Replies to This Forum

Permalink Reply by Ritesh Pant on November 28, 2010 at 20:32

Thanks to explain in this manner. Now I can never forget the term shibboleth. I like very much below mention part of story:-

In the story, two Semitic tribes, the Ephraimites and the Gileadites, have a great battle. The Gileadites defeat the Ephraimites, and set up a blockade across the Jordan River to catch the fleeing Ephraimites who were trying to get back to their territory. The sentries asked each person who wanted to cross the river to say the word shibboleth. The Ephraimites, who had no sh sound in their language, pronounced the word with an s and were thereby unmasked as the enemy and slaughtered.
Thanks a lot.

• ▶ Reply

Permalink Reply by Jayshree Dave on November 28, 2010 at 17:00

The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.

The Shibboleth software implements widely used federated identity standards, principally OASIS' Security Assertion Markup Language (SAML), to provide a federated single sign-on and attribute exchange framework. Shibboleth also provides extended privacy functionality allowing the browser user and their home site to control the attributes released to each application. Using Shibboleth-enabled access simplifies management of identity and permissions for organizations supporting users and applications. Shibboleth is developed in an open and participatory environment, is freely available, and is released under the Apache Software License.

What is Shibboleth and how does it work?
A user authenticates with his or her organizational credentials. The organization (or identity provider) passes the minimal identity information necessary to the service manager to enable an authorization decision.
There are two primary parts to the Shibboleth system:

1.Identity Provider - the software run by an organization with users wishing to access a restricted service;
2.Service Provider - the software run by the provider managing the restricted service.
Shibboleth leverages the organization’s identity and access management system, so that the individual’s relationship with the institution determines access rights to services that are hosted both on- and off-campus. For a series of technical explanations of how Shibboleth works, from easy to expert, refer to the SWITCH Federation site.

Implementation Options
Organizational Single Sign-on System Shibboleth is growing in popularity as a web single sign-on system, able to address both on- and off-campus web authentication.
Controlled Information Release In addition to providing single sign-on functionality, Shibboleth can help control access to either campus-based or licensed resources. Working with your identity management systems, Shibboleth will release the information your service partners need to authorize actions or customize the user’s experience. This reduces the need for developers to have access to the directory and instead provides fresh data, just-in-time. This can be implemented on- and off-site.
Federated Access Virtual Identity Provider An organization can manage virtual versions of identity provider software for other institutions. One installation can act as if it is supporting multiple organizations. From end-user perspectives, it looks as if their schools are hosting the software.

• ▶ Reply