Shibboleth

From IIW
Jump to: navigation, search

What is Shibboleth?

The Shibboleth System is an open-source software package supporting user access to protected web sites via several standard federated signon protocols. It is a project of the Internet2 consortium. While primarily designed to meet the needs of the worldwide Higher Education and Research communities, Shibboleth is used by many organizations for a wide variety of purposes.

Shibboleth is focused on federation using the OASIS Security Assertion Markup Language (SAML) standard. It also supports other federation methods based on the requirements and interests of its user community. The software delivers strong support for several features important to the R&HE communities:

  • protection of user privacy
  • attribute-based access control
  • large multi-party federations
  • secure deployment for high-risk applications

How is it used?

The operator of a web site that wants to provide controlled access to users from other organizations downloads and installs the Shibboleth Service Provider (SP) software. The SP works with Apache, IIS, Sun/iPlanet, and FastCGI on UNIX/Linux and Windows platforms. The SP is highly configurable to support many protection methods and trust relationships.

An organization that wants to let its users access federated resources downloads and installs the Shibboleth Identity Provider (IdP) software. The IdP is built for the Apache Tomcat Java container but will run in others. The IdP is designed to integrate with and extend an organization's existing authentication and user directory services.

To extend beyond basic signon the SP and IdP agree on the exchange of user attribute information to support the needs of their application. Often this takes place as a result of the SP and IdP participating in trust communities, as described in the next section.

What is the vision of the Shibboleth community?

The Shibboleth community believes that user-centric doesn't have to mean organization-hostile. Many of the most interesting and important things people do on the Internet can benefit from secure expression of organizational relationships and capabilities. Beyond its standard signon functionality Shibboleth focuses on enabling inter-organizational relationships on a large scale, in service of its primary constituency, the world-wide research and education community, which in turn play a key knowledge-generation and knowledge-sharing role in society in general.

Shibboleth software enables concrete operational trust communities in many countries and regions, including the InCommon Federation in the United States, and many other federations worldwide.

What is its status?

Shibboleth 1.0 was released in 2003. The most widely-used version, 1.3, was released in 2006 and is deployed at hundreds of sites around the world, serving a federated user community of at least 30 million. It is used for controlling access to commercial information resources, health research data, financial and productivity applications, learning systems, e-government services, and much more.

Shibboleth 2.0, released in March 2008, adds support for the SAML 2.0 protocol, and many other new features. It also supports plugins (still in beta) adding compatibility with Information Cards in both IdP and SP.

How to learn more

http://shibboleth.internet2.edu

Who is involved?

The Shibboleth core team is primarily supported by Internet2 and its member universities, with significant contributors coming from organizations around the world, including JISC and SWITCH.

How to participate

Join the shibboleth-users and/or shibboleth-dev mailing lists. See http://shibboleth.internet2.edu/contribute.html for more info.