Shibboleth Developers

> the eq paper
>
> Shib system extends campus identity management so users can access web
>   resources securely in multi-organizational settings

will this first section also cover the project's goals? Here's some 
items frm the web page:

> Federated Administration. The Identity Provider (origin) campus 
> (home to the browser user) provides attribute assertions about that 
> user to the Service Provider (target) site. A trust fabric exists 
> between campuses, allowing each site to identify the other speaker, 
> and assign a trust level. Indentity Provider sites are responsible 
> for authenticating their users, but can use any reliable means to do 
> this.
> *	Access Control Based On Attributes. Access control decisions 
> are made using those assertions. The collection of assertions might 
> include Identity, but many situations will not require this (eg 
> accessing a resource licensed for use by all active members of the 
> campus community, accessing a resource available to students in a 
> particular course).
> *	Active Management of Privacy. The Identity Provider (origin) 
> site, and the browser user, control what information is released to 
> the Service Provider (target). A typical default is merely "member 
> of community". Individuals can manage attribute release via a 
> web-based user interface. Users are no longer at the mercy of the 
> target's privacy policy.
> *	Standards Based. Shibboleth will use OpenSAML for the message 
> and assertion formats, and protocol bindings which is based on 
> Security Assertion Markup Language (SAML) developed by the OASIS 
> Security Services Technical Committee.
> *	A Framework for Multiple, Scaleable Trust and Policy Sets 
> (Federations). Shibboleth uses Federations to specify a set of 
> parties who have agreed to a common set of policies. (A site can be 
> in multiple Federations, though.) This moves the trust framework 
> beyond bi-lateral agreements, while providing flexibility when 
> different situations require different policy sets.
> *	A Standard (yet extensible) AttributueValue Vocabulary. 
> Shibboleth has defined a standard set of attributes; the first set 
> is based on the eduPerson object class that includes widely-used 
> person attributes in higher education.


> Shib project
>   did scope, requirements, design in open process

should also mention we're an "open source" project

>   produced software and docs
>   promotes adoption with campuses and RPs
>   engages with standards bodies, industry groups, library community
>   provides forum for support of the system
>   continues
>
> Shib system
>   basic flow
>   SP component
>   IdP component
>   federation support

somewhere, we should motivate the idea of "federations" -- what value 
do they provide?

> implications for campus IT
>     attr-based AC
>     XML-based stds
>     privacy mgt
>     community-defined attributes
>     realization of PKI potential for scalable trust mgt
>     higher-ed-wide federation
>     Grid-computing integration with IT infra
>     directory integration
>     federated methods in other (non-web) apps
>     development via open collaboration of campus mware architects
>       Signet, grouper as the next instances