A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of...

Preview:

Click to see full reader

Citation preview

A case study of Shibboleth deployment within the U.T. System

June 26, 2006

Paul CaskeyUniversity of Texas System

Copyright Paul Caskey 2006

Not Your Father’s SSO!

2

Agenda

• Background• The Problems• The Vision• Current Status• Lessons Learned• Future Work

3

Background

• 16 institutions• 9 general academic

• 6 health

• 1 system administration

• 16 unique organizations, budgets, problems, ideas

4

The Problems

• Small campuses tend to get left behind• Little interoperability between

infrastructures – makes collaboration difficult

• Security concerns from the scattered “islands” of identity information

• Regulations, threat of increased oversight• User complaints about numerous logins and

credentials• No process for authorization

5

The Vision

• Reduce sign-ons, number of credentials

• Improve security • islands of ID info

• improved authorization

• Establish plug n' play infrastructure for collaboration

• Implement consistent IdM standards

6

Current Status• SLC Statement of Direction• ETR Grant• Shibboleth install fest 9/04 - 7 institutions initially• Began policy work• Began deploying apps• Shibboleth SP fest 5/05• 5 production applications shared between institutions

1. Guest Wireless at System2. Financial Reporting3. Blackboard4. Employee Training5. Research Tracking

• 11 other applications shibb'd intra-institutionally• MobileCampus, Chancellor's Project Tracking, etc.

• 16 IdPs operational 4/06• Policy docs approved 6/06• Moving federation to production on 9/1• Authorization processes still very immature

7

Lessons Learned

• Educate developers on technology, trust, authorization

• Pursue low hanging fruit early

• Communicate, communicate, communicate• promote consistent understanding of technology• set expectations

• Identifiers• Namespace• Lifetime/re-use

• Support models• Who/where• Skills• Tools

8

Future Work

• Bring federation to production status

• Considerable work to do with authorization

• Work on application auto-provisioning/de-provisioning/updating

• Many more apps coming

• Interfederation

9

Questions

Thank You

pcaskey@utsystem.edu

THE UNIVERSITY OF TEXAS SYSTEM

Recommended

Enfermagem em u.t
Documents
WHAT, For the love of Mrs. Caskey, is this?
Documents
U.t. 2 mk interno
Marketing
CA Options: Buy or Build, and Signed by Whom? Paul Caskey PKI Deployment Forum 2008
Documents
Federated Identity Management: Is The State of Texas Ready? Paul Caskey The University of Texas System System-wide Information Services TASSCC 2008 August
Documents
Allis caskey presentation
Documents
LOGO U.T RG 2008
Documents
Daniel Caskey - Learn More About Cristiano Ronaldo
Sports
SAML a mature six year old? Glenn Wearen, Paul Caskey & Josh Howlett
Documents
H. Bessière (Doc) U.T. – IMFT H. Roux (MdC) U.T. – IMFT D. Dartus (Pr) U.T. IMFT
Documents
Gail Caskey Winkler
Documents
u.t. 12 Alimentación y Nutricion_3
Documents
An Admin's Guide to Data Visualization - USENIX · An Admin's Guide to Data Visualization Caskey L. Dickson caskey@{microsoft,gmail,twitter,github,...}.com. @caskey [citation needed]
Documents
Pippias, M., Jager, K. J. , Caskey, F., Casula, A
Documents
U.T. Dallas Retiree Association
Documents
7/8/2009 Paul Caskey, U.T. System - IAM
Documents
U.T.1 NOMENCLATURA NAUTICA
Documents
AA1 Owen Caskey
Documents
관광홈페이지 U.T 자료
Technology
U.T.4. El Lenguaje radiofónico
Documents