Shibboleth Roadmap -- 2005
description
Transcript of Shibboleth Roadmap -- 2005
Shibboleth Roadmap -- 2005
2
Sequence
• Shibboleth v1.3• E-Authentication Certification
• Restructuring of Federations• The Transition to InCommon• “Negative Trust” Federation• International Federation Peering
• Shibboleth and Grids• Futures• WS* Interop• Interim Release – Support for Some of SAML 2.0• Full SAML 2.0 Support
3
Shibboleth v1.3
• Planned Availability -- June 1, 2005• Major New Functionality• Full SAML v1.1 support -- BrowserArtifact Profile
and AttributePush• Support for SAML-2 metadata schema• Improved Multi-Federation Support• Support for the Federal Gov’t’s E-authn Profile• Native Java SP Implementation• Improved build process
4
E-Authn Certification
• V1.3 has already successfully navigated interoperability testing
• Scheduled for Certification Testing the week of June 20
• Campuses could then• Join the E-authn Federation• Use the Shibboleth software to access e-authn
enabled federal gov’t web sites• More E-authn info available at
http://www.cio.gov/eauthentication/
5
Restructuring of Federations
• The Transition to InCommon• InCommon is now “Real”• Campuses and Vendors are Transitioning…• May soon see negative incentives for long term membership in
InQueue• “Negative Trust” Federation
• Available for software development, testing• Self-service application to register• Expect to see many relatives of Donald Duck as members
• International Federation Peering• Moving forward…• Vendors moving toward supporting multi-federation world
6
Shibboleth and Grids
• • Shib/SAML is currently web-browser centric• so doesn't apply to more general protocols• yet can easily apply to Grid portals• SAML could carry certs/keys as attributes
• • Grid-Shib project• NSF-funded• focus on access to campus Attribute Authority to
provide attributes for Grid service authz decisions
7
WS* Interop
• Web Services is a big deal• much practice, much promise, much hype• great potential for multi-vendor integration
• • WS-Security• base spec is OASIS standard, but only first 5%• many layered specs: WS-Policy, -Trust,
Conversation, -Federation, -Resource, etc• standard/IPR status not clear• SAML can be carried as WS-Sec “token”• Microsoft federation software uses SAML
assertions but WS-Fed protocol
8
WS* Interop -- Status
• Agreements to build WS-Fed interoperability into Shib• Contracts signed; work to begin After Shib v1.3• WS-Federation + Passive Requestor Profile + Passive
Requestor Interoperability Profile• Discussions broached, by Microsoft, in building Shib
interoperabilty into WS-Fed; no further discussions• Devils in the details• Can WS-Fed-based SPs work in InCommon without
having to muck up federation metadata with WS-Fed-specifics?
• All the stuff besides WS-Fed in the WS-* stack
9
WS* Interop -- High Level Goals
• Establish interoperability of the ADFS Identity Provider and Service Provider implementations (and any other WS-F/PRP/PRIP Provider conformant implementations), with the Internet2 Shibboleth System Identity Provider and Service Provider implementations.
• Establish ADFS as a supported option for use for Identity Provider and Service Provider deployments in the Internet2-operated InCommon Federation of US higher-education and partner sites.
• Build a strategic relationship with a fully deployed and leading edge federation (InCommon) and the higher ed academic community.
10
Shibboleth -- Interim Release
• Target Date -- within Calendar 2005• Include some SAML-2 Functionality• Rely on feedback from user community to
identify SAML-2 features which are HI priority
• Discussion started yesterday during WG meeting
11
SAML 2.0 Support
• SAML-2 approved March 2005• Target Date -- mid-year 2006• Expect to provide support for ALL
REQUIRED SAML-2 functionality
• Who wants to help?
12