digital diversity: multi- institutional access to distributed course resources barry ribbeck ut hsc...
TRANSCRIPT
Digital Diversity: Multi-institutional Access to
Distributed Course Resources
Barry RibbeckUT HSC - Houston
Copyright Statement
Copyright Barry Ribbeck, 2004. This work is the intellectual property of the author.
Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright
appears on the reproduced materials and notice is given that the copying is by
permission of the author. To disseminate otherwise or to republish requires written
permission from the author.
Blackboard Learning System
• Requirements– Shib 1.0 or greater*– Blackboard 6.0.11 or higher
• Support– Shibboleth will be fully supported as a custom
authentication option in Bb (currently in a limited Alpha release)
• Disclaimer– Limited support, tested only on Red Hat Linux and
Sun Solaris implementations
Connection Details
• User connecting to {shib(Bb)} is redirected to Wayf as expected • Target requires eppn and eduPersonEntitlement• If AA assertions are accepted, Bb remote user is populated with
eppn– BbShibbolethAuthModule gets the remote user and creates the
user object in BbLS• Can be extended via “Bb Advanced Data and Authentication Manual”• See next slide
• Bb can create user account in DB on login (User Account Generation on Gateway: Enable) or it can be created a priori
• Currently, course admin must add user to respective courses manually or in batch process *
* This assumes a particular database management model
Current Processes
• Join a Federation!• Get a list of eppns from remote site
authority for proper assignment into BB• Populate into BB course (can be done in
bulk)• Agree on assertion exchange for authZ• Agree on what to do with the data after the
course is completed
Yet to be done?Updated
• Standardization on value to populate remote user
• DONE! EPPN• A way to mix local and shib users by
redirection at portal by user choice or failover to Shib
• DONE! http://bb.uth.tmc.edu
Ongoing Work
• Standardized Course attributes in LDAP (see Mace Course ID work)
• Shibboleth protected Portals (EZ Proxy coming soon)
• Non-Web based shibboleth protected resources (Pen State LionShare, Napster, ShibIM)
• RBAC (see Mace Dir Group)• Just-in-time provisioning using asserted courseid
attributes from origin
Shibboleth and BlackboardHome University
Attribute Authority
Authentication System (ISO/SSO/Cert)
Handle Service
Resource Provider
SHIREAllow HomeU AA
SHAR
Resource Manager
Browser
FederationWAYF SERVICE
(IN COMMON)
1. I would like access?
3. Where are you from?
4. I am from HU, logged in?
ORIGIN TARGET
5. Authenticate me to HU
2. Can you authenticate via my Wayf ?
7. Need eppn & eduPersonEntitlemnt for X?
6. AuthN ok send handle X to Target
8. Link Handle X to user and Lookup attributes
RBAC Authorization
System - LDAP (eduperson)
9. Attributes found and Released
10. If ARP allows, attributes are sent to Target. If attributes are sufficient, access is granted by Resource Manager on Target
Bb
remoteuser=eppn auto acct generation = off
11 Logged onto Bb
Shib Software =
The Ever Risky Live Demo
• http://bb.uth.tmc.edu
Acknowledgments
A Word from the Sponsors
• National Science Foundation Middleware Initiative (NMI)
• Enterprise and Desktop Integration Technologies Consortium (NMI-EDIT)– Internet2, EDUCAUSE, and SURA– Project Goals
• Create a common, persistent and robust core middleware infrastructure for the R&E community
• Provide tools and services in support of inter-institutional and inter-realm collaborations
NMI-EDIT Tutorials, Seminars, and Workshops
• EDUCAUSE Regional, Annual, and CUMREC Conferences– Look for the “sponsored by…”– Track and preconference seminars– March Regionals
• Western – Enterprise Directory Implementation seminar and track session on CSU’s Secure IdM Infrastructure
• NERCOMP – Shibboleth Deployment seminar and track session on Projects at Penn State
Tutorials, Seminars, and Workshops (cont.)
• 2004 CAMPs– June 28-July 2, Boulder, CO
• CAMP June 28-30 – Shibboleth Implementation
• Advanced CAMP June 30-July 2 – Authority Architectures
– November 15-29, San Diego• CAMP and Advanced CAMP
Websites
• Shibboleth – shibboleth.internet2.edu
• Internet2 Middleware Initiative– middleware.internet2.edu
• NMI-EDIT www.nmi-edit.org
• NSF Middleware Initiative– www.nsf-middleware.org
Email Lists
• EDUCAUSE Middleware Constituent Group– General discussion on middleware– http://www.educause.edu/cg/middleware.asp
• Shibboleth lists– Shibboleth users and announce lists– http://shibboleth.internet2.edu/shib-
misc.html#mailinglist
• NMI lists– Information about NMI releases, press
announcements, and upcoming events– http://www.nsf-middleware.org/participate.asp