1 / 8

Shibboleth Trust Model

Shibboleth Trust Model. Shibboleth/SAML Communities (aka Tribes) Club Shib Club Shib Application form. Shibboleth/SAML Communities (aka Tribes).

hammer
Télécharger la présentation

Shibboleth Trust Model

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Shibboleth Trust Model • Shibboleth/SAML Communities (aka Tribes) • Club Shib • Club Shib Application form

  2. Shibboleth/SAML Communities(aka Tribes) • A group of organizations (universities, corporations, content providers, etc.) who agree to exchange attributes using the SAML/Shibboleth protocols. • In doing so they implicitly or explicitly agree to abide by common sets of rules. • The rules and functions associated with a tribe include: • A registry to process applications and administer operations • A set of best practices on associated technical issues, typically involving security and attribute management • A set of agreements or best practices on policies and business rules governing the exchange and use of attributes. • The syntax and semantics of the set of attributes that are regularly exchanged. • A WAYF service to direct users to tribal security domains

  3. Club Shib • The coolest tribe… also the first and only to date • Members can be organizations that are origins (IdSP’s), targets (student loan services, content providers) or both (universities, museums, etc.) • Associated functions • Registry service to be operated by I2/ Educause? But open to all.. • Best practices on authn/id’s • Best practices on the management of exchanged attributes • Attribute sets (eduPerson and eduOrg) as the exchange attributes • WAYF done via Wayfarer service

  4. Club Shib Registry service • Receives and processes applications • Operates Wayfarer (tm Jeff Hodges) • origin sites are listed • target sites can use • Insures uniqueness of key identifiers among tribal members • Houses PKI components of Shib • institutional signing keys • bridging if important

  5. Club Shib Application Form • Complete origin/target Shibboleth tech info as required • Agree to be tech tribal-RFC compliant • Agree to be policy tribal-RFC compliant • Implement eduPerson and eduOrg? • Plug origins (campuses) into Wayfarer • Signed by DNS person

  6. Tech Tribal-RFC • Must/should have non-clear text local authentication, no group accounts, etc... • eduPerson and eduOrg • Is this Tech RFC a set of examples drawn from the members or a summarized best practices? • http://middleware.internet2.edu/internet2-mi-best-practices-00.html?

  7. Policy Tribal-RFC • Must destroy info after use; no aggregation or re-use • Should have a policy on directory management • Must document reassignment/reuse policies of ePPN • Origins will provide “member of the community” attribute to other club members; other attributes to be exchanged negotiated on a per security domain basis. • Is this Tech RFC a set of examples drawn from the members or a summarized best practices?

  8. eduOrg possible attributes • URL of campus authentication practices • URL of campus policy on the reuse of ePPN and other identifiers • List of current semester course numbers

More Related