Click here to load reader

Shibboleth & Shibboleth Consortium

  • View

  • Download

Embed Size (px)


Shibboleth & Shibboleth Consortium. Background. Shibboleth evolved out of Internet2 Middleware Activity in 2000, with first release in 2003. - PowerPoint PPT Presentation

Text of Shibboleth & Shibboleth Consortium

  • Shibboleth&Shibboleth Consortium

  • BackgroundShibboleth evolved out of Internet2 Middleware Activity in 2000, with first release in 2003.Significant funding from Internet2 (USA) and latterly JISC (UK) resulted in wide adoption by research and education communities enterprises around the world.Used by 26 national federations (as of May 2013):UKAMF (UK), InCommon (US), SWITCHaai (Switzerland), AAF (Australia), AAI@EduHR (Croatia), ACOnet (Austria), Belnet (Belgium), CAF (Canada), CAFe (Brazil), CARSI (China), CESNET (Czech Republic), COFRe (Chile), DFN-AAI (Germany), Edugate (Ireland), (Hungary), GakuNin (Japan), GRNET (Greece), Haka (Finland), IDEM (Italy), LAIFE (Latvia), Tuakiri (New Zealand), RCTSaai (Portugal), RENATER (France), SIArnesAAI (Slovenia), SWAMID (Sweden), TAAT (Estonia) and ULAKAAI (Turkey).

  • Shibboleth ConsortiumOngoing funding for development, maintenance and support was identified as problematic. Aimed to build on Shibboleth adoption and broaden funding base, as well as derive benefits from increasing commercial usage.Recognised that formal structure was required to receive contributions, pay developers, and determine the technical direction of the project.Internet2, Janet and SWITCH agreed to form Shibboleth Consortium and signed charter establishing this in April 2013.Developing membership to ensure sustainability.

  • Consortium MembershipPrincipal Members (those contributing 120K per year)Internet2 (US), Janet (UK) & SWITCH (Switzerland)Federation MembersACOnet (Austria), NII/GakuNin (Japan), CSC/Haka (Finland), RENATER (France) & NORDUnet (Nordic region) Academic / Non-Profit MembersCarnegie Mellon University (US) & LIGO Scientific Collaboration (US) Commercial MembersTBD?

  • Consortium StructureS. Cantor (Ohio State)J. Sharp (Janet)S. Waggener (I2)C. Witzig (SWITCH)K. Meynell (Janet)

  • Membership Fees

    CategorySmallMediumLargePrincipalMember100,000100,000100,000NREN/FederationMember10,000750 IdP+SPsAcademic/Non-Profit Member 2,00050K usersCommercialMember4,000100M

  • Project UpdateAll products in maintenance mode pending release of IdPv3, apart from security issue responseHeartbleed UpdateRelatively minimal impact on project, as opposed to federations, deployersSP patch issued within a weekLonger term: V3 likely to include a separately generated key for SOAP security, and a continued goal of de-emphasizing back channel profiles

  • IDPv3 StatusProbably 80% feature completeMajor TODOs:Install / upgrade scriptsPorting uApprove functionalityLimited logout capability added to 2.4ECP (due to goal of not requiring container managed authn)Polishing error handlingAudit LoggingDocumentationNearing an alpha release, but documentation is the main hold up

  • IDPv3 Config CompatibilityAiming for compatibility with:relying-party.xml (but deprecated)attribute-resolver.xmlattribute-filter.xmlNot even trying:handler.xml (*)internal.xml(*) Some kind of migration help for simple login configs likely

  • IDPv3 Config ChangesMuch more use of native Spring, particularly internally, also to deal with advanced featuresProperties file(s) used to configure many common settings without editing XMLUser-editable and should-not-edit files are separated for clarityMetadata sources separated from RelyingParty/Profile configurationAuthentication is completely different, but out of the box capability similar

  • 2015-2016 PlanningPlanning based on flat resources; reductions will require more prioritization of maintenance responsibilities against future workSeeking community input on future projects

  • GivensStabilization work on V3 (small to medium)Java 8 support for V2 (small)SP Patch / Refresh (small)EDS Patch / Refresh (small)

  • Impactful ItemsV2 Support past mid-'15 (s) Product Docs (m) Developer Docs (m) Conceptual Docs (m) SAML Logout (m) SP Ext for IIS7+ (s) Java SP (l)

    OpenID Connect (l) SP OAuth Authorization (m/l) Central Discovery Service Refresh (m) TestShib (m) Consent Enhancements (s) Atlassian Plugins (s)

  • QuestionablesSAML GSS-API Production ImplementationMajor undertaking without significant outside help or long development cycleSP Feature UpdateContinues to be fairly ahead of the feature adoption curveOffice 365Recent Microsoft announcement casts doubt on need for WS-Trust supportOAuth IdP integrationInteroperability and scoping questionsRelationship to IdP feature set unclear

  • Projected Income & Expenditure(Aug 2013-Jul 2014)Income302,149Principal Members199,426Other Members61,979(Received to date = 267,610)Expenditure253,262Developers185,712Consortium Management43,686Travel15,000Website5,000Other3,864Internet2 Expenditure$147,786 (~88,244)

  • Membership Fees

    CategorySmallMediumLargePrincipalMember100,000100,000100,000NREN/FederationMember10,000750 IdP+SPsAcademic/Non-Profit Member 2,00050K usersCommercialMember4,000100M

  • Board NominationsMembers will select a Board representative in a forthcoming e-mail vote this summerCall for nominations, here or by e-mail to

  • Further InformationShibboleth website documentsCharter Regulations 3: A New Identity Platform the Consortium

Search related