Table of Contents

For information, please contact shib-info@internet2.edu

Project Information


Shibboleth 1.3 is Now Available

Significant Changes include:

More information about this version at the Shibboleth Wiki

Beta Version of Native Java SP Implementation Available Soon.

A beta implementation, in Java, of the Shibboleth Service Provider (SP) component will be available soon. This implementation will be feature compatible with the existing C++ implementation, and will support the same metadata formats. However, it has been designed to run in a servlet container, and should enable an easier Shibboleth deploy for service providers that operate pure Java sites. An availability announcement will appear shortly on the shibboleth-users email list.

Shibboleth Roadmap

There is a Shibboleth Roadmap and related information on future directions now available online at Shibboleth Wiki. These pages will continue to be filled out over the coming weeks. In addition, the Shibboleth Wiki now contains pages where people can discuss Development Opportunities and a Wish List for new features.


International Partner Information

JISC Update

Shib-UK News

Shibboleth Take-Up
Through the JISC Core Middleware Programmes, over 40 institutions within the UK are currently involved in Shibboleth trials and implementation. This includes not only institutional early adopters of Shibboleth, but development projects working on the integration of Shibboleth within e-learning and e-research environments. For more information about the JISC projects, please visit: http://www.jisc.ac.uk/index.cfm?name=programme_middleware, or sign up to the JISC mailing list at: http://www.jiscmail.ac.uk/lists/jisc-shibboleth.html.

A roadmap, describing JISC's plans for the development of Shibboleth can be found at: http://www.jisc.ac.uk/uploaded_documents/CMRoadmap03_05.doc.

MATU News
The Middleware Assisted Take-Up Service has been funded by JISC to help support Early Adopters of middleware within the UK. MATU have announced a workshop programme for the autumn. They are interested in feedback on the proposed programme. Details are at http://www.matu.ac.uk/training/.

UK Production Federation
Planning continues for the creation of a Shibboleth Federation covering the UK's higher and further education and research communities. The Blueprint document ˆ which is still available for consultation at http://www.jisc.ac.uk/uploaded_documents/JISC_Fed_doc_full.doc - has produced some useful feedback. If anyone has any further comments, please email them as soon as possible to t.morrow@jisc.ac.uk. The next steps in creating a production federation include drafting the key documents listed in the Blueprint and establishing a WAYF.

Project highlights: supporting e-research Researchers are key stakeholders within the education community, and are strongly represented within JISC by its Support of Research Committee (JSR). Through the work of this committee and the middleware team, JISC has ensured that e-research requirements are being investigated through the Core Middleware Programmes. Current work includes:

For more information about any of these developments please contact Nicole Harris, JISC Programme Manager (n.harris@jisc.ac.uk) or Terry Morrow, JSIC Consultant (t.morrow@jisc.ac.uk).

JISC Officially Announces MATU Award -- Middleware Assisted Take-Up service

More information available here: http://www.jisc.ac.uk/index.cfm?name=pr_shib_110405 and http://www.matu.ac.uk/ .

Eduserv have established a new service with funding from the JISC to support Early Adopters of Shibboleth access management technology in UK higher and further education. We went live on the 13th of April this year.

The MATU Service offers the following to registered users:

For further details please contact MATU by telephone at 01225 474373 or visit our website at http://www.matu.ac.uk

Shibboleth in German Higher Education

The "Authentication, Authorization and Rights Management (AAR)" project is run by the Freiburg and Regensburg university libraries and is funded by the German Federal Ministry of Education and Research. The goal of the project is to implement Shibboleth in German Higher Education. It was started in January 2005, it will run until December 2007.

The Freiburg university library runs the central database service "ReDI" for Baden-Wuerttemberg, a federal state in southern Germany. The service is used by more than 60 sites in southern Germany, it offers access to about 450 databases. In 1998/1999 they developed a (proprietary) distributed authentication and authorization system that is used for ReDI and other library services. Freiburg is mainly responsible for the authentication and authorization part of the project and for convincing and supporting database providers to implement Shibboleth. The Freiburg project team members are: Ato Ruppert (project leader), Bernd Oberknapp, Franck Borel, Jochen Lienhard, Hannah Ullrich.

The Regensburg university library runs the Electronic Journals Library (EZB) . The EZB offers access to about 22500 scientific and academic full text journals, it is used by more that 300 libraries. Regensburg is mainly responsible for the rights management part of the project and for convincing and supporting e-journal providers to implement Shibboleth. The Regensburg team members are: Evelinde Hutzler (project leader), Gerald Schupfner, Stefan Brandl, Petra Schroeder, Josef Kuffer, Martin Scheuplein.

So far they haven't encountered any serious problems while testing and implementing Shibboleth. The first step was to set up a test environment with multiple IdPs? and SPs. Currently they're testing a shibbolized version of ReDI and they're setting up IdPs for all sites that use userid/password authentication for ReDI?. They expect the new version to go into production in mid July using Shibboleth 1.2 and will switch to 1.3 as soon as possible. The next step will be to shibbolize other (library) services, in particular "vascoda" , the central internet portal for scientific and scholarly information in Germany. In early 2006 they'll start supporting other universities in implementing Shibboleth.

For more information please see http://aar.ub.uni-freiburg.de/
(English version coming soon)


Perseus June Update

Highlights of the June informal update report from the PERSEUS (Portal-Enabled Resources via Shibbolized End-User Security) Project. The full project update can be dowloaded as an MS Word file from Perseus DSpace.

Finland: Haka Federation Update

In Finland, Haka Federation, the federation for Finnish higher education, was formed in May, when the first five institutions signed the federation agreement.

The federation became operational yesterday, as the first three identity providers and three service providers were upgraded from the pilot federation to the production federation. The Haka pilot federation has been running for technical testing purposes since 12/2003.

More information http://www.csc.fi/suomi/funet/middleware/english/index.phtml

Contacts: Mikael Linden, CSC the Finnish IT Center for Science, mikael.linden@csc.fi

US Partner Information


E-Authentication Update

The Shibboleth System is currently undergoing certification testing by the US Federal E-Authentication Initiative (http://www.cio.gov/eauthentication/). When this testing process is complete, campuses would be able to use the Shibboleth System to provide their faculty, students, and staff with Shibboleth-enabled access to web applications offered by Federal agencies. OMB is currently requirg 30 separate federal agencies to offer at least one outward-facing E-Authn-enabled applicaiton by Sept, 2005. A joint Federal-Internet2 Working Group is currently exploring inter-federation interoperability between the Federal Federation and the InCommon Higher Ed Federation. If successful, this would allow community members at InCommon member institutions to access the Federal applications.

UT System Bringing Shibboleth-Enabled Benefits Selection Application Online

Beginning July 2005, the University of Texas System will create and pilot a federated version of the U.T. System Administration Office of Employee Group Insurance (EGI) benefits annual enrollment application - UTTouch - using the Shibboleth software and the U.T. System Identity Management Federation. The Shibboleth version will allow employees and retirees to simply login to their home institution's identity provider (server) and let Shibboleth send appropriate attributes to UTTouch. In addition, the Shibboleth version of UTTouch will provide new and current employees and retirees year-round access to UTTouch to make their initial insurance selections or view their current coverage respectively. While the pilot will only be available to a small subset of the intended audience, this application will eventually be rolled out to an audience of over 80,000 benefit eligible employees and retirees of the U.T. System.

EGI manages the insurance benefits of all employees and retirees of the U.T. System. Every summer, prior to the beginning of the fiscal year, EGI allows all employees and retirees to participate in the benefits annual open enrollment to select and/or update their insurance coverage and Flexible Reimbursement Accounts for the upcoming fiscal year via UTTouch. This application currently requires employees and retirees from all U.T. institutions to login to the application using their social security number or a unique ID created by one U.T. institution but not readily accessible to all of the employees and retirees using UTTouch.

The Shibboleth version of UTTouch is U.T. System's first large-scale, system-wide deployment of a federated application using Shibboleth and is expected to make great strides in the elimination of the use of Social Security Numbers as credentials, simplifying application administration, and greatly enhancing user experience.

This project was partially funded by NSF through NMI-EDIT's Extending the Reach Project.

GridShib: Shibboleth Attribute-based Access Control for Grids

GridShib is an NSF Middleware Initiative (NMI) funded project to allow interoperability between the Globus Toolkit (v4.0) and Shibboleth (v1.3). A joint effort of the National Center for Supercomputing Applications, Argonne National Laboratory, the University of Chicago, with significant contributions from Internet2, the goal of the project is to leverage Shibboleth deployments to provide access control based on user attributes for the Globus Toolkit.

A beta version of the GridShib software is scheduled to be released shortly after the Shibboleth 1.3 release in the summer of 2005. Parties interested in testing or using GridShib may see the URL below for more information and feel free to contact any of the project members.

http://grid.ncsa.uiuc.edu/GridShib/

Service Provider Updates

OCLC

OCLC is pleased to announce that Shibboleth-enabled access to its FirstSearch service is now available. Using Shibboleth-enabled access simplifies management of access permissions for both the campus and for OCLC, and obviates the need for channeling off-campus users through a local proxy server. In addition, OCLC is a member of the InCommon Federation. Any institution interested in learning more about the Shibboleth-enabled access to FirstSearch should send mail to shibboleth@oclc.org . OCLC is looking forward to hearing from campuses interested in exploring this new feature.

Note that Mike Teets from OCLC participated in the vendor panel during the Shibboleth Workshop at the ecent ALA meeting in Chicago, and that OCLC and Mike Teets were featured in the Showcase panel on the Internet2 home page during the week of July 25.

Thomson/Gale Group

Thomson/Gale Group has been working to add Shibboleth support to their online information service. The project has progressed to the point where they are looking for campuses interested in participating in a pilot project to test and evaluate the Shibboleth implementation. Interested campuses should contact Gary.Ross@thomson.com.

BlackBoard includes Shib support in product release

BB6 w/ App Pack 1 introduces Shibboleth, versions 1.1 - 1.3, support in to the Blackboard Learning System. This enables members of organizations external to a university to participate in the rich collaboration enviornment offered by the university's learning system. Shibboleth support does not currently work with portal direct entry.

Ex Libris update

Ex Libris has begun a pilot project with Duke University. Ex Libris has added Shibboleth-support to their PDS component -- an Authentication "hub" for all Ex Libris products that require end-user authentication and authorization. Product that use PDS include ALEPH - a library catalog, Digitool - a digital repository application, and Metalib - the library portal and metasearch product. Integrating PDS with Shib should Shibboleth-enable all of the above products. The first priority (and therefore the focus of the testing at Duke) is with Metalib. Once the Duke Metalib field test completes successfully, they would like to explore oe complex configurations (eg in consortia environments where different Shib configurations may happen -- ie several IdPs, or a hybrid mix of shib-ed and non shib-ed institutions, etc). They will also move on to testing the other products (using the same PDS + Shibboleth component).

Elsevier ScienceDirect update

In July, Elsevier ScienceDirect deployed their second generation Shibboleth implementation. The new implementation allows the Science Direct service to be a member of multiple Federations. Science Direct is already a member of InCommon, the U.S. Higher Education Federation. With this new release, Science Direct should be able to become a Service Provider within the growing number of European Federations, and the Australian Federation.

Shibboleth Enabled Applications and Services (SEAS)

Recent additions to the Shibboleth Enabled Applications and Services (SEAS) page include Moodle, Illias, Serials Solutions, Inc., and Digitalbrain PLC.

Recent/Upcoming Meetings and Presentations

Shibboleth at ALA/LITA preconference

The Library and Information Association (LITA), a branch of the American Library Association (ALA), sponsored a "Implementing and Integrating Shibboleth" preconference June 24, 2005 in Chicago, IL. The purpose of the preconference was to provide guidance for implementation and integration of Shibboleth into information resource management infrastructures. Two Service Providers (SPs), Elsevier/Science Direct and EZProxy, explained how their services integrate with Shibboleth. Presenters included: Keith Hazelton, Internet2/U of Wisconsin-Madison; Mike Neuman, Georgetown University; Chris Shillum, Elsevier/Science Direct; and Chris Zagar, Useful Utilities/EZProxy

There is a good report of the workshop available online at the LITA blog.

Burton Group Catalyst Conference Interop Demo

The Shibboleth System was invited to participate in the multi-protocol federated identity interoperability demonstration hosted by Burton Group at its Catalyst Conference North America 2005. The demonstration took place Wednesday, July 13 at the Manchester Grand Hyatt, San Diego from 6:00 - 9:30 p.m. According to Burton Group, the event is the first demonstration to prove that multiple federated identity protocols and standards can coexist. Scott Cantor was testing the Shibboleth software against products offered by commercial vendors; Shibboleth was the only Open Source solution invited to participate. Using the SAML 1.1 protocol, Shibboleth successfully interoperated with products from Trustgenix, Sun, BMC, CA (Netegrity), HP and Datapower.
For more information...

Articles about the Interop fest can be found at:
http://www.burtongroupblogs.com/jamielewis/
http://www.networkworld.com/news/2005/071805-identity.html?fsrc=rss-security

Texas SP Install Fest

The University of Texas Systems Office recently sponsored a "Shibboleth Service Provider Installation Fest". 25 people representing 12 of 16 UT institutions attended the event. Overall reaction from attendees was very positive. By the endof the event, everyone had a working "application" running and "shibboleth-enabled". The Workshop Contents can be found at https://idm.utsystem.edu/SPfest/toc.html . Institutions came to the event with a variety of goals: one was eager to Shibboleth-enable their WebCT, another their Blackboard system. UT System Administration has identified 2 system-wide applications that are ideal candidates for Shibboleth.

Mark Your Calendar

Misc Shibboleth info...

Shibboleth at My De.licio.us

Join us in participating in social bookmarking experiment at My De.licio.us. Here's link to Shibboleth tags: http://del.icio.us/tags/shibboleth

Shibboleth the rock band?

Shibboleth -- its not just about Federation! If you need to lighten up any Shibboleth-related presentation you may be giving, consider visiting: http://goshibbolethgo.com/. In addition, they may be available for your next party!  

Shibboleth® is a registered trademark of Internet2.