Hello Ranbir,
Just for completeness JISCmail is currently hosting two SHIBBOLETH
lists, both relatively new. JISC-SHIBBOLETH that John referred to and
JISC-SHIBBOLETH-ANNOUNCE.
Regards Penny
JISCmail Manager
JISC-SHIBBOLETH-ANNOUNCE
This list is used for posting announcements regarding the introduction
of a Shibboleth-based authentication and authorisation system within the
UK's higher and further education and research communities.
JISC-SHIBBOLETH
This list is used for general discussion regarding the introduction of a
Shibboleth-based authentication and authorisation system within the UK's
higher and further education and research communities.
-----Original Message-----
From: Discussion list for Shibboleth developments
[mailto:[log in to unmask]] On Behalf Of Paschoud,J
Sent: 21 April 2005 02:53
To: [log in to unmask]
Subject: Re: Shibboleth Questions, from a programmer not a Network
Administrator
Ranbir,
UK implementors of Shibboleth for Education applications should also use
the JISC-SHIBBOLETH list on JISCmail (homepage at
http://www.jiscmail.ac.uk/cgi-bin/webadmin?A0=JISC-SHIBBOLETH - but
it's pretty empty as yet!).
JISC is funding various support services, including a Middleware
Assisted Takeup Service, operated by Eduserv. I'm sure they're
mnitoring both JISC-SHIBBOLETH and SHIBBOLETH-USERS, and can offer help
with all the questions you're asking.
John
--
John Paschoud
Projects Manager & InfoSystems Engineer
LSE Library
-----Original Message-----
From: Steven Carmody [mailto:[log in to unmask]]
Sent: Thu 21/04/2005 02:35
To: [log in to unmask]
Cc: [log in to unmask]
Subject: Re: Article to be approved for shibboleth-announce
go here:
https://mail.internet2.edu/wws/lists/middleware
join the shibboleth-users mailing list, and post your question
to that list.
[log in to unmask] wrote:
> To distribute the attached message in list
shibboleth-announce:
>
mailto:[log in to unmask]
e73efdb6f78347226e7f98a94aa754
> Or send a message to [log in to unmask] with the following
subject :
> DISTRIBUTE shibboleth-announce
72e73efdb6f78347226e7f98a94aa754
>
> To reject it (it will be removed):
>
mailto:[log in to unmask]
fdb6f78347226e7f98a94aa754
> Or send a message to [log in to unmask] with the following
subject :
> REJECT shibboleth-announce 72e73efdb6f78347226e7f98a94aa754
>
>
>
------------------------------------------------------------------------
>
> Subject:
> Shibboleth Questions, from a programmer not a Network
Administrator
> From:
> [log in to unmask]
> Date:
> Wed, 20 Apr 2005 17:44:42 -0400 (EDT)
> To:
> [log in to unmask]
>
> To:
> [log in to unmask]
>
>
>>Dear Shibboleth'ier
>>
>>I am only just beginning to get to grips with the Shibboleth
architecture and wish to set-up demo Origin, WAYF and Target servers in
order to better understand the technology and, depending on my success,
to deploy Shibboleth to manage access to the educational resources held
by us. However, the more I read, the more I seem to realise that
implementation of Shibboleth does not seem a trivial task. Following my
initial research I have grasped the basic ideas behind Shibboleth but
there are a series of questions to which I seem unable to find answers
to. I have listed these questions below, and hope you can answer them
for me before I proceed to implement my own test Origin, WAYF and Target
servers.
>>
>>Questions.
>>
>>1) Can Shibboleth be set-up as part of an internal network? or
do I have to set-up public facing servers for Shibboleth to work
correctly?
>>
>>2) Are the Origin server, WAYF server and Target server all
web servers? and if so, can I use IIS as the platform web-server for all
three, as this would be our preferred choice?
>>
>>3) Is it possible to configure the Target/Resource server such
that only an authorised user can see parts of lists of resources? E.g.
Lets say we have a list of 100 resources of which 25 are for staff only.
Can the list of resources be displayed such that after a user has logged
in as a member of staff, their list only contains the 25 items they have
access to, with the remaining 75 items not shown to them at all.
>>
>>4) How do I authenticate a user at the Origin? Is it done by
querying a database of authorised users, a CSV, a spreadsheet, reading a
text file or an internal xml file... etc? Does the Shibboleth Origin
have its own database, or user list, so that an external database is not
required?. Once authorisation has taken place, in what format do I send
the information back to Target site; xml, csv, url variable?
>>
>>5) Does the Shibboleth Target require a
database/CSV/spreadsheet etc of the files we wish to protect, together
with their 'access level'? Can Shibboleth protect individual files or
does Shibboleth protect the contents of individual folders?
>>
>>6) Do the Shibboleth Origin and Target contain their own
internal databases for storage of user authentication details (origin)
and file access information (target).
>>
>>7) Can a Shibboleth system be set up without the need for a
WAYF server?, If so, how do I bypass the WAYF?
>>
>>8) Does Shibboleth require at least 3 separate servers; one
each for the Origin, Target and WAYF respectively or can the Target,
Origin and WAYF (if required) be set up to run on the same server so
that user authentication prior access to our resources can be done on
one IIS web server.
>>
>>9) Are there any Shibboleth GUI's to help with the Origin and
Target server configurations? If so, where can I obtain them?
>>
>>Regards
>>
>>Ranbir Sagoo
>>
>>Development Team
>>Netmedia Education
>>Oldbury
>>West Midlands
>>England
>>UK
>
>
|