Shibboleth & grid computing

Seib, Broc bseib at purdue.edu
Mon Jun 20 13:49:30 PDT 2005


Hi Brad, Paul, et al., 

Have you seen shibboleth? (At least to steal some good ideas?)

My nutshell conceptualization of Shibboleth: It allows a person to
authenticate against their "homebase". Then a third party can make
"assertions" of that person's attributes against their homebase. (A
great many details I do not yet understand.) There is version used for
web single signon now, but I think in the works is a more generic,
non-web specific implementation.

The shibboleth architecture gets closer to my own wishlist -- where the
user has the benefit of controlling their degree of anonymity and
privacy while minimizing repeated authentications. Your identity merely
has attributes which third parties can request or assert.

This OpenID topic interests me in the world of grid computing, where
"virtual organizations" cross many real organizational boundaries. Here
we wish to allow people to access to computing resources using existing
(decentralized) identities, and letting organizations use existing
authentication systems they already have in place. Naturally, security
cannot be "casual"; you really want to know who is using your computing
resources. Thus I like the idea of degrees of attributes available that
a third party can assert/request. The more I need to trust you, the more
specific attributes you should offer and be verifiable. I have more
thoughts on this, though I think it probably veers from the scope of
your project.

Thought I'd offer my $0.02. :-)
-broc


More information about the yadis mailing list