Benefits

Shibboleth enables access control for web-based applications and

  • provides web single sign-on functionality for services hosted by your site, other sites, or both.
  • simplifies account and access management related to offering protected web-based resources.
  • optionally enables the preservation of privacy according to institutional policy and individual preferences.
  • facilitates authorization and just-in-time provisioning by providing identity information to applications for just-in-time authorization decisions.
  • provides a site with tools to manage authorization to access remote resources
Who is using Shibboleth?

Shibboleth is seeing adoption worldwide in the research and education communities. For a list of federations using Shibboleth, refer to the Federations page. To find out how organizations have addressed business challenges with Shibboleth, refer to Shibboleth in Use.

In addition, a number of service providers have chosen Shibboleth for their federated access management software. For more information on service providers, see Shibboleth Enabled Applications and Services.

Key Benefits in Detail
  • Enable Single Sign-on to On- and Off-site Managed Services
    One organizational ID and password to access all on- and off-campus resources

    Shibboleth was developed specifically to address the challenges of controlling access to multiple resources offered by an institution, third-party providers, or both. In the past, each resource required a separate ID and password. This makes life complicated for the user and opens security and workload concerns for the institution.
  • Build and Manage Locally, Access Globally
    Use your existing identity management system for access to all resources

    Account management is provided by your existing campus Identity Management infrastructure; Shibbo­leth leverages that system. You define a user’s relationship with your institution. Shibboleth delivers this information so that a web-based service – hosted on- or off-campus – can make an access control decision
  • Protect Your Data and Users’ Privacy
    Release only the essential information about your users

    Shibboleth is the only SAML-based federating software that does not require the release of user identities. Your campus sends only the data needed for authorization. If the criterion for access is current enrollment in a particular biology course, that is the only information sent. The data is delivered just-in-time and governed by your institution’s privacy policy. However, if the service provider needs personal information or an identity, and this is acceptable with the organizational policy, Shibboleth can be configured to send that, too.
  • Partner with your Service Providers
    Time-saving features for you and your resource provider

    Shibboleth can substantially reduce the risk and time involved in offering services. In the past, IT departments sent large files of identity data to a service provider to create and update separate accounts. Using Shibboleth, the service provider
    • receives fresh, accurate account information each time the user accesses the resource
    • saves time and reduces risk by not having to maintain campus identity and account stores that age and must be updated
    • controls access to its protected services without the concerns of potential identity data spills or misconfigured IP-based access methods
    • saves money by reducing the integration work when adding new customers and troubleshooting multiple account IDs and passwords
    • enables personalization by providing a persistent but anonymous identifier so the browser experience can be customized based on the individual’s history with your service while maintaining his or her privacy

  • Ease Your Federation Participation
    Adding new partners is a breeze

    Shibboleth was developed with federations and their operational requirements in mind. Information associated with federation membership and trust can be updated automatically, as often as you’d like. And once you implement Shibboleth, adding a new partner can take just minutes.
  • Provide Access to the Federal Government Applications
    E-Authentication is coming and Shibboleth will lead the way

    The Federal E-Authentication Initiative has approved a Shibboleth plug-in to work with their federation. The software is currently supported by the National Institutes of Health which is a member of the U.S. InCommon Federation.
  • Play Well with Others
    Shibboleth is standards based – it gets along with everyone

    Interoperability is extremely important in a federated world, where commercial sites and U.S. government agencies might use different federating software. Shibboleth offers multi-protocol sup­port that ensures it will interoperate with other com­mercial implementations. These protocols include OASIS SAML (versions 1.0, 1.1, and 2.0), protocols and exten­sions for Microsoft’s Active Directory Federation Services and, in the future, CardSpace.™
  • Create Opportunities
    Resource providers will appreciate the fine-tuned access control.

    Shibboleth’s attribute-based approach provides the ability to implement fine-grained access control and allows more licensing options. You and your service provider can control access by department, major or by any other criteria. Using a similar technique, the software also enables personalization of services without releasing identity or sacrificing privacy.
Internet2 Home Membership Network Communities Services R&D Tools Events Newsroom About
Privacy | Site Map | Terms of Use | Contact Us     Copyright 2008 Internet 2