Identity Future

Marc Canter leapt to OpenID’s defense against Michal Migurski’s criticism.

…there are those who think we DON’T need anything more than simple single sign-on. In fact I had lunch with the CEO of SixApart (Barak Berkowitz) who said Brad Fitzpatrick is fairly skeptical of anything beyond his original simple scenario.

But, says Canter, “we need the attribute exchange to make this thing really take off.”

Then all the skeptics will realize that the authentication layer HAD to come first - but was just a first step. Along the way we’ll figure out standards for user intrerface and usage flow.

But for now - the critics are right - OpenID as it stands right now is just authentication and that ain’t gonna rock nobodies world - except for Bard Fitzpatrick’s world - I guess.

attribute exchange, authentication, evolution, marc canter, openid, single sign-on, sso

Educause is hosting CAMP Shibboleth: Enabling Campus and Federated Single Sign-On on June 26–28, 2006 in at the Wyndham Burlington, in Burlington, Vermont.

Unsure about what the Shibboleth System is about and how it can be used in production on your campus? Looking for a Web single sign-on package that can be used both for local applications and in federated environments?

Internet2’s Shibboleth is being deployed nationally and internationally to solve real-world problems associated with intra- and interinstitutional authentication and authorization. For Web-based access control, it leverages campus identity and access management infrastructures to authenticate individuals and then sends information about them to the resource site, enabling the resource provider to make an informed authorization decision.

Many consider the Shibboleth System to be federating software, which it is; however, more and more campuses are asking what value they get, if any, from deploying separate intra- and intercampus single sign-on systems. Increasingly, these campuses are deploying Shibboleth for both purposes. It’s a tool that enables Web authentication and provides authorization information for applications and services, independent of who’s offering them.

This CAMP will offer concrete practice and real-world experience from institutions running Shibboleth in production for controlling access to both on and off-campus services. Featured in this workshop will be an Application Showcase where campuses and vendors will demonstrate the Shibboleth System in action.

Both IT management and technical staff will find sessions of interest on the program and guidance for running Shibboleth in production. Participants will:

CAMP Shibboleth: Enabling Campus and Federated Single Sign-On, June 26-28 in Burlington, Vermont, will give you the opportunity to:

• Learn strategies for managing identity and privilege information used by the Shibboleth System
• Understand the management issues involved in running a Shibboleth-enabled learning management system
• Discover Shibboleth’s value as a campus Web sign-on package
• Learn about SAML 2.0, the mechanism that carries the identity information
• Find out the questions you should ask your information/library vendors about SAML and Shibboleth System support
• Hear practical advice for running the Shibboleth System on server clusters

Participants are encouraged to have a sound knowledge of IdM to learn the most from the sessions. Those interested in knowing more about IdM can review the Enterprise Directory and Authentication Implementation roadmaps.

camp, educause, identity, identity management, idm, middleware, nmi-edit, saml, shibboleth, single-sign on, sso

A concise Single Sign-On definition from NoSheep.net:

Single Sign-On:
One userid, one password, entered one time, with passage allowed from one system to another without interruption

Sometimes there is debate over the meaning of the term, I accept this definition as true, and all further references I make henceforth will be based off this.

definition, identity management, integration, single sign on, sso