1 / 11

Shibboleth 2.0 Update

Shibboleth 2.0 Update. Ken Klingenstein. Topics. Shib v1.3 Status SAML 2.0 -- new features Shibboleth 2.0 Features Shibboleth 2.x Features We Need Feedback on… Shibboleth 2.0 -- Status, timeline. Shib v1.3 Status. ODBC cache plugin for the SP Addons GridShib ADFS LionShare.

abel-black
Download Presentation

Shibboleth 2.0 Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Shibboleth 2.0 Update Ken Klingenstein

  2. Topics • Shib v1.3 Status • SAML 2.0 -- new features • Shibboleth 2.0 Features • Shibboleth 2.x Features • We Need Feedback on… • Shibboleth 2.0 -- Status, timeline

  3. Shib v1.3 Status • ODBC cache plugin for the SP • Addons • GridShib • ADFS • LionShare

  4. SAML 2.0 -- new features • Authn Request -- extended functionality • Single Logout • NameID Mapping and Management • Enhanced Client or Proxy (ECP) Profile • Encryption

  5. Shibboleth 2.0 Features • What is the definition of Shibboleth 2.0? Is a new profile needed? • Convergence with commercial Liberty and SAML products • Support for the published Shibboleth profile (would not interoperate with Shibb v1.2…?) • Support for SAML 2.0 AuthN, Logout, Attribute Artifact, and NameID management requests • everything but AuthnQuery and AuthzDecisionQuery) • how applications would influence the AuthnRequest process

  6. Shibboleth 2.0 Features • Good/real targeted ID implementation • SP 2.0 ( implemented in C++ and Java • Is it a problem if the C++ follows the java version? • Authn Request • some of the extended SAML functionality • Shib will include some Authentication processing "in the box” • interface to SSO systems to support new functionality in Authn Request • IdP be easily clusterable and should be stateless to the greatest extent possible

  7. Shibboleth 2.0 Features • SP - clusterable • other new functionality? • Production ready WAYF providing both standalone and application-integrated functionality in at least Java • ask for input on current problems? (use shib-dev email list)

  8. Shibboleth 2.x • Delegated Authentication • SAML NameID management requests account linking)

  9. Need Feedback on • aggregating attributes from multiple sources, • something that's outside the bounds of the spec, but often discussed • define a WAYF protocol for getting/setting the IdP choice and returning to the SP with it • InfoCard support

  10. Shibboleth 2.0 -- Status, timeline • coding currently underway on OpenSAML 2.0 • will support both saml v1.1 and 2.0 • about 50% done • expect to have beta in March timeframe • initial beta version of Shib 2.0 available May/June 2006

  11. Questions?

More Related