Skip to Content.
Sympa Menu

shibboleth-dev - shib web site -- what points to make on the front page

Subject: Shibboleth Developers

List archive

shib web site -- what points to make on the front page


Chronological Thread 
  • From:
  • To:
  • Subject: shib web site -- what points to make on the front page
  • Date: Mon, 25 Jul 2005 14:57:40 -0400

another discussion topic for today.....

here's another mockup for a new shib front page -- as you can see, simplicity is the guiding principle here. Reduce the front page to a small(er) Nav Bar, and some text that conveys the key points abut shib; the Nav bar would take viewers to pages with more info, and more detaile info

http://shibboleth.internet2.edu/index0721.html

today's question is -- what points do we want to make on the front page? Here's a list of possibilities I can think of... altho I'm not sure I'd vote for all of these.... this list is offered as a strawman, intended to trigger the usual spirited conversation.....

--- (simple definition) Shibboleth, federated authentication technology developed by the Internet2 community, enables more scalable, privacy-preserving access to online resources. Using Shibboleth-enabled access simplifies management of access permissions for both the campus and for service providers

--- (key attributes of shib) Shibboleth, a project of Internet2/MACE, is developing architectures, policy structures, practical technologies, and an open source implementation to support inter-institutional sharing of web resources subject to access controls. In addition, Shibboleth will develop a policy framework that will allow inter-operation within the higher education community. Key concepts within Shibboleth include:

* Federated Administration. The Identity Provider (origin) campus (home to the browser user) provides attribute assertions about that user to the Service Provider (target) site. A trust fabric exists between campuses, allowing each site to identify the other speaker, and assign a trust level. Identity Provider sites are responsible for authenticating their users, but can use any reliable means to do this.
* Access Control Based On Attributes. Access control decisions are made using those assertions. The collection of assertions might include Identity, but many situations will not require this (eg accessing a resource licensed for use by all active members of the campus community, accessing a resource available to students in a particular course).
* Active Management of Privacy. The Identity Provider (origin) site, and the browser user, control what information is released to the Service Provider (target). A typical default is merely "member of community". Individuals can manage attribute release via a web-based user interface. Users are no longer at the mercy of the target's privacy policy.
* Standards Based. Shibboleth will use OpenSAML for the message and assertion formats, and protocol bindings which is based on Security Assertion Markup Language (SAML) developed by the OASIS Security Services Technical Committee.
* A Framework for Multiple, Scaleable Trust and Policy Sets (Federations). Shibboleth uses Federations to specify a set of parties who have agreed to a common set of policies. (A site can be in multiple Federations, though.) This moves the trust framework beyond bi-lateral agreements, while providing flexibility when different situations require different policy sets.
* A Standard (yet extensible) AttributeValue Vocabulary. Shibboleth has defined a standard set of attributes; the first set is based on the eduPerson object class that includes widely-used person attributes in higher education.

-- It leverages campus identity and access management infrastructures to authenticate individuals and then sends information about them to the resource site, enabling the resource provider to make an informed authorization decision.

-- typical scenarios.....

-- what makes shibboleth unique (among federation products)?

-- what value does shib/saml/federation provide to IdPs, SPs?

-- what is a Federation? what does it provide?

-- shib as SSO

-- (more key attributes)
open source, open standards
scaleable, flexible federation
Single Sign-On
attribute exchange
extensible, modular platform
privacy management



Archive powered by MHonArc 2.6.16.

Top of Page