Shibboleth Developers

["Wilcox, Mark" <>]

Title: shib web site -- what points to make on the front page

Steven,

I just sent you some changes I'd make (I did it as an HTML mockup - if others would like to see my take - drop me a note - I just didn't want to pollute the list with a Zip file).

 

Mark

 

 

---

From: [mailto:]
Sent: Mon 7/25/2005 2:57 PM
To:
Subject: shib web site -- what points to make on the front page

another discussion topic for today.....

here's another mockup for a new shib front page -- as you can see,
simplicity is the guiding principle here. Reduce the front page to a
small(er) Nav Bar, and some text that conveys the key points abut
shib; the Nav bar would take viewers to pages with more info, and
more detaile info

http://shibboleth.internet2.edu/index0721.html

today's question is -- what points do we want to make on the front
page? Here's a list of possibilities I can think of... altho I'm not
sure I'd vote for all of these.... this list is offered as a
strawman, intended to trigger the usual spirited conversation.....

--- (simple definition) Shibboleth, federated authentication
technology developed by the Internet2 community, enables more
scalable, privacy-preserving access to online resources. Using
Shibboleth-enabled access simplifies management of access permissions
for both the campus and for service providers

--- (key attributes of shib) Shibboleth, a project of Internet2/MACE,
is developing architectures, policy structures, practical
technologies, and an open source implementation to support
inter-institutional sharing of web resources subject to access
controls. In addition, Shibboleth will develop a policy framework
that will allow inter-operation within the higher education
community. Key concepts within Shibboleth include:

*       Federated Administration. The Identity Provider (origin)
campus (home to the browser user) provides attribute assertions about
that user to the Service Provider (target) site. A trust fabric
exists between campuses, allowing each site to identify the other
speaker, and assign a trust level. Identity Provider sites are
responsible for authenticating their users, but can use any reliable
means to do this.
*       Access Control Based On Attributes. Access control decisions
are made using those assertions. The collection of assertions might
include Identity, but many situations will not require this (eg
accessing a resource licensed for use by all active members of the
campus community, accessing a resource available to students in a
particular course).
*       Active Management of Privacy. The Identity Provider (origin)
site, and the browser user, control what information is released to
the Service Provider (target). A typical default is merely "member of
community". Individuals can manage attribute release via a web-based
user interface. Users are no longer at the mercy of the target's
privacy policy.
*       Standards Based. Shibboleth will use OpenSAML for the message
and assertion formats, and protocol bindings which is based on
Security Assertion Markup Language (SAML) developed by the OASIS
Security Services Technical Committee.
*       A Framework for Multiple, Scaleable Trust and Policy Sets
(Federations). Shibboleth uses Federations to specify a set of
parties who have agreed to a common set of policies. (A site can be
in multiple Federations, though.) This moves the trust framework
beyond bi-lateral agreements, while providing flexibility when
different situations require different policy sets.
*       A Standard (yet extensible) AttributeValue Vocabulary.
Shibboleth has defined a standard set of attributes; the first set is
based on the eduPerson object class that includes widely-used person
attributes in higher education.

-- It leverages campus identity and access management infrastructures
to authenticate individuals and then sends information about them to
the resource site, enabling the resource provider to make an informed
authorization decision.

-- typical scenarios.....

-- what makes shibboleth unique (among federation products)?

-- what value does shib/saml/federation provide to IdPs, SPs?

-- what is a Federation? what does it provide?

-- shib as SSO

-- (more key attributes)
        open source, open standards
        scaleable, flexible federation
        Single Sign-On
        attribute exchange
        extensible, modular platform
        privacy management