Table of Contents

For information, please contact shib-info@internet2.edu

Project Information

Design Effort for Shibboleth 2.0 Has Begun

The current release of Shibboleth (v1.3) implements a profile of the OASIS SAML v1.1 specification. (A Shibboleth extension implements the US Federal E-Authentication profile, which is based on SAML v1.0.) In early 2005, OASIS promulgated SAML v2.0. This new version of the specification addresses several issues that were postponed during the initial work because --basically -- they are hard problems (e.g. logout in a federated environment). It also incorporates extensions to the SAML v1.0 specification that were developed by other projects (notably Shibboleth and the Liberty Alliance). The Shibboleth team has begun work on Shibboleth v2.0, which will add support for the new version of the specification.

A significant amount of information about the OpenSAML 2.0 implementation is already available here on the Shibboleth Wiki.

As part of the Shibboleth 2.0 effort, Scott Cantor recently published a profile describing an approach to Constrained Delegation. This document proposes an approach allowing the delegated use of SAML credentials in n-tier scenarios. Portals, for instance, could use the approach described in this profile to pass the SAML Attributes describing a browser user to a backend service; the proposed approach allows the user to control what is passed to the backend service. Discussion of this approach is occurring here.

Shibboleth Profile documents finalized

The Shibboleth Protocols and Profiles document has been published in PDF and Open Office formats. The specification defines the general architecture, protocols, and message formats that make up the Shibboleth web single sign-on and attribute exchange mechanism, which is built on the OASIS SAML 1.1 specification. Readers will need to be familiar with that specification before reading this document. Multiple implementations of Shibboleth are now available; compliant implementations MUST behave according to the Shibboleth profile.

Please submit comments to the shibboleth-dev mailing list (see http://shibboleth.internet2.edu/ for subscription details).

New ECAR/Burton Study Analyzes Federated Identity Management

[Federating a Distributed World: Asserting Next-Generation Identity Standards Mike Neuenschwander and Dan Blum, 34 pages

Prepared by Burton Group, an ECAR partner, this research report is available to Educause/ECAR subscribers through special arrangement. In the last few years, federated identity management—the agreements, standards, and technologies that make identity and entitlements portable across autonomous domains—has become a topic of significant interest for higher education. This Burton Group research discusses federation standards and products, which are sufficiently mature that early adopters have successfully deployed federated sign-on environments. Standards groups are extending federation protocols into more complex scenarios, such as cross-domain authorization, provisioning, and service delivery.

This report includes Shibboleth among the systems and standards that it discusses.

Shibboleth Interoperating with Microsoft Active Directory Federated Services

Microsoft has contributed funding to enable the Shibboleth team to develop extensions to the Shibboleth 1.3 code base to interoperate with their recently announced Active Directory Federation Services (ADFS) product, which is included in the Windows 2003 R2 refresh.
... more information about Shib ADFS

The Shibboleth Project is providing plug-ins to its open source Shibboleth System 1.3 release of SAML 1.1 Identity Provider and Service Provider software that enables interoperability between deployments of the Shibboleth System software, Microsoft Active Directory Federation Services, and other compliant implementations of the WS-Federation profile that it supports. Pre-release code will available by early December 2005 with final availability following general availability of Microsoft Windows Server 2003 R2, and appropriate testing of the interoperability support.

Shibboleth Identity Providers, which run on the portable Java runtime platform, will support the issuance of industry-standard SAML assertions containing standard ADFS and custom claims usable by ADFS Federation Servers and claims-aware applications alongside existing support for SAML/Shibboleth-compliant Service Providers.

Shibboleth Service Providers, which run on all mainstream web server and operating system platforms including Apache 1.3 and 2.0, will accept SAML assertions issued by ADFS Federation Servers alongside existing support for SAML/Shibboleth-compliant Identity Providers, allowing unified access to web resources regardless of the federation protocol used.

A beta version of the Shibboleth support will be available in early December, and it will have been tested with RC1 of the Windows Server 2003 R2. A final version will be available after the Windows 20003 R2 product is available, and after suitable testing of the Shibboleth interoperability code with the final R2 product version. Sites interested in working with the Shibboleth beta are encouraged to contact Don Schmidt <donsch@windows.microsoft.com>

A press release describing this effort is available here.

Shibboleth Wiki

If you are looking for information about Shibboleth and it's development, keep in mind the Shibboleth Wiki hosted at Ohio State University. It's a community-maintained repository; currently, more than 60 contributors from four continents help to maintain the content. The Wiki currently contains information related to deployment, configuration, and production questions. Much of the Wiki content supplements the information available in the deploy guides.

In addition, the design of next version of Shibboleth is being discussed on the Wiki ( e.g. ADFS, OpenSAML 2.0 )

Recent Additions available in Shibboleth v1.3b

A cross-platform (any web server) plugin that allows AccessControl to be applied by attaching XML-based rules directly within the XML-based RequestMap syntax in Shibboleth.xml. The plugin was added in release 1.3b of the ServiceProvider software. Documentation is available here on the Shibboleth Wiki.

The syntax for the Path element (used with the RequestMap element, within the Sp configuration file) has been extended. Previously, administrators could only specify a single "level" with each Path element, and had to nest multiple Path elements to describe a path spanning multiple levels of a file system hierarchy. Now, multiple levels can be specified with a single Path element.

These additions are available in the recent Shibboleth point release of the Service Provider -- v1.3b.

The SDSS project, based at the EDINA Data Center at Edinburgh University, has contributed a new implementation of the WAYF service. A description is available here on the Shibboleth Wiki. This new implementation is available in the Shibboleth CVS, but has not yet been packaged with any of the release bundles.

Related Projects

Shibboleth-enabled uPortal

The JISC-funded SPIE Project at Oxford University in the United Kingdom recently announced the availability of 'glue' code to Shibboleth-enable uPortal.

A demo is available here.

Please login using demo/demo against the SPIE LDAP IdP (the other IdPs use the Oxford University WebAuth SSO System). Within the uPortal authenticated session you will be able to see the attributes obtained via Shibboleth in the 'Person Attributes' Portlet. The attributes leave the Portal Framework level, and are available to Portlets.

This glue is based on a SPIE Working Package to make uPortal Shibboleth-aware. The project started by trying to 'Shibbolise' JSPWiki which uses Servlet Container-based authN/authZ). This proved to be more difficult to do than to 'Shibbolise' uPortal or CAS Server, which use Application-based authN/authZ. uPortal took half a day to 'Shibolise' and CAS Server less than one hour. It's worth mentioning that integration with uPortal is done via a ShibbolethSecurityContext, the standard way to provide a security AuthN handler for uPortal (version 2.5.x). An equivalent approach was followed to Shibboleth-enable CAS Server (version 2.0.12).

This code is already available in the project CVS (info via SPIE's Wiki, http://spie.oucs.ox.ac.uk/). This is early beta code and expect it to change very often. The JSPWiki, uPortal and CAS integration code (glue) will also soon be available in the JASIG Clearinghouse. Documentation how to use this code will also be available from the SPIE Wiki over the next weeks. (Note: there seems to be some problems to access the code via Anonymous CVS (thanks to the Australian MAMS Project for discovering this. This will be fixed soon).

Information about the mechanism is available in the recent presentation at the JA-SIG UK Meeting. This presentation and other presentations on related subjects are available at:

http://spie.oucs.ox.ac.uk/Wiki.jsp?page=Presentations

In this Wiki, Shibboleth is only triggered when trying to access the Wiki in a non read-only mode, e.g. Edit, Delete, Attach. There is also mechanisms to protect some pages for Viewing, based on a mapping between the attributes obtained via Shibboleth and the Wiki ACLs.

Service Provider Updates

Elsevier / Science Direct

Ale de Vries presented a high-level overview of Elsevier's Shibboleth implementation, with a special emphasis on support for multiple federations, and how Elsevier views Shibboleth from a functional and strategic point of view.

For more information check out two resources:

Speakers / Abstracts Includes links to presentations.

Angel Learning Management System (LMS)

Pennsylvania State University is currently using a Shibboleth-enabled version of the Angel Learning Management System.

Shibboleth Integration with the JANET Video Conferencing Booking System

UKERNA has been working with the University of Edinburgh to determine the feasibility of integrating Shibboleth with the JANET Videoconferencing Booking System.

All phases of this project are now complete and work is likely to begin on the integration in the near future. Updates on progress will be posted on the following page http://www.ja.net/development/aa/shib/

A Technical Evaluation of integrating Shibboleth with the Booking System has been produced and is now available online at http://www.ja.net/development/aa/shib/technical-evaluation-final.pdf It should be noted that this is a highly technical document focusing on the specifics of Shibboleth and the JANET Videoconferencing Booking System.

A Feasibility Report produced by the University of Edinburgh is available online at http://www.ja.net/development/aa/shib/feasibility-report-v32.pdf It states that significant benefits are offered by Shibboleth with minimal re-engineering of the existing booking system.

Campus Profiles

The OhioLink Digital Resource Commons

Shibboleth will be an important part of the OhioLINK Digital Resource Commons (DRC) one project of the Ohio Digital Commons for Education (ODCE). It will provide the access management environment for research and education repositories and course management systems for OhioLINK members and other Ohio institutions. (http://drc-dev.ohiolink.edu/wiki)

Shibboleth will enable flexible, "multi-tiered security levels (that) can be defined, allowing content (or particular derivatives of content) to be shared only to the extent desired. Planned access options include: worldwide, OhioLINK members, single institution, department, course/section, workgroup, and peer disciplines. The latter could be used, for instance, to make content available to all of the anthropology students in the state. The DRC can be configured to allow authors as well as community editors/moderators to define the access rights to repository objects." (http://drc-dev.ohiolink.edu/wiki/ExecutiveSummary)

University of Missouri System

The Advanced Computing Group has been using Shibboleth for some time. They have several applications that are used by researchers from other universities, and have been using Shibboleth to control access to the resources used in their research.

More recently, the central IT services for the Columbia Campus have been investigating Shibboleth as an SSO solution for intra-campus web applications. They are evaluating its use for protecting both centrally-provided web-based applications as well as departmentally managed web resources. Many of the departments would be happy to turn over responsibility for user authentication to the central IT group and concentrate on developing their applications. Missouri has also been working with a company called CDIGIX to provide streaming and download of music for students. Both the Columbia and Rolla campuses are working on that project.

In addition, the University System level IT has also shown great interest in Shibboleth for the same reasons. They are in the process of testing Shibboleth to replace their home grown authentication and authorization components for several applications in support of the PeopleSoft implementation.

Because of the interest in Shibboleth from across the system, Missouri has implemented an IDP at the UM System level. They are using an Active Directory and the data warehouse that store their HR and Student records for the Columbia and Rolla campuses as their Attribute Repository. They will be using the eduPerson object class as well as some custom attributes. All four campuses statewide will be able to take advantage of Shibboleth. Several internal applications have already been migrated to Shibboleth. The CDIGIX project will introduce Shibboleth to the general campus communities. In addition, the Library System is expressing interest in Shibboleth, and will likely be involved with future projects.

HAM-TMC library Update

The Houston Academy of Medicine-Texas Medical Center Library has decided to move forward with plans to migrate to a production Shibboleth based proxy service for the web based distribution of digital content. The HAM-TMC Library is somewhat unique in higher education in that it is operated independently as a shared resource for more than 44 separate institutions located in and around the Houston based Texas Medical Center. Some of the larger institutions supporting the library are Baylor College of Medicine, The University of Texas Health Science Center at Houston, The University of Houston and The University of Texas MD Anderson Cancer Center. All of these campuses have started or completed implementations of Shibboleth Identity Provider Services that would allow them to use their institutional credentials to access library resources. Previously, the library was bound to issuing credentials for all of its patrons which quickly grew out of scale for its support staff as well as presenting many security and accounting issues.

The Library has joined InCommon and will be installing production equipment after the new year to begin the migration process to Shibboleth. The current system will continue to work and will be phases out as institutional users of library resources are migrated to the new system. Dr. Elizabeth Eaton, Executive Director of the library gave the thumbs up to proceed to production after a demonstration of the Shibboleth capabilities this summer. Chris Young, Associate Director of Information Technology for the library stated, "Having the central authentication services of our top four supported institutions available for authentication and Directories for account and attribute management relieves us from the unnecessary data entry of user data, discourages users from sharing their passwords, and leaves an anonymous audit trail that our vendors accept as valid credentials. User’s are discouraged from sharing their passwords because it is no longer just their library resources that they are putting at risk, they are giving out their enterprise identity."

The Library Shibboleth project was piloted under the NMI-EDIT Extending the Reach Grant. Technical information regarding that case study can be located at the following URL, https://is.rice.edu/~bribbeck/Projects/NMI/NMI-EDITHAM-TMCCaseStudy.html.

Pennsylvania State University

In November 2005, students in Southampton's and Leeds' joint Master of Science in GIS program were able to enroll in the Penn State course GEOG 485: GIS Programming and Customization. This consortia of distance education providers is encouraged by the WorldWide University Network. Shibboleth is providing the identity and access management infrastructure to authenticate students. The course material is delivered using the Shibboleth-enabled version of the Penn State course management system, ANGEL. This project is part of the DialogPlus work that is NSF/JISC funded.

US Partners

eAuthN

An extension to the Shibboleth v1.3 IdP release has successfully undergone certification testing by the US Federal EAuthentication Laboratories, and is now certified for use by campuses that are participating in the US Federal EAuthentication Federation. Thirty Federal agencies are each required to provide at least one externally facing web-based EAuthentication-enabled application by January 1 2006, and a second application by September 30, 2006. The NSF FasLane grants management application is expected to be one of the first available applications. Campuses that are members of the Federal Federation could use their Shibboleth implementation to provide login credentials to FastLane and other applications for their community members.

NMI Integration Testbed Identity and Access Management Case Study Series

"Shibboleth and Pubcookie at USC-Authentication and Authorization for All," is one of a series of case studies recently announced by the Southeastern Universities Research Association (SURA) as part of their NMI Integration Testbed Program. The USC case study briefly describes rationale for using Shibboleth and how it has been applied for access to the ARL Scholar's portal, the Blackboard learning management system, Napster, and the USC's Portal. The report is online at http://www1.sura.org/3000/USC-ShibPubc.pdf

GridShib

GridShib is an NSF Middleware Initiative-funded project to allow interoperability between the Globus Toolkit v4.0 (GT4) and Shibboleth v1.3. A joint effort of the National Center for Supercomputing Applications, Argonne National Laboratory, and the University of Chicago, with significant contributions from Internet2 and the Shibboleth project, the goal of the GridShib project is to leverage Shibboleth deployments to provide attribute-based access control for the Globus Toolkit.

A beta version of the GridShib software is available on the GridShib website (http://gridshib.globus.org/). This software consists of two components, a plugin for Shibboleth 1.3 and a plugin for GT4. These plugins allow GT4 to query, obtain and make access control decisions based on Shibboleth-issued attributes.

Future GridShib work is focusing on reducing the barriers to leveraging campus infrastructure for deploying Grid-based virtual organizations. In collaboration with the MyProxy project (http://myproxy.ncsa.uiuc.edu/), we will integrate current GridShib functionality with MyProxy's ability to authenticate users utilizing local authentication systems and to issue users X509 credentials. This will allow users at a site to access Grid resources with both identity and attribute-based access control, without the overhead of enrolling those users in a traditional X509 public key infrastructure.

More details of current and future GridShib work can be found in our paper submitted to PKI '06: http://grid.ncsa.uiuc.edu/papers/gridshib-pki06-draft.pdf

LionShare

Penn State has launched an open source Peer-to-Peer (P2P) technology designed to foster academic and scientific collaboration through its ability to quickly and securely exchange files of all types and sizes between researchers and educators. LionShare is a new technology designed to promote responsible academic and research-oriented file sharing on a secure and private P2P network.

LionShare's security architecture includes the use of Shibboleth for authorization. Standard Shibboleth only supports using a web browser to access protected web-based resources. LionShare is a desktop client, and uses a P2P protocol rather than the web's HTTP protocol. The LionShare team, however, developed a profile of Shibboleth that allows a LionShare client to obtain Attribute Assertions from the local Shibboleth IdP, present them to a LionShare peer holding an access controlled resource, and "prove" that the Assertions refer to it (and are not stolen).

Developers released the 1.0 version of LionShare at the Internet2 Member meeting Sept. 20 in Philadelphia. LionShare 1.0 is the culmination of two years of Mellon-funded research and development by Penn State, Internet2 and Simon Fraser University in Canada.

LionShare technology will allow universities worldwide to collaborate directly through an authenticated P2P network by sharing files for academic and scientific purposes, according to Michael Halm, LionShare project director at Penn State.

"Our desire is to securely connect faculty, researchers and students to each other through a closed network that will allow sharing of photos, research, class materials, personal collections and other types of materials that typically aren't accessible using current technology," Halm said. "LionShare's P2P technology also optimizes bandwidth consumption which makes it ideal for sharing extremely large files," he added. "Faculty from many different disciplines, such as oceanography, meteorology, agriculture, arts and architecture, as well as other areas, can share and exchange large files such as motion video, data and images to their peers in a matter of minutes."

In addition, faculty and students can benefit from the software's organizational tools including automatic "metadata" creation features that assist in storing and quick retrieval of file contents, and other LionShare capabilities that allow users to search multiple external academic databases such as Open Knowledge Initiative and EduSource Communications Layers repositories. LionShare technology also has implemented secure collaboration (IM/Chat) based on an individual's digital identity.

There has been considerable interest in LionShare abroad. The SPIRES projects at Oxford University, funded by a grant from the Joint Information System Committee (JISC) is developing a UK LionShare testbed to explore use of the P2P network in the UK. Additionally, the ProLearn project, funded by an EU grant, is collaborating on the development of some software tools for search, retrieval and publishing that might be of potential value for the academic community.

For more information on LionShare, please see their website here or contact project director, Mike Halm at mjh@psu.edu.

International Partners

BECTA (UK)

Becta's [http://www.becta.org.uk] recent Shibboleth pilots have shown that Shibboleth-compliant technology will work within the complexity of the school sector (K12) and external evaluation has also stated that it is scalable for a national solution.

Becta has released a report summarizing the two pilots and recommending that Shibboleth be adopted as the mechanism for secure access to online content for the schools sector [http://www.becta.org.uk/schools/techstandards].

A national implementation roadmap has just been published outlining key milestones for the roll out of Shibboleth within the school sector.

To support this work, Becta is establishing two groups:

* A Steering Group of key stakeholders to define the federation's formal constitution, aims, structure and policy and to address any associated matters. * A Technical Standards Working Group (TSWG) consisting of representatives from all stakeholder groups to develop agreed technical specifications and standards.

Preliminary work is also underway to begin an EU-compliant procurement for an organization to run the core Federation Services. Depending on confirmation of central funding and a successful procurement, the aim is for a national school federation to go live in September 2006.

Due to the differences between the school and HE/FE sectors in the UK, Becta and JISC have agreed to keep in touch with each other's Shibboleth projects, but that it is currently more practical to build separate school and HE/FE federations. Where possible, however, Becta and JISC will use common standards in such areas as attribute specifications and data formats and JISC will be represented on both of Becta's groups.

More information on Becta's work can be found at http://www.becta.org.uk/schools/techstandards.

The first Shibboleth steps in Belgian Higher Education

Currently there are 2 AAI (Authentication and Authorization Infrastructure) projects in Belgium. One is based at the university K.U.Leuven (http://www.kuleuven.be/english/ 30000 students); the other one is associated with the Association K.U.Leuven (http://associatie.kuleuven.be/eng/ 80000 students), an association of thirteen institutions of higher education in Flanders, Belgium.

The projects originated from the need for inter-institutional collaboration and resource sharing, especially in finding a proper way for controlling access to ICT applications in a federated manner. A study was conducted and Shibboleth was selected for web applications. In addition other Authentication and Authorizations Infrastructures were installed (Kerberos/Radius) to provide solutions for applications which are currently very difficult to shibbolize. One of the main goals of these AAI's is to prevent the password from passing to the application. This enhances security as it is more difficult for application administrators to capture and misuse user passwords

To fulfill both the needs of the university and its collaboration in the Association K.U.Leuven 2 federations were setup. The KULeuven federation for applications within the university and the KULassoc federation for Association K.U.Leuven. In July 2005 the K.U.Leuven had a production IdP running in fail over mode and since September the university started enabling all central and decentrally-managed web applications. The goal is to shibbolize all of them before April 2006.

A pilot phase is established for the Association with K.U.Leuven and 3 other institutions of Higher Education, Ehsal (http://www.ehsal.be/index.asp?language=E), GroepT (http://www.groept.be/index2_en.htm) and Lessius (http://www.lessius-ho.be/relint). Every institution of the Association engaged itself to provide a production IdP before the beginning of the next academic year (September 2006). From then on the first inter-institutional applications will be in production. One of the pilot applications is the e-learning environment Toledo (http://toledo.kuleuven.be) which is currently used by several institutions in the Association. It uses a Blackboard environment where authentication is already federated by means of LDAP authentication to the LDAP server of the users home organization. In May 2005 a test setup was deployed where both Shibboleth and the LDAP based access were possible. Furthermore K.U.Leuven is investigating whether web access to the ERP system SAP is Shibbolizable. The good thing is SAP seems to speak SAML.

Beside this, K.U.Leuven is implementing a test federation within the Victorious project (http://www.coimbra-group.be/12_victorious.htm) of the Coimbra Group of universities (http://www.coimbra-group.be/) with the University of Bristol as a partner.

More information can be found on http://ludit.kuleuven.be/aai

UK -- Perseus Project (Oct 2005 Update)

Highlights from the October informal update report from the PERSEUS Project. The full report is available as a MS Word document.

Details about the Athens-Shibboleth Gateway implementation at the London School of Economics

Upcoming Perseus dissemination activities include presentations by John Paschoud, Masha Garibyan, and Simon McLeish at various events including TERENA EuroCAMP in Portugal and the Online Information Exhibition in London.

Perseus project has been contacted by a representative of the UK National Health Service about their possible adoption of Shibboleth.

Denmark

Shibboleth has been a major part of recent events in Denmark. Danish universities and research libraries are presently in the process of creating a national infrastructure on identity and rights management. The process is well under way as represented by presentations at recent conferences.

Shibboleth was presented at the Building the Info Grid: Digital Library Technologies and Services - Trends and Perspectives in Copenhagen, Denmark, September 26-27. (see: http://seminar.deff.dk/index.php) Peter Brantley, California Digital Library spoke about Internet2 and Shibboleth (see: http://seminar.deff.dk/presentations/brantley2.pdf) And Arne Sorensen, Danish Electronic Research Library presented on Identity and Rights Management. (see: http://seminar.deff.dk/presentations/soerensen.pdf)

On November 4 a meeting including important decision makers from 3 Danish Ministries was held at the Royal Library in Copenhagen During his presentation, Ken Klingenstein acted in the role of a devils advocate for the proposal of forming the DK-AAI, which is a proposed Danish organization similar to InCommon in the US. The conference went very well and in November 2005 financing was established to create the formal organization and the first working groups on legal aspects and on semantics.

In a parallel session at the November 4th meeting, Nate Klingenstein led a workshop on Shibboleth. The workshop had of about 30 technical oriented participants, many who are already working with Shibboleth.

TERENA -- EuroMiddleware CAMP

TERENA EuroCAMP, Nov 7-9 focused on three major themes: Identity Management, federated access to (web) applications, and federated access to the network. Most of the presentations referenced below can be found on the EuroCAMP programme page at http://www.terena.nl/tech/eurocamp/nov05/programme.html

Day one began with introductions to the general identity management landscape and presentations on implementations of directories and meta-directories. The afternoon sessions dealt with using directories to store public key systems and infrastructures and an overview of user management and identity management as implemented in the FEIDE project at UNINETT.

Day two began with a look at general identity management (IdM) with a review of systems that are currently available. Next was a presentation about Single-Sign-On (SSO) authentication systems. Ken Klingenstein introduced Shibboleth and federations. The afternoon begin with exploring practical experiences of case studies from Thomas Lenggenhager, SWITCH; John Paschoud, LSE; and Ueli Kienholz. Then Nate Klingenstein, John Paschoud, Thomas Lenggenhager, and Bart Kerver led the participants through an intensive mini-course on Shibboleth plumbing, installation and configuration. The day ended with a Birds of a Feather session on Campus Policy and Federations.

Day three focused on federated access to the network. This was kicked off with an introduction and overview of network access security. Then followed with an introduction, current status, and future of Eduroam project. After learning about how to join Eduroam the participants heard a case study about Eduroam deployment in Portugal.

In the surveys returned by participants, the Shibboleth track session and the Shibboleth workshop got 65% of the votes for "most interesting session".

If you see any topics in the summaries above, remember, you can find links to presentations by the speakers at http://www.terena.nl/tech/eurocamp/nov05/programme.html.

Upcoming Meetings and Events

Save the Date for the Next CAMP!

CAMP: Leveraging Campus Authentication Across Boundaries will be held on February 8-10 in Tempe, Arizona. The program will offer an overall understanding of the role, methods, and implementation considerations of authentication to support increasingly complex inter-campus (and, in some cases, intra-campus) electronic relationships. The program will include both management and technical tracks and case studies. Check www.nmi-edit.org in mid-November for more details.

NOTE WELL: All Internet2 Activities are governed by the Internet2 Intellectual Property Framework.

Shibboleth® is a registered trademark of Internet2.