Educause Security Discussion mailing list archives
Re: Multiple campus SSO security requirements
From: Chris Green <cmgreen () UAB EDU>
Date: Mon, 3 Nov 2008 12:30:52 -0600
You should look at Shibboleth (http://shibboleth.internet2.edu/) and http://www.incommonfederation.org/ from I2. One design consideration is the minimizing the number of trusted places a user/key pair needs to be accepted so you can reduce exposure from a rouge application. The big trust issue is making sure you trust the processes and standards the other organization asserts. http://www.incommonfederation.org/docs/policies/incommonpop_20080208.htm l has the good insight into that processes. It’s also designed that you need to trust on a peer-to-peer level that someone’s practices are good enough to trust since identity processes are much different from place to place. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Stewart, Ian Sent: Monday, November 03, 2008 12:16 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Multiple campus SSO security requirements Hello, We are considering multi-campus web-SSO system that allows an end-user to authenticate using their home campus LDAP account or another campus LDAP account they may hold Has anyone implemented such a system and how have you dealt with the trust issues between campuses that this creates? For example, each campus may have their upfront ID-issuing or vetting process reviewed by all the other campuses and an agreement signed before they are allowed to participate, as in a federation. Any thoughts on this issue would be welcome. Thanks, :: Ian Stewart, Manager of Identity Management :: University of Massachusetts :: 508.856.2069 Phone :: 508.864.0088 Mobile :: 508.856.4844 Fax :: istewart () umassp edu <mailto:istewart () umassp edu> 333 South St., Suite 400 ◦ Shrewsbury, MA 01545 ◦ www.massachusetts.edu <http://www.massachusetts.edu/>
Current thread:
- Multiple campus SSO security requirements Stewart, Ian (Nov 03)
- <Possible follow-ups>
- Re: Multiple campus SSO security requirements Chris Green (Nov 03)
- Re: Multiple campus SSO security requirements Sarah Stevens (Nov 03)
- Re: Multiple campus SSO security requirements Greg Vickers (Nov 03)
- Re: Multiple campus SSO security requirements Steven Carmody (Nov 04)
- Re: Multiple campus SSO security requirements Stewart, Ian (Nov 04)
- Re: Multiple campus SSO security requirements David Walker (Nov 04)
- Re: Multiple campus SSO security requirements Stewart, Ian (Nov 04)
- Re: Multiple campus SSO security requirements David Walker (Nov 05)