Questions to Consider before Migrating from ISIS to Shibboleth
Before migrating your application, please ask yourself these questions and try to answer as many as possible. This will help ensure a smooth migration.
Questions to Consider
Is my platform supported?
Shibboleth provides modules for Apache and IIS. Please consult Internet2's systems requirements.
If your application runs on a platform not mentioned, please contact us.
Have I read and understood Shibboleth requirements?
Please refer to our Shibboleth system requirements.
How much time will this take?
- Refer time to take for time related to non-code factors.
- See question "what code changes will I need to make?" on expected changes for time related to code changes.
What kind of change will I need to make in my application?
See expected changes.
Moving to Shibboleth means adhering strictly to university privacy policies. This may mean that you will need to apply for access to data before getting user attributes. Be prepared. Conversely, Shibboleth will, over time, offer more and more user attributes for authorization purposes. Now is a good time to perform a needs analysis for user data.
One of the major differences between ISIS and Shibboleth is that ISIS provides a fixed set of user attributes to all applications while Shibboleth is able to flexibly return any number of attributes, and be able to control the release of those attributes in a very granular fashion. That's why you may want to review your application's user data needs.
Once you have determined your user data needs, you'll have to request for data from different data owners. This may take time.
How many of my applications will I migrate now? How much traffic do these applications generate?
It's important to know how much your application generates because that information is very useful for the purpose of monitoring the server's performances.
Who uses the application I am migrating?
If your users are mainly from within the UCLA community, it's very likely you can choose the bilateral mode. If a significant amount of your users are from other colleges, the federated mode will be a good choice.
Will my application accept the UCLA Logon ID?
All applications running with Shibboleth have to accept the UCLA Logon ID. If your application doesn't accept it for now, please contact us.
Do I want to wait for Shibboleth 2.0?
We are running Shibboleth 1.3. We expect Shibboleth 2.0 to be released in August of 2008. Shibboleth 2.0 will provide some significant new features and will require some more configuration considerations. We will provide more information when it's available.