2005 © SWITCH

Outlook to 2006

The SWITCHaai Team, <aai@switch.ch>

2005 © SWITCH 2AAI Inf o-Day , 29 Nov 2005, Berne

1. AAI at Universities of Applied Sciences

Current Status: So far, just ZHW is a SWITCHaai federation member

Process to apply for subsidies(50% federal funds / 50% matching funds):

1. Submit projects to SWITCH according to the “Project Guide”2. Technical approval by SWITCH3. Formal approval by FID

2005 © SWITCH 3AAI Inf o-Day , 29 Nov 2005, Berne

2. Digital Library Contents

Use Case A: Access to publisherscommercial content providers such as Elsevier, EBSCO, etc.

Use Case B: Access to e-library portalsmeta-search, databases, URL-resolver, personalisation (central systems,e.g. operated by a consortium)

Use Case C: Access to loan systemsregistration of university users in the loan system of “their” library,inter-library loan

Use Case D: Ordering document deliveryordering articles by e-mail (scanned), ordering photocopies

Use Case E: Publishing the own documents of a universitywhere uploading, approving and reading is restricted

2005 © SWITCH 4AAI Inf o-Day , 29 Nov 2005, Berne

Use Case A: Shibboleth Access to PublishersWhere are we today?

In developmentOVIDIn developmentCSA

…

Pilot with US federationEBSCO

In developmentThomson GaleIn developmentProQuestPrototype in the USJSTORPrototype for OCLC FirstSearchOCLC

In production with some US universities;Test with SWITCHaai before end of 2005

Elsevier ScienceDirectStatus of “shibbolization”Publisher

2005 © SWITCH 5AAI Inf o-Day , 29 Nov 2005, Berne

3. AAAI (A3I) Timeline

2005

PilotStudy

Goal is to elaborate: Accounting Requirements AAAI Architectural Model Candidates for Prototypes

2006 2007

Evaluation

2005 © SWITCH 6AAI Inf o-Day , 29 Nov 2005, Berne

A3I Architecture

M = MeteringC = CollectingR = Reporting

University A

Library B

University C

Service ProviderIdentity Provider AAI

Web Mail

e-Learning X

e-Learning Y

e-Journal

Research-DB

e-Learning Z

AuthorizationUser AdministrationAuthentication Resource Accounting

M

M

M

M

M

M

C

C

C

C

C

R

R

R

R

R

CR

M

2005 © SWITCH 7AAI Inf o-Day , 29 Nov 2005, Berne

4. Inter-federation approaches

Multi-federation support is part of current Shibboleth 1.3

Inter-federation is not only a technical problem How to federate trust beyond federations? Common policies across federations?

Interim approach Single SP of another federation can be integrated as Federation Partner Single IdP of another federation can have bilateral agreements with one or

more SPs

Federating AAIs is a work item of GÉANT2-JRA5 SWITCH will participate in the pilot with the test federation

2005 © SWITCH 8AAI Inf o-Day , 29 Nov 2005, Berne

5. SAML 2.0 & Shibboleth 2.0

Today we use OpenSAML 1.1 and Shibboleth 1.3

SAML 2.0 was finalized in March 2005 We already use the SAML 2.0 metadata format with Shibboleth 1.3

OpenSAML 2.0 implementation in the works – Java & C++

Shibboleth 2.0 to follow in 2006

Intended to be compatible with Shibboleth 1.2 & 1.3

In the mean time, e.g. work on Active Directory Federation Services(ADFS) extension for Shibboleth 1.3 SP

Single Log Out (SLO) is a new feature of SAML 2.0

SAML = Security Assertion Markup Language

2005 © SWITCH 9AAI Inf o-Day , 29 Nov 2005, Berne

6. Non-browser applications

GridShib a project funded by NSF Middleware Initiative

Use Grid identity for Shibboleth transactions

SWITCH proposal for EGEE2 Use Shibboleth identity for Grid activities

Web Services Limited possibilities with Shibboleth 1.3

Network Access using AAI A work item of GÉANT-JRA5

2005 © SWITCH

How to get involved

2005 © SWITCH 11AAI Inf o-Day , 29 Nov 2005, Berne

Building an Identity Provider

Interested in buildingan Identity Provider ?

IntegrateUser Directories

Jump StartService

Talk to use.g. <aai@switch.ch>

CentralizedUser

Directoryin Place ?

no

yes

no

Operate ShibbolethServer inhouse

Want tooperateIdentityProvider

inhouse ?

yes

http://www.switch.ch/aai/tech/

2005 © SWITCH 12AAI Inf o-Day , 29 Nov 2005, Berne

„Shibbolizing“ a Resource

Interested in“Shibbolizing” a

Resource

UserCommunitycovered?

yes

no

Talk to use.g. <aai@switch.ch>

and checkhttp://www.switch.ch/

aai/tech/

Make Use ofVirtual HomeOrganization

Approachfor “other”

users

ImplementLocal Login

Shibbolize Resourceaccording to Guides

2005 © SWITCH 13AAI Inf o-Day , 29 Nov 2005, Berne

Our Support and Services

http://www.switch.ch/aai aai@switch.ch 01 268 15 05 On-site presentation of the AAI project A couple of days on-site support for integrating resources Virtual Home Organization Service Jump Start Service

2005 © SWITCH 14AAI Inf o-Day , 29 Nov 2005, Berne

Further Information

SWITCHaai Website:http://www.switch.ch/aai

Shibboleth:http://shibboleth.internet2.edu/

Shibboleth Demo:http://www.switch.ch/aai/demo

Attribute Specification:http://www.switch.ch/aai/docs/AAI_Attr_Specs.pdf

2005 © SWITCH 15AAI Inf o-Day , 29 Nov 2005, Berne

Feedback/Suggestions welcome!

Please fill out the Feedback Form before you leave!

2005 © SWITCH 16AAI Inf o-Day , 29 Nov 2005, Berne

Questions ?

Q & A

http://www.switch.ch/aai

aai@switch.ch