New major release of free open source federated identity solution adds user consent capability and support for Central Authorisation Service protocol.
The research and education community is set to benefit from an upgrade to a free open source software system that will help them better deliver access and identity management services.
The Shibboleth Consortium — a collaborative group of international research and education organisations — has released version three of the Shibboleth identity provider, its free open source software that enables secure web single sign-on. Institutions are able to use the software to enable learners and researchers to safely access library resources, databases and collaboration tools using only one log-in, doing away with the need to set up new accounts as they move between locations.
Developed following extensive consultation with the community, the new release offers significant functional and security enhancements, including user consent and on-demand metadata lookup. It also supports the Central Authentication Service (CAS), the internationally-recognised single sign-on protocol used by many universities and research organisations.
Shibboleth is among the world’s most widely deployed federated identity solutions, providing single sign-on capabilities and individual access to protected online resources, in a privacy-preserving manner.
The Shibboleth Consortium funds the ongoing development, support and maintenance of the software, keeping every component of the Shibboleth system free to use. The two principal members are Internet2 in the US and Jisc in the UK. Jisc also acts as consortium operator, managing the day-to-day running of the group.
Shelton Waggener, senior vice president at Internet2 and chair of the consortium board, said:
“This new release comes with many new features requested by the broad international community that uses Shibboleth to make informed access decisions and protect their online resources. We are grateful for the tremendous collaboration in developing this important new release.”
Josh Howlett, head of trust and identity at Jisc, said:
“Seamless and secure access to systems and services is paramount to the continued health of the education and research sector, which makes Shibboleth a vital tool in delivering effective access and identity management services.
The latest release has been developed for the community, by the community, listening to their feedback to ensure the software truly meets their needs, both now and in the future. We will continue to work with the consortium to ensure this remains to be the case.”
The new features and functionality include:
- User notification, including the ability to present an individual with a list of the attributes the service is requesting that allows them to confirm that they wish to proceed. Permissions can be granted directly through the browser, so there is no need to set up and manage a database. Such mechanisms can also help organisations to meet regulations, for example, requirements for user notification under EU law
- Support for CAS protocol, enabling organisations to use just one identity provider software package for transactions with both on-campus CAS, and on- and off-campus Security Assertion Markup Language (SAML) protected services
- Ability to support multiple algorithms for signing and encryption simultaneously, allowing organisations to increase the security of their transactions without compromising compatibility with older systems
- Built-in next generation federation features such as the emerging Metadata Query Protocol, which is replacing the need to compile ever-larger metadata aggregates through on-demand metadata lookup
- Support for internationalising user interface and error messages
Originally released in 2003, the growth of cloud services has led to an increase in the deployment of Shibboleth worldwide as a core component of campus identity and access management.
Shibboleth version 3 will come to replace previous versions. The consortium urges deployers to plan their upgrade now to take advantage of the security and functional improvements and ensure they are fully compliant before the discontinuation of support for Version 2.4, expected later this year.
For more information on Shibboleth visit www.shibboleth.net or contact Justin Knight, Sibboleth Consortium manager at Jisc justin.knight@jisc.ac.uk.
» more
No comments:
Post a Comment