I did small researches on Shibboleth in Wiki and Shibboleth's web site :
Shibboleth (pronounced /ˈʃɪbəlɛθ/ or /ˈʃɪbələθ/) is any distinguishing practice which is indicative of one's social or regional origin. It usually refers to features of language, and particularly to a word whose pronunciation identifies its speaker as being a member or not a member of a particular group. The term originates from the Hebrew word "shibbólet", which literally means the part of a plant containing grains, such as an ear of corn or a stalk of grain or, in different contexts, "stream, torrent".
Shibboleth® System:
The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.
Because I have some library cataloguing experiences, this method reminds me of Dewey decimal classification. But under the name I can see that it uses a method similar to Object-oriented design to manage those individual accounts. Using this method, the account management will be able to manage the accounts more effectively and efficiently. Last September I joined a presentation sponsored by Deloitte Consulting. They introduced a role-based method to manage the identities in the industries and used a similar way to present how to manage the accounts. How is Shibboleth related to this role-based identity management? Perhaps we will ask our speaker again.
With the coupling of more technologies, Identity Management becomes more urgent not only in academia but also in industries. In ING, every year we test access controls to a large amount of financially significant applications. Without appropriate management on these access controls, the company or the university might incur great financial risk and reputational risk.
Blog Votes and Statistics
14 years ago
Hey I know its irrelevant to add this comment here, but as Art said about Shibboleth being implemented on Apache server, well here it goes i found out that it can also work on win IIS.
ReplyDeleteI also found out that there are many apllications that do run as addons to shibboleth like one called Sharpe-->http://www.federation.org.au/twiki/bin/view/Federation/ShARPE
and
gridshib-->http://gridshib.globus.org/
You can also write custom application to interface with shibboleth(middle ware so)
cheers!!
Thanks for sharing this!!
ReplyDeleteInteresting article Vivian
ReplyDeleteI came across this university of Arizona web page where they have given lot of details about Shibboleth and its System Integration perspective.
Shibboleth is an open software system for web single sign-on. It enables web applications deployed in most typical web server environments to authenticate (that is, securely establish the identity of) users by referring them to a centralized service known as an identity provider. This service interacts with the user to collect a password (or carry out a similar challenge) to authenticate the user. The user is returned to the web application (called a service provider) using a secure exchange that provides the application with a collection of attributes about the user. The attributes include such standard information as which identity provider authenticated the user (e.g., The University of Arizona), how the authentication was performed, and may include various kinds of unique identifiers associated with the user's account, group memberships and eligibilities, etc.
Full Article link:
http://sia.uits.arizona.edu/shibboleth
Rahul, thanks for the new information related to shibboleth..
ReplyDeleteIt seems most of the universities use shibboleth application..So, I started checking the website of Carnegie Mellon university and found out that this school is also using shibboleth...
In googling about this, I found that its better to have PKI certification for good performance of shibboleth application..
http://www.cren.net/crenca/onepagers/guidebook/sectionnine.html
This site also give more theoretical explanation of working of Shibboleth.nice one..
Thanks for sharing the additional topics about Shibboleth!
ReplyDeleteRecent news at Recent News on Shibboleth from http://shibboleth.internet2.edu/
* SECURITY ADVISORY - 4 Nov 2009 - Shibboleth IdP and SP software improperly handles malformed URLs
* Emerging Technologies in Higher Education: Big School Solutions to Small School Problems [Archive] ,
John O'Keefe, Lafayette College, 2 Oct 2009
* SECURITY ADVISORY - 26 Aug 2009 - Shibboleth SP software improperly handles malformed URLs
* SECURITY ADVISORY - 17 Aug 2009 - Shibboleth SP software handles certificate names and KeyDescriptors improperly
* Video: Shibboleth Webinar with Nate Klingenstein (55:15)
Courtesy Unicon, May 28, 2009
* SECURITY ADVISORY - 19 June 2009 - Potential Access to Sensitive Information when Clustering Shibboleth 2.X IdPs
* SECURITY ADVISORY - 15 June 2009 - Shibboleth SP software on IIS vulnerable to header spoofing
* Shibboleth InstallFests, an outreach effort of the Internet2 community, have provided installation training to 232 individuals from more than 100 institutions. Read more about this ongoing effort. (Feb. 17, 2009)
* The Shibboleth Development Team is seeking comments and feedback on their plans for the next release.
* New JAVA Service Provider Implementation Based on OpenSAML 2 (Sep. 6, 2008)
The Danish Government has released free toolkits and reference implementations built on the OpenSAML 2.0 libraries developed by Internet2's Shibboleth Project.
* More...
It seems that Shibboleth has been expansively used in non-profit organizations.