[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Authentication: Capsule summary on Shibboleth
- To: liblicense-l@lists.yale.edu
- Subject: Authentication: Capsule summary on Shibboleth
- From: Ann Okerson <ann.okerson@yale.edu>
- Date: Tue, 17 Dec 2002 14:18:45 -0500 (EST)
- Reply-To: liblicense-l@lists.yale.edu
- Sender: owner-liblicense-l@lists.yale.edu
>From Michael Neuman <neuman@georgetown.edu> Date Tue, 17 Dec 2002 08:59:09 -0500 To liblicense-l@lists.yale.edu Subject Capsule summary on Shibboleth In the Old Testament, shibboleth was a password used to prevent Ephraimites from intruding into the Galaadite camp; mispronunciation meant immediate execution (Judges 12: 5-7). Today Shibboleth is the name of a security initiative undertaken by Internet2 and its Middleware Architecture Committee for Education (MACE) to improve authentication and authorization mechanisms. According to the project team, <quote>Shibboleth is developing architectures, policy structures, practical technologies, and an open source implementation to support inter-institutional sharing of web resources subject to access controls. In addition, Shibboleth will develop a policy framework that will allow inter-operation within the higher education community.</quote> Key features of the Shibboleth initiative include federated administration, access control based on patron attributes, active management of privacy by institutions and patrons, use of standards, and a framework for multiple, scalable trust and policy sets. For more details on these points, see http://shibboleth.internet2.edu/. The Coalition for Networked Information, Internet2, and the Digital Library Federation are sponsoring a pilot project using Shibboleth. Just under way, the pilot involves a dozen universities serving as origin sites (from which requests for resources will originate) and such vendors as EBSCO, OCLC, Elsevier, WebCT, and others serving as target sites (from which access to resources will be released). Through a series of back-and-forth communications automated by the protocols, the origin site (home to the patron who uses a web browser) authenticates the patron and provides assertions that enable the target site to determine trust levels and entitlements. For further details, select Shibboleth Architecture Draft v05 on the site home page, or visit http://shibboleth.internet2.edu/draft-internet2-shibboleth-arch-v05.html#_Toc23129736 At the outset of the pilot, patrons from the origin site, rather than obtaining access on the basis of an internet protocol (IP) range, will be identified and given access simply as member@[university].edu . Eventually, though, access rights will be based upon more fine-grained categories of affiliations and entitlements drawn from details of vendor licenses, library patron categories, etc. As the protocol gains broad acceptance, Shibboleth gives promise of facilitating libraries management of access to vendor sites, and of enabling vendors to ward off piracy from open proxy servers. Mike -- Michael Neuman, Ph.D. Program Director of Library-IT Collaborations University Information Services Georgetown University 314 Car Barn 3520 Prospect Street N.W. Washington, DC 20057 202-687-6283 202-687-8367 (fax)
- Prev by Date: FBI's reading list worries librarians
- Next by Date: RE: Pricing models, was RE: Message from Kevin Guthrie, JSTOR's President
- Prev by thread: RE: Pricing models, was RE: Message from Kevin Guthrie, JSTOR'sPresident
- Next by thread: FBI's reading list worries librarians
- Index(es):