Middleware Announcements

[Renee Frost <>]

Shibbing News  --  Nov. 18, 2004

Index:

Project Information
# Shibboleth v1.2.1 is NOW Available
# Shuibboleth v 1.3 update
# E-Authn Status
# IdP Installation Checklist now Available

Vendor Info
# Elsevier
# OCLC update

Partner Info
# JISC Shibboleth Update
# International Meeting: Authentication and Authorization Infrastructure
# Grid Shib update / NMI Awards

Reports / General Info
# EDUCAUSE Quarterly Article on Shibboleth
# Burton Paper


Upcoming Meetings / Presentations
# CNI presentation in December
# Inside ID Mtg - Ken Klingenstein presentation


# Shibboleth v1.2.1 is NOW Available
Shibboleth v1.2.1 is now available. This point release includes many bug 
fixes. In addition, there are two notable additions to the packaging: 1) 
the SP (target) implementation in this version will build and run on Mac OS 
X (the IdP (origin) implementation already ran on OS X), and 2) RPMs are 
being provided to simplify the installation of the SP (target) side on 
Fedora Core. RPMs are available on the Shib distribution site for the 
dependencies as well as the Shibboleth components.


# Shibboleth v1.3 update
Shibboleth version 1.3 will be rolling out early next year. We wanted to 
alert people to this and to point out some planned enhancements in this 
version which will include many feature and functionality enhancements, 
including completing the support for having a single copy of the HS/AA be a 
member of multiple federations, extensive refactoring of the code 
in  anticipation of upcoming work to provide interoperability with 
IBM  and  Microsoft's WS-Security framework, and support for use of 
Shibboleth by the Grid Security Protocols and LionShare. This version will 
be certified for use within the US Federal E-Authentication initiative.


# E-Authn Status
The Shibboleth Core team recently successfully completed Phase One of its 
Federal E-Authentication pilot project. A modified version of the 
Shibboleth v1.2 software successfully interoperated with test sites 
operated by the federal E-Authentication Labs. Phase Two of this project 
will integrate this support into a standard Shibboleth release (v1.3, 
currently slated for release in March, 2005), and ensure that this version 
passes the E-Authn Certification tests. Phase Two will also work to align 
the policy and trust models used by E-Authn and the InCommon Federation.

E-Authn certification would mean that campuses could use the Shibboleth 
software, and the InCommon federation, to interact with Federal government 
web sites. For instance, it is expected that the NSF Fastlane site will be 
accessible via E-Authn, and thus researchers on "shib-enabled" campuses 
would be able to easily and more quickly manage interactions with NSF and 
other federal agencies.


# IdP Installation Checklist now Available

We've now run several InstallFests -- 4-5  hour sessions designed to help 
campuses get a pilot IdP installation operational quickly and effectively. 
We're now publishing the "Checklist" that we've been giving to attendees; 
its proven to be a very effective tool for session attendees and we think 
that it would be useful outside of the session context. This collects and 
condenses information that is currently found in several sources, and 
presents the information in a "cookbook" approach. The Checklist does not 
contain any of the reference material currently found in the deploy guides. 
The Checklist, of necessity, removes some of the flexibility and choices 
that sites would ordinarily have during the installation process; in 
return, it  provides a single complete step by step description of an 
installation and configuration within the InQueue federation. the checklist 
is available at 
http://shibboleth.internet2.edu/guides/identity-provider-checklist.html .


# Elsevier
Elsevier's ScienceDirect recently completed its pilot project to deploy and 
test Shibboleth with a small group of campuses including Dartmouth College, 
Georgetown University, New York University, Penn State, and UC, San Diego. 
This will ensure ScienceDirect is in a good position to make Shibboleth 
authentication available to a wider audience and helps Shibboleth and the 
InQueue/InCommon federations move forward. ScienceDirect will be willing to 
work with any site that wishes to begin using Shibboleth-enabled access. If 
you would like to begin using Shibboleth enabled ScienceDirect please 
contact Niels Weertman <N.Weertman at elsevier.com>.


# OCLC update
OCLC will soon be upgrading to Shibboleth 1.2 and will change the URL for 
shib-enabled access to FirstSearch.  The URL has been 
http://s-pilot.dev.oclc.org:1441/FirstSearch/ or 
https://s-pilot.dev.oclc.org:1991/FirstSearch.  It will change to 
http://shib.dev.oclc.org:2080/fs/ or https://shib.dev.oclc.org:2443/fs/. 
OCLC will be using InCommon for their production environment.

For more information contact Eva Allen < allene at oclc.org>.


# JISC Shibboleth Update
The PERSEUS team at LSE (with valuable help also from James Sankar of 
UKERNA and Terry Morrow) helped organize a Shibboleth InstallFest as a 
technical workshop for the JISC Core Middleware Projects.  John Paschoud, 
says "It was a great pleasure to see Nate Klingenstein and Walter Hoehn of 
Internet2 again (who were 'imported' to run the workshop - most expertly), 
and to show them a few bits of 'quaint' English culture on their first 
visits to the UK." In addition to the successful practical outcomes, the 
event was a valuable learning experience to feed into future development of 
the JISC Core Middleware Infrastructure project.

Information provided by John Paschoud, Project Manager, PERSEUS, London 
School of Economics & Political Science.


# International Middleware Meeting: Authentication and Authorization 
Infrastructure
An international peering meeting was held in the Cotswolds, UK, October 14 
-15 to discuss interconnecting national authentication and authorization 
infrastructures to support the research and education community 
internationally.  It was attended by representatives from Australia, 
Finland, the Netherlands, Spain, Switzerland, UK, US and CERN.  Documents, 
experiences, and issues relating to national federations were shared. 
Issues included agreeing on policy framework, comparing policies, 
correlating application usage to trust level, aligning privacy needs, 
working with multinational service providers, and scaling the WAYF 
function.  Discussions focused on Internal Federations, Inter-Federations, 
and Union of Federations. Major outcomes included assembling a "cookbook" 
or guidance documentation, establishing a website for communication, and 
potentially establishing a short term position to coordinate the activities.
http://www.incommonfederation.org/docs/other/Intl-middleware-oct-2004.html


# Grid Shib update / NMI Awards
The Division of Shared Cyberinfrastructure in the Directorate for Computer 
& Information Science & Engineering of the National Science Foundation has 
recently awarded the Univ.of Chicago and the National Computational Science 
Alliance (NCSA) funding for a "Policy Controlled Attribute Framework." 
These projects will integrate "GSI and Shibboleth to form a robust 
attribute infrastructure for campus environments to enable secure 
verification of user attributes by inter-institutional Grid users."  More 
information will be coming out soon from the receiving organizations.

The award abstracts can be seen online at:
  http://www.nsf.gov/awardsearch/showAward.do?AwardNumber=0438424
  http://www.nsf.gov/awardsearch/showAward.do?AwardNumber=0438385


# EDUCAUSE Quarterly Article
The new Shibboleth article is out in volume 27 Number 4 of the EDUCAUSE 
Quarterly. The article is available online at the address given below.

"Federated Security: The Shibboleth Approach" By R. L. "Bob" Morgan, Scott 
Cantor, Steven Carmody, Walter Hoehn, and Ken Klingenstein
http://www.educause.edu/ir/library/pdf/eqm0442.pdf
http://www.educause.edu/pub/eq/eqm04/eqm0442.asp


# Burton Paper
As part of its Directory and Security Strategies Overview, the Burton Group 
released a document on Shibboleth. Principal Consultant Doug Simmons 
reviews the Shibboleth standard, its current implementations, its 
relationship with existing standards, and its future. Burton Group focuses 
on "offering in-depth analysis of infrastructure technologies. Burton 
Group's unbiased, in-depth, technical research and advice helps IT 
technologists and architects make smart enterprise architecture decisions 
in increasingly complex environments."

The document can be found at: 
http://www.burtongroup.com/research_consulting/doc.asp?docid=899 Please 
note that you need to be a Burton subscriber to access the document. We 
understand that many member sites do have subscriptions, so you might check 
around your campus to see if there is a subscription allowing you to 
read  this document.


# CNI presentation in December
The Coalition for Networked Information (CNI) will hold it's winter meeting 
on December 6-7 in Portland, OR. This is a reminder to those who will be 
attending that there are plans for a middleware update including current 
status and future plans for Shibboleth to be presented by Nathan Dors, 
University of Washington. Be sure to attend to catch up on the latest 
information.

For information about the meeting see: 
http://www.cni.org/tfms/2004b.fall/index.html

# Inside ID Mtg - Ken Klingenstein presentation
The Inside ID Conference in DC on Nov. 15 - 17 included a track on Models 
of Federated ID and Web Services. Ken Klingenstein was invited to present 
on InCommon:  A Shibboleth-based Research and Education Federation.  For 
more information:
http://www.jupiterevents.com/insideid04/agenda2.html#130-1

"Inside ID Conference & Expo helps define and nurture the evolving 
discipline of modern identity management, covering some of the most 
pressing challenges of our uncertain world including: digital identity, 
homeland security, identity theft and financial transaction fraud." -- 
Inside ID Conference web site


Renée Woodten Frost
Associate Director, Middleware and Security
Internet2
3025 Boardwalk Suite 200
Ann Arbor, Michigan 48108
phone:  734-913-4293    fax:  734-913-4255