Shibboleth Development and Support Services SDSS Development Federation Next Phase Sandy Shaw, EDINA...

Shibboleth Development and Support Services

SDSS Development

Federation

— Next PhaseSandy Shaw, EDINA

JISC CM Programme Meeting, Windermere, 14–15 November

2005


JISC CM Programme Meeting, Windermere 14–15 November 2005 2

Original project goals

• Implement a development federation …

… to support other CM projects

… to participate in Internet2 development

… to convert EDINA services

• Gain experience relevant to the

creation of a UK production federation



New goals

• Work with UKERNA to ensure lessons

learned in SDSS can be applied to the

UK federation

• Work with UKERNA to ensure SDSS

members have a painless transition to

the UK federation



Compare and contrast

• SDSS federation vs UK federation

SDSS

federation

UK federation

Status Project Service

Duratio

n

3 years Ongoing

Scale Programme National

Home EDINA National

Data Centre

UKERNA



Metadata issues (multi-federation membership)

• Goal is identical metadata in both (all) federations:

• 1) Scopes

– e.g. @ed.ac.uk or @edinburgh.ac.uk but not both

• 2) Certificates

– commercial CAs accepted by SDSS should be fine

– status of SDSS certificates still open

• 3) Entity names

– originally, appeared to be federation-relative urn:mace:ac.uk:sdss.ac.uk:provider:identity:uni.ac.uk

– preference now to use federation-independent URIs https://idp.uni.ac.uk/shibboleth



Differences

• Assuming metadata is preserved, other

immediate changes are trivial for members:

– differences in enrolment method for new members

– new mechanism for requesting amendments

– new location for federation metadata

– different signature on federation metadata

• Policy development will bring change



Impact of the transition

• Modest for SDSS members

• Policy for eligibility may affect new members

– projects? Other ad hoc groups?

– experience is that these can coexist with higher assurance members, but may be other issues



Timetable

• Early days

– initial discussions very recent

• UKERNA's initial role until April 2008 …

– … but 2006 will be busy!

• Transition largely transparent …

– same configuration file can be used for both federations

• more significant change will come with

Shibboleth 2.0



Work items

• Work on policy to be completed (Core

Middleware Advisory Board)

– policy notes on SDSS document register

• Tasks:

– plan for federation service

– automation tools for enrolment and update requests

– testing the Athens gateways

– scoping outsourced IdP requirements



Summary

• UK federation is on track

• SDSS is a safe route to it

• SDSS and UKERNA working to ensure smooth

transition between the two …

– … initially a copy & paste exercise, with later adaptation appropriate for a national service

• Staged (behind the scenes) rather than Big

Bang



Contacts

• SDSS project: http://sdss.ac.uk

• Contact: [email protected]

Shibboleth Development and Support Services SDSS Development Federation Next Phase Sandy Shaw, EDINA...

Documents

Transcript of Shibboleth Development and Support Services SDSS Development Federation Next Phase Sandy Shaw, EDINA...