Digital Diversity: Multi-institutional Access to

Distributed Course Resources

Barry RibbeckUT HSC - Houston

Copyright Statement

Copyright Barry Ribbeck, 2004. This work is the intellectual property of the author.

Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright

appears on the reproduced materials and notice is given that the copying is by

permission of the author. To disseminate otherwise or to republish requires written

permission from the author.

Blackboard Learning System

• Requirements– Shib 1.0 or greater*– Blackboard 6.0.11 or higher

• Support– Shibboleth will be fully supported as a custom

authentication option in Bb (currently in a limited Alpha release)

• Disclaimer– Limited support, tested only on Red Hat Linux and

Sun Solaris implementations

Connection Details

• User connecting to {shib(Bb)} is redirected to Wayf as expected • Target requires eppn and eduPersonEntitlement• If AA assertions are accepted, Bb remote user is populated with

eppn– BbShibbolethAuthModule gets the remote user and creates the

user object in BbLS• Can be extended via “Bb Advanced Data and Authentication Manual”• See next slide

• Bb can create user account in DB on login (User Account Generation on Gateway: Enable) or it can be created a priori

• Currently, course admin must add user to respective courses manually or in batch process *

* This assumes a particular database management model

Current Processes

• Join a Federation!• Get a list of eppns from remote site

authority for proper assignment into BB• Populate into BB course (can be done in

bulk)• Agree on assertion exchange for authZ• Agree on what to do with the data after the

course is completed

Yet to be done?Updated

• Standardization on value to populate remote user

• DONE! EPPN• A way to mix local and shib users by

redirection at portal by user choice or failover to Shib

• DONE! http://bb.uth.tmc.edu

Ongoing Work

• Standardized Course attributes in LDAP (see Mace Course ID work)

• Shibboleth protected Portals (EZ Proxy coming soon)

• Non-Web based shibboleth protected resources (Pen State LionShare, Napster, ShibIM)

• RBAC (see Mace Dir Group)• Just-in-time provisioning using asserted courseid

attributes from origin

Shibboleth and BlackboardHome University

Attribute Authority

Authentication System (ISO/SSO/Cert)

Handle Service

Resource Provider

SHIREAllow HomeU AA

SHAR

Resource Manager

Browser

FederationWAYF SERVICE

(IN COMMON)

1. I would like access?

3. Where are you from?

4. I am from HU, logged in?

ORIGIN TARGET

5. Authenticate me to HU

2. Can you authenticate via my Wayf ?

7. Need eppn & eduPersonEntitlemnt for X?

6. AuthN ok send handle X to Target

8. Link Handle X to user and Lookup attributes

RBAC Authorization

System - LDAP (eduperson)

9. Attributes found and Released

10. If ARP allows, attributes are sent to Target. If attributes are sufficient, access is granted by Resource Manager on Target

Bb

remoteuser=eppn auto acct generation = off

11 Logged onto Bb

Shib Software =

The Ever Risky Live Demo

• http://bb.uth.tmc.edu

Acknowledgments

A Word from the Sponsors

• National Science Foundation Middleware Initiative (NMI)

• Enterprise and Desktop Integration Technologies Consortium (NMI-EDIT)– Internet2, EDUCAUSE, and SURA– Project Goals

• Create a common, persistent and robust core middleware infrastructure for the R&E community

• Provide tools and services in support of inter-institutional and inter-realm collaborations

NMI-EDIT Tutorials, Seminars, and Workshops

• EDUCAUSE Regional, Annual, and CUMREC Conferences– Look for the “sponsored by…”– Track and preconference seminars– March Regionals

• Western – Enterprise Directory Implementation seminar and track session on CSU’s Secure IdM Infrastructure

• NERCOMP – Shibboleth Deployment seminar and track session on Projects at Penn State

Tutorials, Seminars, and Workshops (cont.)

• 2004 CAMPs– June 28-July 2, Boulder, CO

• CAMP June 28-30 – Shibboleth Implementation

• Advanced CAMP June 30-July 2 – Authority Architectures

– November 15-29, San Diego• CAMP and Advanced CAMP

Websites

• Shibboleth – shibboleth.internet2.edu

• Internet2 Middleware Initiative– middleware.internet2.edu

• NMI-EDIT www.nmi-edit.org

• NSF Middleware Initiative– www.nsf-middleware.org

Email Lists

• EDUCAUSE Middleware Constituent Group– General discussion on middleware– http://www.educause.edu/cg/middleware.asp

• Shibboleth lists– Shibboleth users and announce lists– http://shibboleth.internet2.edu/shib-

misc.html#mailinglist

• NMI lists– Information about NMI releases, press

announcements, and upcoming events– http://www.nsf-middleware.org/participate.asp