Access & Identity Management
Eduserv Background Image Go to main textinnovative technology services
Home
Athens
Chest
Web Solutions
Foundation
You are in :    Eduserv > Athens > Federated access > Shibboleth introduction
Log on to

In this section

Introduction

Shibboleth is an architecture that enables organisations to build single sign-on environments that allow users to access web-based resources using a single login. Shibboleth uses open standards (such as SAML) and was developed by the Internet2 middleware group.

JISC believes that Shibboleth provides a next generation access-management solution for their community. To this end, JISC plans to invest £6.6 million pounds in its Core Middleware Programmes.

What is Shibboleth?

The Shibboleth architecture defines a way of exchanging information between an organisation and a provider of digital resources (such as data, video, documents, and so on). By using Shibboleth, the information is exchanged in a secure manner, protecting both the security of the data and the privacy of the individual.

In the Shibboleth model, the organisation is responsible for authenticating the user - that is, for checking that the credentials the user presents are correct (typically with a username/password combination). The organisation is also responsible for providing information about the user; for example, whether the user is a student, lecturer, or member of the department zoology. This information is called attribute information. The organisation is called the Identity Provider.

The decision to authorise access to information is the responsibility of the owner of the resource, and is based on the user's attribute information. Attribute information can be as simple as 'member of zoology department' or as complex as 'member of project team who has signed up to the project terms and conditions'. The provider of the information is called the Service Provider.

The term Shibboleth also refers to software, created by the Internet2 group, that implements the Shibboleth architecture. The Internet2 group expects that other software organisations will, in future, provide Shibboleth-compliant software packages.

Federations

Organisations that use Shibboleth to access resources must join or create a federation. A federation creates a "circle of trust" for organisations that want to access a set of resources. Each federation has its own criteria for organisations that want to join it, and defined levels of trust for access to the set of resources.

The Shibboleth project has established two federations, InQueue and InCommon. InQueue enables organisations to test their Shibboleth implementation, while InCommon is for production use.

Other federations include the Swiss SWITCH AAI, EDINA SDSS and the Eduserv test and production federations.

Virtual Organisations

Virtual organisations are groups of individuals from multiple organisations who want to collaborate in some way. A virtual organisation - for example an eScience project group - can be created dynamically or statically. A virtual organisation has no legal status and is therefore ineligible to sign licences or make legal commitments.

Authentication and authorisation is difficult in a virtual organisation, as it is not clear who has the authority to assert membership of it.

More information

If you need more information about Shibboleth®, please refer to the Internet2 Shibboleth website.


 
About us | Contact us | Site map
© Copyright Eduserv - All rights reserved | Terms and Conditions | Privacy policy