• About ET
• Initiatives
• Publications
• Search

---

Shibboleth

Description

Shibboleth is an Internet2 middleware initiative designed to provide federated access management between Web-based resources, with an emphasis on security, scalability, and privacy.

The Shibboleth framework is built on several industry and higher education standards including:

• SAML (Security Assertion Markup Language) - SAML, developed by OASIS is an XML-based format for describing user attributes between disparate security realms. The SAML assertions themselves are cryptographically signed by x.509 certificates to ensure data integrity when used in Shibboleth.
• EduPerson - A Lightweight Directory Access Protocol (LDAP) schema developed by Educause to provide a common way for higher education institutions to store attributes about their users.

The initial Shibboleth pilot project was conducted with North Carolina State University's WebAssign program -- a Web-based resource used by physics students at this institution. Prior to Shibboleth, WebAssign required its users to have a separate userid and password on his/her system. Shibboleth allows Penn State students to authenticate into Penn State's "Shibboleth Origin Server," which asserts his/her identity and other attributes to WebAssign's "Shibboleth Target Server".

The pilot with WebAssign began with a handful of students during the last few weeks of the summer 2002 semester. The pilot was expanded for the fall 2002 semester to include 400+ students, and during spring 2003 it was further expanded to include all students from Penn State who needed to access WebAssign (1800 students). Since its implementation, calls to the ITS Help Desk regarding WebAssign have decreased by 80%, primarily because Shibboleth removes the need for a student to remember two separate userids and passwords. Future plans for this pilot include dynamic creation of accounts at WebAssign to further automate the process.

Pilot projects also began with two library content vendors, JSTOR and OCLC. The JSTOR pilot began at the close of the spring 2003 semester, while the OCLC pilot is scheduled to begin during summer 2003.

Publications

Shibboleth Links University to North Carolina State University:
http://www.psu.edu/ur/archives/intercom_2002/Nov21/shibboleth.html
Seeking Additional Security After a Big Theft, JSTOR Tests Internet2's Shibboleth:
http://chronicle.com/cgi2-bin/printable.cgi?article=http://chronicle.com/free/2003/03/2003032101t.htm
Scott Cantor:
http://middleware.internet2.edu/pki03/presentations/Shibboleth-PKI2.pdf
Mark Earnest:
http://www.personal.psu.edu/mxe20/internet2/

Resources

Shibboleth
SAML
eduPerson
WebAssign
JSTOR
OCLC

Primary ET Contact

Administrative: Renee Shuey, RShuey@psu.edu
Technical: Derek Morr, dvm105@psu.edu

Collaborators

Applied Information Technologies (AIT) in ASET, and Digital Library Technologies (DLT), units of ITS; The Department of Physics in the Eberly College of Science.

Expected Deliverable(s)

Pilot project described above.

Level of ET Involvement

Very active role as principal investigator and facilitator for deployment. ET staff dedicate significant resources to the Shibboleth 2.0 development initiative.

Initiative Start Date

August 2002