IT Services will migrate spaces.ais.ucla.edu content to the Atlassian Confluence Cloud. Spaces will be in read-only mode after June 22nd.
...
- The Burton Group did a study of identity management for UCD in 2006; they are going forward with selected recommendations and increasing the emphasis on Health System issues.
- The campus is looking at various implementation issues as they migrate from their legacy system.
- The Health System didn't get much attention in the Burton Group study.
- Most application do their own identity management.
- They have mainframe and lost of Windows and Citrix. There aren't very many web applications, so Shibboleth isn't a major driver.
- The campus and Health System are merging their Active Directory forests.
- Next steps are to identify resource needs and to educate departments.
Shibboleth 2.0
Tom Poage and Matt Elder gave an overview of the 2.0 release of Shibboleth.
- Shibboleth 2.0 uses SAML 2.0, so it should be much more compatible with commercial SAML implementations. Liberty Alliance, Google Apps for Education, Cardspace, and ADFS have been tested.
- Installation has been simplified, particularly for IIS. There is no upgrader from Shibboleth 1.3, however; the differences are too fundamental.
- New IdP features
- The installation process now automatically generates keys, certificate requests, metadata, etc.
- The attribute resolver and filtering are now more flexible.
- The IdP can now be integrated in JAAS, the Java Authentication and Authorization Service, rather than using the REMOTE_USER web server environment variable.
- New SP features
- The installation process now automatically generates keys, certificate requests, metadata, etc.
- Also, there is a standard URL that can be used to harvest an SP's metadata.
- Metadata can be filtered.
- There is support for protocols other than SAML 2.0
- There is better support for clustering.
- The installation process now automatically generates keys, certificate requests, metadata, etc.
- Discovery services (i.e., WAYF) can now be chained, and SPs can provide their own discovery services, based on metadata.
- Manageability
- Much of the metadata can be updated without a restart.
- The protocol has been simplified. It no longer requires a "call-back" for attributes. This should help with firewall interactions.
- Single Logout has been implemented, but there still a lot of issues.
- Benefits for UC
- Broader commercial support for SAML 2.0