Shibboleth provides two types of value:
- Relief from multiple passwords and signons, along with the resulting improvements in security
- Protection against unnecessary disclosure of personal attributes, resulting in preservation of privacy
Consider a typical graduate student and the activities they do:
| Activity | How it is done today | Problems with current approach | What Shibboleth could do |
| Accessing digital library resources from off-campus | Proxy servers, shared passwords or no service | Proxy servers hard to maintain
IP address-based restrictions easily compromised Privacy can be compromised if identity is inappropriately passed to library |
Permits access directly to content without campus
proxy server
Requires campus authentication, though identity is not passed to library Be used by libraries for new licensing approaches to content |
| Using distance education courseware or using external grading services | Additional username/passwords | New accounts
Users frequently set external passwords to be same as internal; significant security exposures External agencies are limited in verification options |
Use local campus authentication and have campus
pass appropriate identifier passed to courseware or service
Requires remote resources to trust campus enrollment/authentication |
| Accessing a research web site at another university or managing a shared polar instrument | Group class accounts or new remote individual accounts | New accounts for users
Shared passwords represent security and audit concerns |
Enables use of local campus account
Permits role-based access Requires active privacy management by user |
| Accessing a co-taught class web site at another university | Group class accounts or new remote individual accounts | For users, too many accounts
Individual accounts could compromise privacy High management overhead from account management |
Permits use of campus account
Preserves privacy Target management may be done by content owners Users may be required to approve attribute release |
For additional information tailored to specific audiences, refer to the Info Centers.
