• United States

What about Shibboleth?

Mar 22, 20041 min
Access ControlNetworking

This open source effort seems confined to research environments for now.

The Liberty Alliance’s standards aren’t the only federation specifications that leverage and extend Security Assertion Markup Language 1.x. Another SAML-based federated ID management environment, called Shibboleth, has taken root among higher education and research institutions involved in the Internet2 project. About 40 U.S. campuses participate in the Shibboleth ID federation environment, which lets them leverage local logons for secure but anonymous access to information resources hosted at other institutions.

The Shibboleth community has built its federation environment on the OpenSAML code base. However, the community has defined many extensions to enable user anonymity, privacy protection and other features not supported in the core SAML 1.x standard. The Shibboleth project, which began developing its federation architecture four years ago, provides its code base on an open source basis. The project is entirely separate from the Organization for the Advancement of Structured Information Standards’ Security Services Technical Committee (which defines SAML) and the Liberty Alliance. Unlike SAML and Liberty, there are no commercial products or services that implement the Shibboleth code base or specifications.

– James Kobielus