Upload
katherine-stokes
View
214
Download
1
Embed Size (px)
Citation preview
A case study of Shibboleth deployment within the U.T. System
June 26, 2006
Paul CaskeyUniversity of Texas System
Copyright Paul Caskey 2006
Not Your Father’s SSO!
2
Agenda
• Background• The Problems• The Vision• Current Status• Lessons Learned• Future Work
3
Background
• 16 institutions• 9 general academic
• 6 health
• 1 system administration
• 16 unique organizations, budgets, problems, ideas
4
The Problems
• Small campuses tend to get left behind• Little interoperability between
infrastructures – makes collaboration difficult
• Security concerns from the scattered “islands” of identity information
• Regulations, threat of increased oversight• User complaints about numerous logins and
credentials• No process for authorization
5
The Vision
• Reduce sign-ons, number of credentials
• Improve security • islands of ID info
• improved authorization
• Establish plug n' play infrastructure for collaboration
• Implement consistent IdM standards
6
Current Status• SLC Statement of Direction• ETR Grant• Shibboleth install fest 9/04 - 7 institutions initially• Began policy work• Began deploying apps• Shibboleth SP fest 5/05• 5 production applications shared between institutions
1. Guest Wireless at System2. Financial Reporting3. Blackboard4. Employee Training5. Research Tracking
• 11 other applications shibb'd intra-institutionally• MobileCampus, Chancellor's Project Tracking, etc.
• 16 IdPs operational 4/06• Policy docs approved 6/06• Moving federation to production on 9/1• Authorization processes still very immature
7
Lessons Learned
• Educate developers on technology, trust, authorization
• Pursue low hanging fruit early
• Communicate, communicate, communicate• promote consistent understanding of technology• set expectations
• Identifiers• Namespace• Lifetime/re-use
• Support models• Who/where• Skills• Tools
8
Future Work
• Bring federation to production status
• Considerable work to do with authorization
• Work on application auto-provisioning/de-provisioning/updating
• Many more apps coming
• Interfederation