Say Now Shibboleth
Posted by admin on May 4th, 2007
There has been some confusion over the use of the word ‘Shibboleth’ in relation to federated access management within the UK, so I thought I would spend a Friday afternoon looking at some of the complexities and also providing some lighter anecodotes around the S word.
There are many factual and not-so-factual explanations of the origins of Shibboleth. In my collection:
- President Bartlet explains Shibboleth to his staff in an episode of the West Wing.
- Wikipedia interprets Shibboleth.
- Shibboleth explained in lego.
There has been concern in the UK about the implications of the biblical implications of the name…and I think it is fair to say that the definition of Shibboleth as ‘a password’ is more commonly accepted in the US and that defining the origin of the word is sometimes not very helpful! It is more important to explain that Shibboleth software is an implementation of the SAML standard and was created by Internet2.
There has also been some confusion over the fact that JISC has appeared to move away from talking about Shibboleth — so have we changed our position?
Since 2002, JISC has been looking at improving the functionality of access management solutions for the UK. The primary drivers were to find a solution that was a) based on open standards and b) met the requirements for single sign-on to internal, external and collaborative resources. After extensive testing through the AAA Programme, Shibboleth emerged as an appropriate technology because it is based on SAML and met all other requirements. At the time, Shibboleth was the only SAML based solution to fill this gap…so inevitably got a lot of attention during the Core Middleware Programmes, which put in place the foundations for the UK Access Management Federation.
As we have moved on to 2007, I am now happy to say that there are lots of solutions that are based on SAML. One of the great things about open standards is that they open the market and give consumers more choices and greater freedom to move between choices. So, we now prefer to refer to federated access management and SAML-based technologies. These include Shibboleth, AthensIM, and Guanxi, and other commercial solutions such as Novell i-Chain have the potential to interact with SAML systems. So please feel free to explore the rich potential of Shibboleth - but remember there are other options out there!
A few confusion busters:
- The UK Access Management Federation is physically built on Shibboleth technology as the WAYF and metadata infrastructures use Shibboleth. This does not mean you must have Shibboleth to interact.
- JISC is not replacing Athens with Shibboleth. JISC is moving from funding a single technology to promoting the use of open standards to achieve federated access management.
- The Athens technology is still available to purchase according to the cost model published by Eduserv.
- JISC is committed to funding interoperability between Athens and the UK federation until July 2008, and has projected costs for support for this requirement until July 2010.
If all of that is too much there is always Shibboleth Art and of course Shibboleth Music.