Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Description WS Standards...
-
Upload
aubrey-griffith -
Category
Documents
-
view
217 -
download
0
Transcript of Shibboleth Akylbek Zhumabayev September 2008. Agenda Introduction Description WS Standards...
Shibboleth
Akylbek ZhumabayevSeptember 2008
Agenda
• Introduction• Description• WS Standards• WS-Federation• Picture• Grid Security• GridShib• References
2
Introduction
• Started in 2000 by Internet2/MACE• Current version: 2.0 (March 19, 2008)• http://shibboleth.internet2.edu• Open source (Apache2 license)• Large projects in 15 countries
3
Description
Purpose: cross-domain access control• Authentication: single sign-on (SSO)• Authorization: attribute-basedAdditional feature: user privacyPlatform: SOA - WS technologiesStandard: WS-Federation
4
WS Standards
• XML, SOAP, WSDL, UDDI – no comments• WS-Addressing: stateful resource behind WS• XML-Encryption, XML-Signature: basic security• WS-Security: how to carry secure data• WS-Policy: how to define settings• WS-Trust: how to manage tokens• WS-Federation: how to process SAML token
5
WS-Federation
• Contributors: IBM, Microsoft etc.• Purpose: cross-domain identity portability• Current version: 1.1 (December, 2006)• Carrier: SAML token• Domain trust: WS-Trust• Trust carrier: X.509
6
Picture
user@Xuser@X
IdentityProviderIdentityProvider
ServiceProviderService
Provider
WAYFWAYF
LDAPLDAP
SystemSystem
Domain X Domain Y
1
2
3
AttributesAttributes AttributesAttributes4
WS-Federation
Username/password
7
Grid SecurityGSI: X.509 Certificates
ClientClient SystemSystem
CACA
MyProxyMyProxy
X.509
Entity
Certifica
te
Proxy Certificate
CertificatesCertificates
8
GridShib
user@Xuser@X
IdentityProviderIdentityProvider GridShibGridShib
WAYFWAYF
LDAPLDAP
SystemSystem
Domain X Grid System
1
2
3
AttributesAttributes ProfileProfile4
WS-Federation
X.509
9
References1. Website:http://shibboleth.internet2.edu 2. Short introduction:http://iamsect.ncl.ac.uk/deliverables/docs/practical_access/index.html#id2462832 3. Technical Overview:http://grid.ncsa.uiuc.edu/presentations/shibboleth-intro-dec05.ppt
4,5. Integration with Grid:http://www.globus.org/toolkit/presentations/gridshib-pki06-final.pdfhttp://grid.ncsa.uiuc.edu/GridShib/presentations/GridShib-uk-april05.ppt 6. SAML introduction:https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/2a563903-0b01-0010-b9a1-d3875ff74b32 7. Use Case (article in IEEE):"ShibGrid: Shibboleth Access for the UK National Grid Service"Spence, D.; Geddes, N.http://ieeexplore.ieee.org.ezproxy.rit.edu/iel5/4090056/4090057/04090093.pdf?
tp=&arnumber=4090093&isnumber=4090057
10