Internet2 Spring 2009: Shibboleth Working Group

Sessions at the Internet2 Shibboleth Working Group are now underway in Arlington.

First up is Russell Beall, presenting on the use of Terracotta for clustering IdPs for high availability. I won’t say much about this now as it is well described here. The presentation is also available online and describes the process well. Given that I have heard quite a few comments on IdPs in the UK falling over lately, it may be of interest!

Major changes and features in Shib2.2 are next, and these are described on the Spaces wiki. Scott Cantor believes that this will be the last major release of the SP for quite some time, and is working towards a June release date.

Two developments within the IdP that may be of interest:

  • “uPortal” n-tier delegation support. More on this tomorrow!
  • The uApprove work will be of interest to those looking at user consent. This shows users to see the information that is being sent to the Service Provider and allows them to make decisions on whether that information should be released. Users can also be prompted to accept a ‘terms of use’ statement. This is available as an IdP plugin. There are some further developments to be done – such a providing user-friendly Service Provider names, rather than EntityIDs. There is also the ability to allow IdPs to create blanket rules around attributes that should never be released to external SPs. The uApprove log maintains an audit trail to prove that users approved the release or non-release of information.

The 2.3 of Shibboleth ‘may’ include back-channel single logout, more intelligent installation and configuration tools, real-time metadata generation, clustering solution based on HA-Shib, SPNEGO Authentication.