading for a n-squared problem - password hell for users and administrators.\n
So to address that, organizations all move to some sort of central authentication, probably doing some sort of SSO while you are at it. \n\nNote that most of these leverage HTTP redirects so that passwords are only ever given to one recognizable service. This is at least a reasonable way to use passwords, despite the fact that PASSWORDS DON&#x2019;T WORK, but that&#x2019;s another story.\n
In this and subsequent slides, the orange line represents your institution&#x2019;s &#x2018;organizational&#x2019; boundary\n\nAll this works quite well for people and servers within the organization, but isn&#x2019;t so good for people outside, nor for external servers. And note that people on the inside may not really notice this...\n\nNote the assumption about one IdP.\n
Once you start dealing with things outside the institution border you rapidly run into two big problems.\n\nEU data protection legislation, and so our DPA, makes transferring &#x2018;personal&#x2019; data somewhere between hard and impossible. Interesting in an education context the US have it if anything worse then we do (even though in all other contexts privacy may be non-existent).\n\nThe other problem is one of establishing trust. How can an external site know to trust you (and remember they will be dealing with us too)? If they promise to use your data &#x2018;fairly&#x2019;, how do you know you can trust them?\n\nThere &#x2018;s an n-squared problem lurking here too.\n
A possible solution is Shib. Not quite clear what Shib is - potentially a protocol (though less so now with the move to SAML2), a reference implementation written by Internet2, or an architecture and policy framework.\n\nEmerging chicken-and-egg situation - is Shib based on SAML, or SAML based on Shib?\n
E-Journals an early use case, and the one widely deployed in the UK\nThe e-journals case tends to take advantage of the anonymity features, but you don&#x2019;t have to\nThe reference implementation is by Internet2, but other implementations are springing up. The move to SAML2 in Shib2 opens up increased posibilities for interworkong with generic SAML S/W\nShib 1 invented some new protocols and flows to support SP-first authentication. Everything that Shib needs is now part of SAML2\nIt&#x2019;s not that hard. Really.\n
\n
\n
e.g. UofC have discontinued our Ucam WebAuth IIS plugin\n
\n
No man institution is an island\n
Anyone can run their own idP\n
This slide is almost with out doubt out of date\n
\n
\n
\n
\n
\n
\n

Web Authenication with Shibboleth - a view from the Flat East

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (15)

Similar to Web Authenication with Shibboleth - a view from the Flat East

Similar to Web Authenication with Shibboleth - a view from the Flat East (20)

More from Jon Warbrick

More from Jon Warbrick (10)

Recently uploaded

Recently uploaded (20)

Web Authenication with Shibboleth - a view from the Flat East

Editor's Notes