Embed Size (px)
Citation preview
Shibboleth for Streaming Videothe VIVA Experience
Ralph AlbericoVirtual Library of Virginia/James Madison University
ICOLCApril 2009
About VIVA• The Virtual Library of Virginia (VIVA)• 15 Public Colleges and Universities• 24 Public 2-Year Colleges (VCCS)• 32 Private Non-Profit Colleges• The Library of Virginia• ~ 400,000 students, faculty and staff• Annual budget > $10M USD• More information: www.vivalib.org/
Video Streaming Opportunities
• Educational video on demand• Multiple viewers at one time• Level the playing field across institutions• Deliver video to classrooms & public spaces• Enhance learning via out-of-class experiences• Put videos into broader contexts
Video Streaming Challenges
• New and rapidly changing technology• Competing technical standards• Uneven infrastructure across campuses• General unfamiliarity with policy issues• Working across organizations & cultures
Streaming Video Scenarios
• Multimedia licensing as a strategic objective• VIVA licenses content, vendor hosts• VIVA licenses content and hosts centrally• VIVA members host content on a peer-to-
peer basis• Each VIVA school hosts content locally• VIVA contracts with 3rd party to host content• Combination of the above
The PBS Collection• Content supports learning across member
schools• 498 titles, over 500 hours of video• Delivered as MPEG-4 DVDs ~2 mbps• Broad subject coverage & high production
values, low “volatility”• License in perpetuity; one fee, host your own• Downloading prohibited• User id and password required for
authentication and authorization
Strategy Elements• Emphasize VIVA principles of sharing, equitable
access and cost effectiveness• University of Virginia provides central hosting
under Shibboleth; other schools can opt to host their own content and/or use central host
• Define and follow best practices• Encode files to a standard and share them• Divide the labor, avoid duplication of effort• Pursue common denominator solutions (e.g.
same encoding and cataloging for local and central hosting)
Shibboleth Decision Making • Surveyed all VIVA members• Analyzed responses from 54 campuses• Adopted parallel strategy of short term
support for local hosting and long term support for central hosting
• Using Shibboleth as authentication mechanism for centrally hosted content
• Shibboleth decision drives encoding choices
What do I need at my school?• Adequate bandwidth to the edge of campus (varies
depending on amt of traffic)• Eliminate bandwidth restrictions on inbound VIVA files• Adequate bandwidth to buildings where videos will be
played• Off-campus users with broadband connectivity• Media players that can play H.264, MPEG-4 streams• Join the InCommon Federation• Install Shibboleth Identity Provider (IdP) software and
connect it to the campus identity management service
Let’s federate!Let’s federate!
Shibboleth DefinitionThe Hebrew word used by Jephthah as a test-
word by which to distinguish the fleeing Ephraimites (who could not pronounce the sh) from his own men the Gileadites (Judges xii. 4-6).
2. transf. a. A word or sound which a person is unable to pronounce correctly; a word used as a test for detecting foreigners, or persons from another district, by their pronunciation.
Source: Oxford English Dictionary, Second Edition, 1989http://dictionary.oed.com/
Shibboleth Internet2 DefinitionShibboleth Internet2 Definition““The Shibboleth System is a standards based, open The Shibboleth System is a standards based, open
source software package for web single sign-on source software package for web single sign-on across or within organizational boundaries. It across or within organizational boundaries. It allows sites to make informed authorization allows sites to make informed authorization decisions for individual access of protected online decisions for individual access of protected online resources in a privacy-preserving manner.”resources in a privacy-preserving manner.”
Source: Shibboleth® Web SiteSource: Shibboleth® Web Sitehttp://shibboleth.internet2.edu/
Short Definition: Short Definition: Single sign-on access to online Single sign-on access to online services based on assertions about user attributes. services based on assertions about user attributes.
The VIVA PBS project offers a low risk, high benefit The VIVA PBS project offers a low risk, high benefit opportunity to test the technology.opportunity to test the technology.
Shibboleth Steps1. VIVA members join InCommon and establish
a “trust fabric” and policies governing which types of users have access to which types of video streams
2. University of Virginia implements a Shibboleth Service Provider (SP) for video streaming
3. InCommon federation manages policies and WAYF (Where Are You From?) services
4. Install Shibboleth Identity Provider (IdP) software at participating campuses
Federated Identity in Action
IdPIdPService
Provider(SP)
ServiceProvider
(SP)
InCommonWAYF
InCommonWAYF
1
Service please?Service please?
2I don’t know
you, I’ll redirect to
the federation.
I don’t know you, I’ll
redirect to the
federation.
Where are you from?
Where are you from?3
4I’m
from JMU
I’m from JMU5
OK, I’ll check your IdP
OK, I’ll check your IdP
6
Login pleaseLogin please
7
User id & passwordUser id & password
8
Pass attributes
to SP
Pass attributes
to SP
9
Provide serviceProvide service
Let’s try it out.Let’s try it out.JMU LEO Online Library Cataloghttp://leo.jmu.edu/search/X
Shibboleth-Enabled Service at University of Virginiahttps://pbsvid.itc.virginia.edu/
For VIVA Members via InCommon
Central Streaming Service Support
• Shibboleth Service Provider (SP)• Streaming server management• Application interface (with advice from VIVA)• Contact with InCommon• Issue tracking with VIVA IT contacts
Local Campus Support• Shibboleth Identity Provider (IdP)• Campus Identity management service• Campus online catalog & resource discovery• Media player support• Learner & classroom support• Campus Help Desk services• IT Contact with Shibboleth Service Provider
(SP) at University of Virginia
Resource Discovery Strategies
• Produce records for video streams from existing OCLC MARC records
• Modify OCLC MARC records to suit local needs• Prepare records to be imported into local integrated
library systems• Script iTunes atom level embedded metadata at time
of encoding• Ingest metadata from file manifest spreadsheet or
add manually for use in local file systems and repositories
Current Status Streaming files encoded at 300 and 800 kbps in
QuickTime/MPEG-4 H.264 format State contract available for subsequent encoding services Cataloging records developed for streaming files Video files and catalog records available from JMU Catalog records available from VIVA FTP site Locally hosted service available at several schools Centrally hosted Shibboleth streaming operational at UVa Contract template for InCommon Federation developed (13 VIVA
members have joined); service in production at 6 schools created Google Site for the project InstallFest held on 12 Nov 2008
What does this mean?• Single sign-on solution for web services• Quality online video collections for VIVA members
without the hassle of managing a streaming service
• Ability to place online video in educational contexts and reference streams in many ways
• Federated identity opens possibilities for more sharing across institutions
• Services based on trust relationships can be differentiated based on user attributes
Shibboleth Use Cases
• Database and information provider access– EBSCO, Elsevier, JSTOR, ProQuest, Safari etc.
• Software downloads and instructional content– Microsoft DreamSpark, Apple iTunes U
• Research computing and collaboration– NIH, NSF, grid computing projects etc.
• Services and applications for higher education– wikis, repositories, Fedora, Blackboard, Moodle etc.
Identity Providers Scenario
ServiceProvider
(SP)
ServiceProvider
(SP)
IdPIdP
IdPIdP
IdPIdP
IdPIdP
IdPIdP
IdPIdP
IdPIdP
IdPIdP
IdPIdP
IdPIdP
Service Providers Scenario
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
IdPIdP
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
Peer-to-Peer Service Providers Scenario
IdPIdP
IdPIdP
IdPIdP
IdPIdP
IdPIdP
IdPIdP
ServiceProvider
(SP)
ServiceProvider
(SP)
IdPIdP
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
ServiceProvider
(SP)
Lessons learned so far
1. The best solution is not necessarily the quickest or easiest
2. Addressing legal, technical, policy and user support issues across institutional boundaries is a big challenge
3. Establishing standards is important4. Someone has to take ownership5. Patience is a virtue
Questions?
Discussion Questions• Is your consortium working with Shibboleth?• Is your consortium planning a federated identity
project?• Briefly describe your project.• What challenges have you faced?• What lessons have you learned?• What are the most important benefits of Shibboleth
for you?• What response have you had from your user
community?
More Discussion Questions• How did you manage the policy issues?• How did you address the legal/procurement
issues associated with federated identity?• How did you bridge the cultural gap between the
library, legal/procurement and IT communities?• What kind of technical challenges have you
faced?• How do you handle technical support?• How do you handle user support?
Shibboleth Project Examples of interest to ICOLC Members
• CARL shared repository• VIVA video streaming
– http://sites.google.com/site/vivapbsstreamingvideofaq/
• InCommon InC-Library– https://spaces.internet2.edu/display/inclibrary/InC-Library
• Current InCommon Participants– http://www.incommonfederation.org/participants/
• Shibboleth Enabled Applications and Services– https://spaces.internet2.edu/pages/viewpage.action?pageId=11484
