The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

A Look at Ourselves

Owned by Former user (Deleted)
Last updated: Jun 27, 2007 by Former user (Deleted)Version comment
3 min read

CAMP Shib Cohort Group 1 25-June-07

Exercise: A Look at Ourselves, Monday, 25-June, 4:00 - 5:00 pm

https://spaces.internet2.edu/x/8Qw

Facilitators: Chris Mackie and Keith Hazelton

  • Round robin intro, what will you take home as your shib-related set of tasks?
  • Are you comfortable with that CAMP goal? If not, what is YOUR goal?
  • Does your shib goal fall nicely into one of the three deployment phases?
    1. Intracampus WebSSO
    2. Attribute delivery
    3. Federated IAM
  • If not, where are you?
  • Things you are puzzled about
  • Questions that came up during the day

Eric Harper, NITLE.org. Thinking about shibboleth: take the checklist and figure out where I am? Deploying as a service provider, or

Jack Carico, III, Walla Walla Community College: Wash state comm colleges, next door to UWash: potentially a single IdP for comm colleges...

Tim Wrye, Highline Community College: Wash: intra-campus. federation with the U. Highline might move first to provide proof of concept. chaos as a foundation. admin/instructionally split. AD admin, novell e-dir on instruction side: using Novell's IdM to bring together; Bb is pain point.

Julian Pietras, South Puget Sound Community College. 3 roles: 1) my comm coll.; 2nd) comm colleges shared simple sign-on; 3) dept info svcs. state committee he participates on: standard policy; Add'l info on biz drivers and trends

Campus wide: AD server: admin and acad. basically no online services for Students; charged staff to come up with reduced sign-on.

Micah Randsell, Seattle Pacific U: research mode: getting back into programming as a new hire. Have Banner, use AD for email and blackboard. Looking at how much pain it would be to install across all the web servers, etc.

Rick Versace, Vassar College: Proof of concept. shib would be part of that. LDAP, AD, email is incorporated into the password mgmt system

Joseph Banda, Jaime Nuñez, U Texas-Pan American: Shib in production: intercampus federation; UT Arlington,, Jaime: IdP in place. UT system software. Want to move there to more of a research institution. Software for Arlington, mySpace for professors.

Jeremy Good, Eastern Mennonite U.: 1500 in Shenandoah Valley: almost everything to authN against e-Dir, but not blackboard. need AuthZ. Want to learn what would be required to implement that.

Sean M., Geo Fox: SSO to add to single username & password; want SSO across all web apps. Shib's been on radar; pieces would fit; fact finding mission to see what the possibilities are.

Ryan, too

Kevin Emslie Sarsen, Boise State: figure out what effort is involved; AD and eDir, and have looked at vendor products; historically approach is what costs the most, buy that. There is a needs analysis, but it's like looking at Medusa.

Leif Johanssen, Stockholm, U.: running shib for a long time. running the shib federation.

Greg Lee, College Center for Library Automation: 28 comm coll, 70+ locations; webSSO federated-like thing for the students. around 200 databases; works great, but encouraging comm college CIOs to look at something more standardized.

Doug Afdahl. USNaval Academy: strong authN through LDAP; DoD primarily but half of faculty are civilian. Everyone accessing resources in and out are at a given level. Keeping navy and DoD happy on what we're up to. Last 3 years we've increased exchange program massively 300 students around the world; foreign students coming to the Naval Academy; Go to the next level in identity management to get to the federated mode much easier. Putting together

____, Wash comm colleges share a student system, ancient; being recentralized at a central tech. consortium. fin, registration, HR.

What is missing? Costs

Sean M.: Good security team: think about students with cookies on web browsers.

Cost of identity management: One benchmark:  $30 per identity per year.

Hard to parse out is that you spend money differently with closed source packages vs. open source packages.

---------

What questions do you need answers to to get to the next stage:

Where has it been successfully used?

What are the costs?

What policies are needed. A policy cheat-sheet.

Sean M.: we've got a pretty good grasp on identity; how do I actually do this. How do I tie my web services into that. Coaching: watch someone do it once.

How many have top-to-bottom organizational support, how many are THE drivers?

Texas Pacific: IdM committee: IT committee;

Wash comm colleges: general support that we need to do something to present a better face to the students. Statewide push. Money. Document identifying current practices, baseline studies.

what portion of your faculty are collaborating outside the walls? Have the boundaries moved out?

In specific disciplines, science, crossing boundaries;

nobody wants to outsource IdM.

Service Oriented Architecture (SOA) and IAM:

Greg: We provide services for our libraries

Kevin: We are a PeopleSoft shop; that's leading us in the SOA direction.