Re: [school-discuss] UK schools trial open source access control

[Matt Hyclak <hyclak@xxxxxxxxxxxxxx>]

On Fri, Feb 04, 2005 at 07:53:24AM -0500, Doug Loss enlightened us:
> Does anyone here know anything about Shibboleth?   
> http://shibboleth.internet2.edu/
> 
> http://news.zdnet.co.uk/software/applications/0,39020384,39186371,00.htm

I don't know much more than what the article states, but the basic idea is
this:

You are a student/faculty/staff member at Institution A. Institution B has
an online resource that you would like to access (journal subscription, etc.).

Both institutions must configure Shibboleth and can add each other to a
trust list, granting access to resources. 

You identify yourself to Institution A through whatever method they use
(Active Directory, Kerberos, etc.) and Institution verifies your identity.
You can then try to access the resource at Institution B at which point
Institution A will pass along some sort of token verifying to B that you are
in fact who you say you are. If Institution A is in the approved list at
Institution B for that resource, you are granted access.

This has the following advantage:
* No need for an account for you at Institution B
* No need to pass actual usernames or passwords accross the Wild Wooly
    Internet
* Schools can consolidate resources by not having to purchase multiple
    subscriptions, etc.

Does that help? I'm certainly not an expert and have barely heard of what
Shibboleth is, but had it explained to me by the manager of the group at
Ohio University that is implementing it.
    
Matt

-- 
Matt Hyclak
Department of Mathematics 
Department of Social Work
Ohio University
(740) 593-1263