The InterInstitution Stuff Federations MAX just MAX Agenda

Agenda • • • Shibboleth at Penn State. "Is this Good for the Company?

Shibboleth at Penn State • Started as an E. T. Initiative with Web. Assign

Shibboleth at Penn State • Current: Web. Assign - Physics course assignments • http:

Shibboleth at Penn State • Three Id. P's: Access Account authentication realm • In.

“Is this Good for the Company? ” • Benefit to the users No need

Why I like my federation! • “Technically, ” it can all be done without

Attributes • LDAP directory using edu. Person attributes • Administrative Policy AD 11 University

More Identity Providers? • Do you have a self-service account creation function? Friends of

Discussion/Questions • Ask away! • Contact Information Mark “Max” Miller Network Systems Specialist Penn

Copyright Mark Miller 2007. This work is the intellectual property of the author. Permission

Slides: 11

Download presentation

The Inter-Institution Stuff (Federations) MAX (just MAX)

Agenda • • • Shibboleth at Penn State. "Is this Good for the Company? " Why I like my federation! Attributes. More Identity Providers? Discussion/Questions?

Shibboleth at Penn State • Started as an E. T. Initiative with Web. Assign • Shibboleth Id. P Operation (I herd the cats) • Production web. SSO already deployed Shibboleth at PSU is mostly inter-institutional

Shibboleth at Penn State • Current: Web. Assign - Physics course assignments • http: //www. webassign. net/info/shibboleth. html Symplicity, Turn. It. In, Lion. Share Angel – PSU's course management system • Future? NAS, PHEAA, Library • Past! Napster

Shibboleth at Penn State • Three Id. P's: Access Account authentication realm • In. Common Federation • Four IBM Blade. Center nodes behind Cisco SLB Friends of Penn State (FPS) authentication realm • Bilateral trust with Angel SP • Two IBM Blade. Center nodes behind Cisco SLB Test Id. P • Test. Shib Federation • One IBM Blade. Center node

“Is this Good for the Company? ” • Benefit to the users No need to keep creating more and more accounts • Improved password security Passwords never leave institution's network

Why I like my federation! • “Technically, ” it can all be done without a federation. Last time I tried that it was a nightmare! • • Trust Infrastructure – signing certificate Metadata Business Partners Interfederation Bridges

Attributes • LDAP directory using edu. Person attributes • Administrative Policy AD 11 University policy on confidentiality of student records Lists 13 directory items as public information Defines disclosure policies, and responsible University officers http: //guru. psu. edu/policies/AD 11. html • Be sure you understand what attributes mean. Current semester?

More Identity Providers? • Do you have a self-service account creation function? Friends of Penn State (FPS) • Do prospective students already have identities? School district College Boards

Discussion/Questions • Ask away! • Contact Information Mark “Max” Miller Network Systems Specialist Penn State – ITS max@psu. edu

Copyright Mark Miller 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.