he Shibboleth® System is a standards based, open
source software package for web single sign-on across or within
organizational boundaries. It allows sites to make informed
authorization decisions for individual access of protected online
resources in a privacy-preserving manner.
The Shibboleth software implements widely used federated identity standards, principally OASIS' Security Assertion Markup Language (SAML), to provide a federated single sign-on and attribute exchange framework. Shibboleth also provides extended privacy functionality allowing the browser user and their home site to control the attributes released to each application. Using Shibboleth-enabled access simplifies management of identity and permissions for organizations supporting users and applications. Shibboleth is developed in an open and participatory environment, is freely available, and is released under the Apache Software License.
What is Shibboleth and how does it work?
A user authenticates with his or her organizational credentials. The organization (or identity provider) passes the minimal identity information necessary to the service manager to enable an authorization decision.
There are two primary parts to the Shibboleth system:
Identity Provider - the software run by an organization with users wishing to access a restricted service;
Service Provider - the software run by the provider managing the restricted service.
Shibboleth leverages the organization’s identity and access management system, so that the individual’s relationship with the institution determines access rights to services that are hosted both on- and off-campus. For a series of technical explanations of how Shibboleth works, from easy to expert, refer to the SWITCH Federation site.
Implementation Options
Organizational Single Sign-on System Shibboleth is growing in popularity as a web single sign-on system, able to address both on- and off-campus web authentication.
Controlled Information Release In addition to providing single sign-on functionality, Shibboleth can help control access to either campus-based or licensed resources. Working with your identity management systems, Shibboleth will release the information your service partners need to authorize actions or customize the user’s experience. This reduces the need for developers to have access to the directory and instead provides fresh data, just-in-time. This can be implemented on- and off-site.
Federated Access
Virtual Identity Provider An organization can manage virtual versions of identity provider software for other institutions. One installation can act as if it is supporting multiple organizations. From end-user perspectives, it looks as if their schools are hosting the software.
Additional Information
Why Shibboleth?
Shibboleth Information Sheet Overview (PDF)
Federated Security: The Shibboleth Approach (from Educause Quarterly)
Shibboleth Benefits provides information on the Shibboleth Value Proposition
Shibboleth Project Information includes details about the Shibboleth Project
Uses of Shibboleth provides examples of the value of Shibboleth in action
NSF SDCI (Software Developent for CyberInfrastructure) "Bedrock" Award
View more at here:
copy to clipboard
Code:
http://shibboleth.internet2.edu/
http://libaccess.com./forum.php?mod=viewthread&tid=1923#lastpost
The Shibboleth software implements widely used federated identity standards, principally OASIS' Security Assertion Markup Language (SAML), to provide a federated single sign-on and attribute exchange framework. Shibboleth also provides extended privacy functionality allowing the browser user and their home site to control the attributes released to each application. Using Shibboleth-enabled access simplifies management of identity and permissions for organizations supporting users and applications. Shibboleth is developed in an open and participatory environment, is freely available, and is released under the Apache Software License.
What is Shibboleth and how does it work?
A user authenticates with his or her organizational credentials. The organization (or identity provider) passes the minimal identity information necessary to the service manager to enable an authorization decision.
There are two primary parts to the Shibboleth system:
Identity Provider - the software run by an organization with users wishing to access a restricted service;
Service Provider - the software run by the provider managing the restricted service.
Shibboleth leverages the organization’s identity and access management system, so that the individual’s relationship with the institution determines access rights to services that are hosted both on- and off-campus. For a series of technical explanations of how Shibboleth works, from easy to expert, refer to the SWITCH Federation site.
Implementation Options
Organizational Single Sign-on System Shibboleth is growing in popularity as a web single sign-on system, able to address both on- and off-campus web authentication.
Controlled Information Release In addition to providing single sign-on functionality, Shibboleth can help control access to either campus-based or licensed resources. Working with your identity management systems, Shibboleth will release the information your service partners need to authorize actions or customize the user’s experience. This reduces the need for developers to have access to the directory and instead provides fresh data, just-in-time. This can be implemented on- and off-site.
Federated Access
Virtual Identity Provider An organization can manage virtual versions of identity provider software for other institutions. One installation can act as if it is supporting multiple organizations. From end-user perspectives, it looks as if their schools are hosting the software.
Additional Information
Why Shibboleth?
Shibboleth Information Sheet Overview (PDF)
Federated Security: The Shibboleth Approach (from Educause Quarterly)
Shibboleth Benefits provides information on the Shibboleth Value Proposition
Shibboleth Project Information includes details about the Shibboleth Project
Uses of Shibboleth provides examples of the value of Shibboleth in action
NSF SDCI (Software Developent for CyberInfrastructure) "Bedrock" Award
View more at here:
copy to clipboard
Code:
http://shibboleth.internet2.edu/
http://libaccess.com./forum.php?mod=viewthread&tid=1923#lastpost
No comments:
Post a Comment