Information Technology Reference
In-Depth Information
technological solutions as much as possible from the end user and ideally
are aligned with the way in which researchers themselves wish to access
distributed and heterogeneous resources. The Internet2 Shibboleth tech-
nology [3] is currently being rolled out across UK academia and provides
the opportunity for such hiding of authorization technology from end
users while providing a common way in which resources can be accessed
and used more generally.
12.4
With the Shibboleth model of resource access, sites are expected to trust
remote security infrastructures; for example, in establishing the identity
of users (authentication) and their associated privileges (authorization). To
support this, the Shibboleth architecture and associated protocols identify
several key components that should be supported including federations,
identity providers, service providers, and optionally “where are you
from?” (WAYF) services. Through these components, end users have sin-
gle usernames and passwords from their home institutions (which they
are more familiar with than PKIs!), which will provide for seamless access
to a range of resources at collaborating institutions and service providers.
Local security policies at service provider sites can then be used to restrict
(authorize) what resources authenticated users are allowed access to. To
support this, federations are established, which are used to agree on and
enforce common policies and technical standards to provide a common
infrastructure for managing access to resources and services in a uniform
way. Numerous international Shibboleth-based federations exist, includ-
ing InCommon (http://www.incommonfederation.org), the federation
formed by the Internet2 community in the United States, InQueue (http:
//inqueue.internet2.edu/) for sites wishing to test and explore the
Shibboleth federated trust model, the SWITCHaai federation of the higher
education system in Switzerland (http://www.switch.ch/aai/), the HAKA
federation developed by the Finnish universities and polytechnics (http:
//www.csc.i /suomi/funet/middleware/english/), with more in the pipe-
line such as the Meta Access Management System (MAMS) in Australia
(https://mams.melcoe.mq.edu.au/zope/mams/kb/shibboleth/). In 2006,
the UK established the UK Access Management Federation for Education
and Research (http://www.ukfederation.org.uk). Through the UK Feder-
ation common access to a wide range of resources is now possible covering
a wide spectrum of the research community, from the arts, social sciences,
and education, to the physical, engineering, and life sciences.
To understand the impact of Shibboleth technologies on grid security, it
is i rst necessary to appreciate the interactions that typically arise with
Shibboleth and Grid Security
Search WWH ::
Custom Search