Shibboleth Roadmap -- 2005

1
Shibboleth Roadmap -- 2005
2
Sequence

• Shibboleth v1.3
• E-Authentication Certification
• Restructuring of Federations
• The Transition to InCommon
• Negative Trust Federation
• International Federation Peering
• Shibboleth and Grids
• Futures
• WS Interop
• Interim Release Support for Some of SAML 2.0
• Full SAML 2.0 Support

3
Shibboleth v1.3

• Planned Availability -- June 1, 2005
• Major New Functionality
• Full SAML v1.1 support -- BrowserArtifact Profile
  and AttributePush
• Support for SAML-2 metadata schema
• Improved Multi-Federation Support
• Support for the Federal Govts E-authn Profile
• Native Java SP Implementation
• Improved build process

4
E-Authn Certification

• V1.3 has already successfully navigated
  interoperability testing
• Scheduled for Certification Testing the week of
  June 20
• Campuses could then
• Join the E-authn Federation
• Use the Shibboleth software to access e-authn
  enabled federal govt web sites
• More E-authn info available at http//www.cio.gov/
  eauthentication/

5
Restructuring of Federations

• The Transition to InCommon
• InCommon is now Real
• Campuses and Vendors are Transitioning
• May soon see negative incentives for long term
  membership in InQueue
• Negative Trust Federation
• Available for software development, testing
• Self-service application to register
• Expect to see many relatives of Donald Duck as
  members
• International Federation Peering
• Moving forward
• Vendors moving toward supporting multi-federation
  world

6
Shibboleth and Grids

• Shib/SAML is currently web-browser centric
• so doesn't apply to more general protocols
• yet can easily apply to Grid portals
• SAML could carry certs/keys as attributes
• Grid-Shib project
• NSF-funded
• focus on access to campus Attribute Authority to
  provide attributes for Grid service authz
  decisions

7
WS Interop

• Web Services is a big deal
• much practice, much promise, much hype
• great potential for multi-vendor integration
• WS-Security
• base spec is OASIS standard, but only first 5
• many layered specs WS-Policy, -Trust,
  Conversation, -Federation, -Resource, etc
• standard/IPR status not clear
• SAML can be carried as WS-Sec token
• Microsoft federation software uses SAML
  assertions but WS-Fed protocol

8
WS Interop -- Status

• Agreements to build WS-Fed interoperability into
  Shib
• Contracts signed work to begin After Shib v1.3
• WS-Federation Passive Requestor Profile
  Passive Requestor Interoperability Profile
• Discussions broached, by Microsoft, in building
  Shib interoperabilty into WS-Fed no further
  discussions
• Devils in the details
• Can WS-Fed-based SPs work in InCommon without
  having to muck up federation metadata with
  WS-Fed-specifics?
• All the stuff besides WS-Fed in the WS- stack

9
WS Interop -- High Level Goals

• Establish interoperability of the ADFS Identity
  Provider and Service Provider implementations
  (and any other WS-F/PRP/PRIP Provider
  conformant implementations), with the Internet2
  Shibboleth System Identity Provider and Service
  Provider implementations.
• Establish ADFS as a supported option for use for
  Identity Provider and Service Provider
  deployments in the Internet2-operated InCommon
  Federation of US higher-education and partner
  sites.
• Build a strategic relationship with a fully
  deployed and leading edge federation (InCommon)
  and the higher ed academic community.

10
Shibboleth -- Interim Release

• Target Date -- within Calendar 2005
• Include some SAML-2 Functionality
• Rely on feedback from user community to identify
  SAML-2 features which are HI priority
• Discussion started yesterday during WG meeting

11
SAML 2.0 Support

• SAML-2 approved March 2005
• Target Date -- mid-year 2006
• Expect to provide support for ALL REQUIRED SAML-2
  functionality
• Who wants to help?

12
(No Transcript)