9
A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s SSO!

A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s

Embed Size (px)

Citation preview

Page 1: A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s

A case study of Shibboleth deployment within the U.T. System

June 26, 2006

Paul CaskeyUniversity of Texas System

Copyright Paul Caskey 2006

Not Your Father’s SSO!

Page 2: A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s

2

Agenda

• Background• The Problems• The Vision• Current Status• Lessons Learned• Future Work

Page 3: A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s

3

Background

• 16 institutions• 9 general academic

• 6 health

• 1 system administration

• 16 unique organizations, budgets, problems, ideas

Page 4: A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s

4

The Problems

• Small campuses tend to get left behind• Little interoperability between

infrastructures – makes collaboration difficult

• Security concerns from the scattered “islands” of identity information

• Regulations, threat of increased oversight• User complaints about numerous logins and

credentials• No process for authorization

Page 5: A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s

5

The Vision

• Reduce sign-ons, number of credentials

• Improve security • islands of ID info

• improved authorization

• Establish plug n' play infrastructure for collaboration

• Implement consistent IdM standards

Page 6: A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s

6

Current Status• SLC Statement of Direction• ETR Grant• Shibboleth install fest 9/04 - 7 institutions initially• Began policy work• Began deploying apps• Shibboleth SP fest 5/05• 5 production applications shared between institutions

1. Guest Wireless at System2. Financial Reporting3. Blackboard4. Employee Training5. Research Tracking

• 11 other applications shibb'd intra-institutionally• MobileCampus, Chancellor's Project Tracking, etc.

• 16 IdPs operational 4/06• Policy docs approved 6/06• Moving federation to production on 9/1• Authorization processes still very immature

Page 7: A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s

7

Lessons Learned

• Educate developers on technology, trust, authorization

• Pursue low hanging fruit early

• Communicate, communicate, communicate• promote consistent understanding of technology• set expectations

• Identifiers• Namespace• Lifetime/re-use

• Support models• Who/where• Skills• Tools

Page 8: A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s

8

Future Work

• Bring federation to production status

• Considerable work to do with authorization

• Work on application auto-provisioning/de-provisioning/updating

• Many more apps coming

• Interfederation

Page 9: A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s

9

Questions

Thank You

[email protected]

THE UNIVERSITY OF TEXAS SYSTEM