Access and Identity Management - Eduserv AIM
Eduserv Background Image Go to main textInnovative Technology Services
Home
Athens
Chest
Web Solutions
Foundation
You are in :    Eduserv > AIM > What is Shibboleth?
In this section
More info...

What is Shibboleth?

Shibboleth is an architecture that enables organisations to build single sign-on environments that allow users to access web-based resources using a single login. Shibboleth uses open standards (such as SAML) and was developed by the Internet2 middleware group.

JISC believes that Shibboleth provides a next generation access-management solution for their community. To this end, the JISC invested £6.6 million pounds in its Core Middleware Programmes (which included the Middleware Assisted Take-Up Service).
 

The Shibboleth architecture defines a way of exchanging information between an organisation and a provider of digital resources (such as data, video, documents, and so on). By using Shibboleth, the information is exchanged in a secure manner, protecting both the security of the data and the privacy of the individual.


In the Shibboleth model, the organisation is responsible for authenticating the user - that is, for checking that the credentials the user presents are correct (typically with a username/password combination). The organisation is also responsible for providing information about the user; for example, whether the user is a student, lecturer, or member of the department zoology. This information is called attribute information. The organisation is called the Identity Provider.


The decision to authorise access to information is the responsibility of the owner of the resource, and is based on the user's attribute information. Attribute information can be as simple as 'member of zoology department' or as complex as 'member of project team who has signed up to the project terms and conditions'. The provider of the information is called the Service Provider.


The term Shibboleth also refers to software, created by the Internet2 group, that implements the Shibboleth architecture. The Internet2 group expects that other software organisations will, in future, provide Shibboleth-compliant software packages.

Organisations that use Shibboleth to access resources must join or create a federation. A federation creates a "circle of trust" for organisations that want to access a set of resources. Each federation has its own criteria for organisations that want to join it, and defined levels of trust for access to the set of resources.


The UK Access Management Federation for Education and Research. Supported by JISC and Becta, and operated by UKERNA whent live in November 2006.

The Shibboleth project has established two federations, InQueue and InCommon. InQueue enables organisations to test their Shibboleth implementation, while InCommon is for production use.

Other federations include the Swiss SWITCH AAI, EDINA SDSS and the Eduserv test and production federations.

Virtual organisations are groups of individuals from multiple organisations who want to collaborate in some way. A virtual organisation - for example an eScience project group - can be created dynamically or statically. A virtual organisation has no legal status and is therefore ineligible to sign licences or make legal commitments.

Authentication and authorisation is difficult in a virtual organisation, as it is not clear who has the authority to assert membership of it.

 
Events | Contact us | News
© Copyright Eduserv - All rights reserved