Upload File

shibboleth akylbek zhumabayev september 2008. agenda introduction description ws standards...

  • Home
  • Documents
  • Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2
10
Shibboleth Akylbek Zhumabayev September 2008

Upload: aubrey-griffith

Post on 17-Jan-2016

217 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2

Shibboleth

Akylbek ZhumabayevSeptember 2008

Page 2: Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2

Agenda

• Introduction• Description• WS Standards• WS-Federation• Picture• Grid Security• GridShib• References

2

Page 3: Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2

Introduction

• Started in 2000 by Internet2/MACE• Current version: 2.0 (March 19, 2008)• http://shibboleth.internet2.edu• Open source (Apache2 license)• Large projects in 15 countries

3

http://shibboleth.internet2.edu/
Page 4: Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2

Description

Purpose: cross-domain access control• Authentication: single sign-on (SSO)• Authorization: attribute-basedAdditional feature: user privacyPlatform: SOA - WS technologiesStandard: WS-Federation

4

Page 5: Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2

WS Standards

• XML, SOAP, WSDL, UDDI – no comments• WS-Addressing: stateful resource behind WS• XML-Encryption, XML-Signature: basic security• WS-Security: how to carry secure data• WS-Policy: how to define settings• WS-Trust: how to manage tokens• WS-Federation: how to process SAML token

5

Page 6: Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2

WS-Federation

• Contributors: IBM, Microsoft etc.• Purpose: cross-domain identity portability• Current version: 1.1 (December, 2006)• Carrier: SAML token• Domain trust: WS-Trust• Trust carrier: X.509

6

Page 7: Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2

Picture

user@Xuser@X

IdentityProviderIdentityProvider

ServiceProviderService

Provider

WAYFWAYF

LDAPLDAP

SystemSystem

Domain X Domain Y

1

2

3

AttributesAttributes AttributesAttributes4

WS-Federation

Username/password

7

Page 8: Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2

Grid SecurityGSI: X.509 Certificates

ClientClient SystemSystem

CACA

MyProxyMyProxy

X.509

Entity

Certifica

te

Proxy Certificate

CertificatesCertificates

8

Page 9: Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2

GridShib

user@Xuser@X

IdentityProviderIdentityProvider GridShibGridShib

WAYFWAYF

LDAPLDAP

SystemSystem

Domain X Grid System

1

2

3

AttributesAttributes ProfileProfile4

WS-Federation

X.509

9

Page 10: Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2

References1. Website:http://shibboleth.internet2.edu 2. Short introduction:http://iamsect.ncl.ac.uk/deliverables/docs/practical_access/index.html#id2462832 3. Technical Overview:http://grid.ncsa.uiuc.edu/presentations/shibboleth-intro-dec05.ppt

4,5. Integration with Grid:http://www.globus.org/toolkit/presentations/gridshib-pki06-final.pdfhttp://grid.ncsa.uiuc.edu/GridShib/presentations/GridShib-uk-april05.ppt 6. SAML introduction:https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/2a563903-0b01-0010-b9a1-d3875ff74b32 7. Use Case (article in IEEE):"ShibGrid: Shibboleth Access for the UK National Grid Service"Spence, D.; Geddes, N.http://ieeexplore.ieee.org.ezproxy.rit.edu/iel5/4090056/4090057/04090093.pdf?

tp=&arnumber=4090093&isnumber=4090057

10

http://shibboleth.internet2.edu/
http://iamsect.ncl.ac.uk/deliverables/docs/practical_access/index.html#id2462832
http://grid.ncsa.uiuc.edu/presentations/shibboleth-intro-dec05.ppt
http://www.globus.org/toolkit/presentations/gridshib-pki06-final.pdf

Shibboleth LDAP Backend

Shibboleth: Molecules, Music, and Middleware. Outline ● Terms ● Problem statement ● Solution space – Shibboleth and Federations ● Description of Shibboleth

Shibboleth & Federations

GridShib Grid/Shibboleth Interoperability gridshib.globus/org OGF19 January 31, 2007

Shibboleth and TAGPMA

adaptives Single Sign-On€¦ · Identity Provider •Multi Protokol Unterstützung –SAML 1.1 / 2.0 –Shibboleth via SAML –WS-Federation –WS-Trust –OAuth –OpenID Connect

Interoperability Shibboleth - gLite

Authentication Methods: Shibboleth

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication

Internet Shibboleth Project

Welcome to E-LIS repository - E-LIS repositoryeprints.rclis.org/11454/1/FedereAramaMotorlariANKOSTopl... · 2012. 12. 14. · Proxy, Shibboleth, Aselect, PAPI, Tequila, Athens, WS

Technische Übersicht zu Shibboleth 2. Shibboleth-Workshop, Freiburg, 23.03.2006

GridShib Grid/Shibboleth Interoperability gridshib.globus MWSG March 1, 2007

Shibboleth SP Logout Support - Shibboleth Training …...Current state of SLO in Shibboleth Shibboleth Service Provider 2.5.x • Supports local and global logout Shibboleth Identity

Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA

GridShib and MyProxy Grid Credential Management and Identity Federation

Shibboleth Identity Provider Version 3 IAM Online March 11, 2015 Scott Cantor, Shibboleth Development Team Marvin Addison, Shibboleth Development Team

ProQuest Pivot now supports Shibboleth S · 2017-10-23 · ProQuest Pivot now supports Shibboleth Single Sign-On. What is Shibboleth? Shibboleth is the world's most widely deployed

Shibboleth Roadmap -- 2005

Shibboleth Archive

Shibboleth. Agenda Shibboleth? Single-Sign-On SAML & Co. Shibboleth Eigenschaften Architektur & Komponenten Implementierungen Kommunikation

Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, GridShib, and MyProxy Tom Barton 1, Jim Basney 2, Tim Freeman

Introduction to Shibboleth

Shibboleth Tutorial

Lenya and Shibboleth

ZIMT-Beratung Shibboleth-Anleitung Shibboleth Anleitung am ...bibliothek.ph-weingarten.de/pdf/Shibboleth AnleitungPH_1.pdf · SLIChbeçriff eingeben, z a. Social Media Kaufstudien

GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

NSF Middleware Initiative: GridShib Tom Barton University of Chicago

Introduction to Shibboleth - SWITCH...• •SAML 2.0 • SSO ... Introduction to Shibboleth - Shibboleth Training 2015 Author: SWITCHaai Created Date: 20151015071708Z

7 October 2015 Shibboleth. Agenda Shibboleth Background and Status Why is Shibboleth Important (to Higher Ed)? Current Pilots Course Management

Shibboleth Setup

GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005

Shibboleth: EBSCOhost implementation

Shibboleth Update

NSF Middleware Initiative: GridShib